目录
再次查看elasticsearch.yml配置 (多了xpack安全认证)
Elasticsearch8与7版本的区别
- 新版本采用JDK17 ,并默认包含,也提供了兼容jdk8的版本
- ES8中废除了type的概念
- ES8中默认开启安全认证的
- 提供了同步和异步API
- 提供了EQL(事件查询语句 )
- 在ES6.3以后就支持了SQL操作,Kibana中我们使用的是DSL
- ES提供了实用lambda的相关API
ES8.8.2安装
下载安装包
wget https://www.elastic.co/downloads/past-releases/elasticsearch-8-8-2解压安装包
tar -zxvf 安装包创建用户
useradd -d /home/elk -m elk
echo '123@qwe'|passwd elk --stdin
创建ES数据目录和日志目录
mkdir /data/elk/elasticsearch/{data,log}
修改ES配置
vim elasticsearch.yml
cluster.name: my-application
node.name: node-1
path.data: /data/elk/elasticsearch/data
path.logs: /data/elk/elasticsearch/logs
network.host: 0.0.0.0
http.port: 9200首次启动(不要后台启动)
/home/elk/elasticsearch-8.8.1/config
cd /home/elk/elasticsearch-8.8.1/bin
./elasticsearch记录启动日志
Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
2j6qweqeRqnAnPGU61
ℹ️ HTTP CA certificate SHA-256 fingerprint:
09189c0bb24353451b32f603d509272d591sad123815b1233d7ae
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjguMSIsImFkciI6WyIxMC4yNTMuMTc3LjkyOjkyMDAiXSwiZmdyIjoiMDkxODljMGJiMjc4NDE4YTIyNjE4YjBlN2M5OGIzMmY2MDNkNTA5MjcyZDU5MWZiNzkwMDQzODE1YjY3ZDdhZSIsImtleSI6Im02ckE5WWdCUEJtZ2J3czVUWU14OjRUYVliMi1SUWFHSlVlRWJaYk5NUVEifQ==
ℹ️ Configure other nodes to join this cluster:
• Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjguMSIsImFkciI6WyIxMC4yNTMuMTc3LjkyOjkyMDAiXSwiZmdyIjoiMDkxODljMGJiMjc4NDE4YTIyNjE4YjBlN2M5OGIzMmY2MDNkNTA5MjcyZDU5MWZiNzkwMDQzODE1YjY3ZDdhZSIsImtleSI6Im1xckE5WWdCUEJtZ2J3czVUWU12Omt1aEdkVXAzUTA2LUpqOVNmMWkweEEifQ==
If you're running in Docker, copy the enrollment token and run:
`docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.8.2`
- 2j6qweqeRqnAnPGU61为ES默认密码
再次查看elasticsearch.yml配置 (多了xpack安全认证)
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.monitoring.collection.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["node-1"]配置文件多了certs目录
-rw-rw---- 1 elk elk 1915 6月 26 11:29 http_ca.crt
-rw-rw---- 1 elk elk 9997 6月 26 11:29 http.p12
-rw-rw---- 1 elk elk 5822 6月 26 11:29 transport.p12关闭elasticsearch服务,并后台启动
jps-l
kill -9 PID
./elasticsearch -d 初始化elasticsearch内置kibana用户密码
./elasticsearch-reset-password -u kibaina
浏览器访问https://172.16.0.1:9200,输入elastic密码2j6qweqeRqnAnPGU61:
安装kibana
修改配置文件
tar -zxvf kibana-8.8.1-linux-x86_64.tar.gz
cd kibana-8.8.1/config
- 拷贝es目录下certs文件夹到config下;
\cp -rf /home/elk/elasticsearch-8.8.1/config/certs ./
- 修改kibana.yml,取消以下注释并配置;
vim kibana.yml
server.port: 5601
server.host: "172.16.0.1"
elasticsearch.hosts: ["https://172.16.0.1:9200"]
elasticsearch.username: "kibana" # es内置用户;
elasticsearch.password: "pkRqnAnPGU61123" # es初始化的的密码;
elasticsearch.ssl.certificateAuthorities: [ "/home/elk/kibana-8.8.1/config/certs/http_ca.crt" ]
i18n.locale: "zh-CN"
- 启动kibana
cd /home/elk/kibana-8.8.1/
nohup ./bin/kibana &
- 访问http://172.16.0.1:5601/login,输入elastic密码2j6qweqeRqnAnPGU61:
扫一扫
1471
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
