ELKdockerelasticsearch7设置xpack账号密码之前写过⼀篇设置的,感觉不⼤对。
还是重新配置⼀下。
准备资料:elasticsearch7.1.1、kibana7.1.1镜像⽂件。
在docker下成功安装集。注意的是,所有的需要安装es相关的ELK版本都要⼀致,甚⾄es的插件版本也都是要⼀致
[root@localhost ~]# docker images
REPOSITORY                      TAG                IMAGE ID            CREATED            SIZE
192.168.89.132/third/logstash  7.1.1              b0cb1543380d        12 months ago      847MB
logstash                        7.1.1              b0cb1543380d        12 months ago      847MB
kibana                          7.1.1              67f17df6ca3e        12 months ago      746MB
elasticsearch                  7.1.1              b0e9f9f047e6        12 months ago      894MB
192.168.89.132/third/filebeat  7.1.1              0bd69a03e199        12 months ago      288MB
store/elastic/filebeat          7.1.1              0bd69a03e199        12 months ago      288MB
我这集3台服务器:
创建相应⽬录:
mkdir -p /home/soft/elasticsearch/config
mkdir -p /home/soft/elasticsearch/data/data04
mkdir -p /home/soft/elasticsearch/data/data05
mkdir -p /home/soft/elasticsearch/data/data06
mkdir -p /home/soft/elasticsearch/logs/logs04
mkdir -p /home/soft/elasticsearch/logs/logs05
mkdir -p /home/soft/elasticsearch/logs/logs06
配置脚本:
/
/ l ⽂件
cluster.name: esinner
node.name: es04
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.14
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
// l ⽂件
cluster.name: esinner
node.name: es05
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.15
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
// l ⽂件
cluster.name: esinner
node.name: es06
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.16
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
启动脚本:其中的esnetwork 是我创建的es专属⽹络,其中的IP地址172.也是依赖这⾥⽹络来的。
查看⽹络列表
docker network ls
进⼊⽹络查看绑定情况
docker network inspect esnetwork
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-d --net esnetwork --ip 172.19.0.14 -p 9204:9200 -p 9304:9300 \
-v /home/soft/ES/l:/usr/share/elasticsearch/l \
-v /home/soft/ES/plugins/plugins04:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data04:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs04:/usr/share/elasticsearch/logs \
--name es04 elasticsearch:7.1.1
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \ -d --net esnetwork --ip 172.19.0.15 -p 9205:9200 -p 9305:9300 \
-v /home/soft/ES/l:/usr/share/elasticsearch/l \ -v /home/soft/ES/plugins/plugins05:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data05:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs05:/usr/share/elasticsearch/logs \
--name es05 elasticsearch:7.1.1
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \ -d --net esnetwork --ip 172.19.0.16 -p 9206:9200 -p 9306:9300 \
-v /home/soft/ES/l:/usr/share/elasticsearch/l \ -v /home/soft/ES/plugins/plugins06:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data06:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs06:/usr/share/elasticsearch/logs \
--name es06 elasticsearch:7.1.1
查看⽹络情况esnetwork
[root@localhost ~]# docker network inspect esnetwork
[
{
"Name": "esnetwork",
"Id": "643e80b22b68ed051bdee83d4625e9a590be3ccf3acdbe0c2373bd409cf00d43",
"Created": "2020-01-23T00:40:33.225834796+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"6cab717babe9b95283dc8f55d95d5a9b7e69bffc5e882ef04bf3af81838627ac": {
"Name": "es06",
