Docker部署ELK参考
https://www.cnblogs.com/minseo/p/12956563.html
安装search guard参考
https://www.cnblogs.com/minseo/p/10576126.html
在线生成证书
https://search-guard.com/tls-certificate-generator/
在线生成证书本次只输入一个地址192.168.1.227生成证书,使用邮箱接收生成的证书
启动elasticsearch
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /nas/nas/scripts/docker_es_kibana/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /usr/share/elasticsearch/data:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:6.6.2
把证书及search guard模块拷贝至容器内
docker cp search-guard-6-6.6.2-24.2.zip elasticsearch:/opt/ docker cp search-guard-certificates elasticsearch:/opt/
登录容器
docker exec -it elasticsearch bash
安装search guard模块
模块最好下载成文件使用file安装,否则网络速度较慢安装时间比较长
/usr/share/elasticsearch/bin/elasticsearch-plugin install file:///opt/search-guard-6-6.6.2-24.2.zip
安装输入y确认
查看是否安装成功
# /usr/share/elasticsearch/bin/elasticsearch-plugin list ingest-geoip ingest-user-agent search-guard-6
创建证书目录,因为容器配置文件在目录/usr/share/elasticsearch/config配置文件使用相对路径所以创建的key目录也在改目录下
mkdir /usr/share/elasticsearch/config/key
把解压后的证书拷贝至此目录
mv /opt/search-guard-certificates/* /usr/share/elasticsearch/config/key/
设置目录权限为elasticsearch,因为使用用户elasticsearch启动,不设置权限会导致启动失败
chown -R elasticsearch:elasticsearch key/
修改配置文件添加search guard配置
# cat /usr/share/elasticsearch/config/elasticsearch.yml cluster.name: myes #node.name: node-1 path.data: /usr/share/elasticsearch/data #path.logs: /var/log/elasticsearch bootstrap.memory_lock: false network.host: 0.0.0.0 http.port: 9200 #search guard config start searchguard.ssl.transport.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.transport.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.transport.pemkey_password: c7c81d49530b771b415f searchguard.ssl.transport.pemtrustedcas_filepath: key/chain-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.http.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.http.pemkey_password: c7c81d49530b771b415f searchguard.ssl.http.pemtrustedcas_filepath: key/chain-ca.pem searchguard.authcz.admin_dn: - CN=sgadmin searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 xpack.security.enabled: false #search guard config end
退出容器重启容器生效
docker restart elasticsearch
验证安装是否成功,在web页面访问,默认用户名和密码都是admin
https://192.168.1.227:9200/_searchguard/authinfo
出现以下json格式代表安装正常
设置权限因子
登录容器操作
拷贝证书
cd /usr/share/elasticsearch/config/key cp root-ca.pem client-certificates/CN\=sgadmin.key.pem client-certificates/CN\=sgadmin.crtfull.pem /usr/share/elasticsearch/plugins/search-guard-6/tools/
设置权限因子,该命令可以在证书的README.txt找到
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/ chmod +x sgadmin.sh ./sgadmin.sh -cacert root-ca.pem -cert CN=sgadmin.crtfull.pem -key CN=sgadmin.key.pem -keypass e569191697316c8f6711 -nhnv -icl -cd ../sgconfig/
初始化搜索保护设置
cd /usr/share/elasticsearch/config/key cp truststore.jks client-certificates/CN\=sgadmin-keystore.jks /usr/share/elasticsearch/plugins/search-guard-6/tools/ cd /usr/share/elasticsearch/plugins/search-guard-6/tools/ ./sgadmin.sh -ts truststore.jks -tspass 4246ab5a580067d6b361 -ks CN=sgadmin-keystore.jks -kspass e569191697316c8f6711 -nhnv -icl -cd ../sgconfig/
该命令也在README.txt中
配置kibana
启动kibana容器
docker run -d --name kibana -p 5601:5601 -v /nas/nas/scripts/docker_es_kibana/