"EndpointID": "8082b5283bc60533b4203146d5bb58526063c8925b9b97f7e6be86607fc3d1d1",
"MacAddress": "02:42:ac:13:00:10",
"IPv4Address": "172.19.0.16/16",
"IPv6Address": ""
},
"706ba84e67af5d9c57994dd5eaecd60298b03bd7ded81d386a75d4087e2c1536": {
"Name": "es04",
"EndpointID": "bb59f666c86c1ee7d691fc6f2d0039df98e0b5954625edd92e40613e93ad2804",
"MacAddress": "02:42:ac:13:00:0e",
"IPv4Address": "172.19.0.14/16",
"IPv6Address": ""
},
"93ec974957d277a140b4a344db7c67fe37b3df17b3155039ed7f08ab850d889e": {
"Name": "es05",
"EndpointID": "7a898a6a0e469445cb22efc82416d7ceaf4417ab82199b8db76ccaa957422c4d",
"MacAddress": "02:42:ac:13:00:0f",
"IPv4Address": "172.19.0.15/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
View Code
启动后通过IP:PORT可以查看到当前单台情况
{
"name" : "es04",
"cluster_name" : "mses-cluster",
"cluster_uuid" : "_na_",
"version" : {
"number" : "7.1.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "7a013de",
"build_date" : "2019-05-23T14:04:00.380842Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
通过IP:PORT/_cat/nodes?pretty 可以当前集情况
172.19.0.16 26 93 50 1.40 3.47 4.23 mdi - es06
172.19.0.14 33 93 54 1.40 3.47 4.23 mdi * es04
172.19.0.15 17 93 54 1.40 3.47 4.23 mdi - es05
以上说明能正常访问。
下⾯是重点============配置xpack,es的账号密码
停掉服务。
docker stop es04 es05 es06
删除data数据
rm -rf data/data4*/*
修改l配置,重新启动。
末尾增加
abled: true
abled: true
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch]# vi l
cluster.name: mses-cluster
node.name: es00
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.20.0.10
http.port: 9200
discovery.seed_hosts: ["172.20.0.10:9300","172.20.0.11:9300"]
cluster.initial_master_nodes: ["es00","es01"]
abled: true
abled: true
重启
docker restart es00
查看启动⽇志
docker logs -f --tail=10 es00
看到启动完成后,访问ip:端⼝,会弹出登录对话窗⼝
进⼊容器,
docker exec -it es00 /bin/bash
keystore⽂件,默认会创建在config⽬录下⽣成elasticsearch.keystore⽂件
bin/elasticsearch-keystore create
执⾏过程:
[root@ee7fae207374 elasticsearch]# bin/elasticsearch-keystore create
Created elasticsearch keystore in /usr/share/elasticsearch/config
[root@ee7fae207374 elasticsearch]# ls config/
elasticsearch.l jvm.options log4j2.properties l users users_roles 设置默认⽤户的密码,我这直接使⽤默认⽤户名作为密码
bin/elasticsearch-setup-passwords interactive
正常情况得到结果:说明设置正常,我这⾥所有的⽤户密码都是设置为:elastic
[root@21650b6ea0f2 elasticsearch]# bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
错误1:可能是之前已设置过⽤户密码,若忘记了,没关系。
docker进入容器Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
* This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore
解决A:很纠结的不⼀定成功。也成功做。
关闭ElasticSearch的xpack安全验证(即修改/docker/elasticsearch/l
中的abled和abled为false);
重启ElasticSearch服务
重启好后⽤以下命令删除索引 .secutity-6
curl -XDELETE localhost:9204/.secutity-6
1
or
curl -XDELETE  127.0.0.1:9200/.secutity-6
删除好后再重新按照上⾯设置密码的操作打开xpack验证重启ElasticSearch服务进⼊容器内部进⾏密码设置
解决B:不管他,接着⾛下⾯的步骤,最后,再来解决这个⽤户⽆法创建的问题,就当做忘记密码。
解决办法:创建⼀个新的临时⽤户,然后赋予这个⽤户超级管理员⾓⾊。
再退出外⾯,⽤这个⽤户修改密码。
docker exec -it es10 bash
./bin/elasticsearch-users useradd tempchen -r superuser
curl -XPUT -u tempchen:tempchen 127.0.0.1:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
{
"password": "elastic"
}'
执⾏过程:
// 进⼊容器
[root@izm5ej4bsah4npfgi5wl3vz ~]# docker exec -it es10 bash
// 创建⽤户
[root@467d3709b7db elasticsearch]# ./bin/elasticsearch-users useradd tempchen -r superuser
Enter new password:
Retype new password:
// 退出容器
[root@467d3709b7db elasticsearch] exit
// 根据IP修改密码
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]# curl -XPUT -u tempchen:tempchen 172.21.0.10:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
> {
>  "password": "elastic"
> }'
{}
// 此时修改密码成功,密码为elastic
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]#
错误2:
Unexpected response code [503] from calling PUT 172.20.0.10:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the security index
解决:
配置master节点先修改为1个
cluster.initial_master_nodes: ["es04"]
在页⾯登录输⼊任何账号都能登录正常,看到信息。
⽣成配置ca证书:这⾥可输⼊密码,也可直接回车不输密码,我这⾥密码:不输⼊,
bin/elasticsearch-certutil ca
证书⽣成位置是当前位置,会⽣成⼀个证书名字:elastic-stack-ca.p12
当然也可以⽤ out指定⽣成证书位置。例如下,但我不⽤
bin/elasticsearch-certutil ca -out config/elastic-ca.p12 -pass ""
[root@ee7fae207374 elasticsearch]# bin/elasticsearch-certutil ca
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/elasticsearch/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun() WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]:
Enter password for elastic-stack-ca.p12 :
[root@ee7fae207374 elasticsearch]# ls
123456      ile  bin  config  data  elastic-stack-ca.p12  jdk  lib  logs  modules  plugins
⽣成私钥证书
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
会提⽰输⼊密码,这⾥我直接回车,⽆密码。
查看当前⽬录,即可看到:elastic-certificates.p12 这个就是我们的私钥了,所有节点,统⼀要将这证书放置到指定位置即可各个节点互通交互了。[root@21650b6ea0f2 elasticsearch]# ls
<    ile  bin  config  data  elastic-certificates.p12  elastic-stack-ca.p12  jdk  lib  logs  modules  plugins
只需要使⽤由同⼀CA签名的证书,即可⾃动允许该节点加⼊集。
将证书复制到宿主机
宿主机⽬录我这⾥是/home/soft/ES/config
docker cp 复制
es04 是运⾏的容器名称
/usr/share/elasticsearch/elastic-certificates.p12 要复制的容器内的⽂件具体路径
/home/soft/ES/config 物理机路径
# docker cp es04:/usr/share/elasticsearch/elastic-certificates.p12 /home/soft/ES/config
将证书复制到所有需要集的es节点
docker cp /home/soft/ES/config/elastic-certificates.p12 es04:/usr/share/elasticsearch/config/
docker cp /home/soft/ES/config/elastic-certificates.p12 es05:/usr/share/elasticsearch/config/
docker cp /home/soft/ES/config/elastic-certificates.p12 es06:/usr/share/elasticsearch/config/
修改所有需要集的节点
主要是增加这⼏⾏配置
abled: true
ansport.ssl.verification_mode: certificate
ansport.ssl.keystore.path: elastic-certificates.p12
uststore.path: elastic-certificates.p12
// l ⽂件
cluster.name: esinner
node.name: es04
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.14
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
abled: true
xpack.license.pe: basic
abled: true
ansport.ssl.verification_mode: certificate
ansport.ssl.keystore.path: elastic-certificates.p12
uststore.path: elastic-certificates.p12
// l ⽂件
cluster.name: esinner
node.name: es05
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.15
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
abled: true
xpack.license.pe: basic
abled: true
ansport.ssl.verification_mode: certificate
ansport.ssl.keystore.path: elastic-certificates.p12
uststore.path: elastic-certificates.p12
// l ⽂件
cluster.name: esinner
node.name: es06
node.master: true
node.data: true
<_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.16
http.port: 9200
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
abled: true
xpack.license.pe: basic
abled: true
ansport.ssl.verification_mode: certificate
ansport.ssl.keystore.path: elastic-certificates.p12
uststore.path: elastic-certificates.p12
View Code

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。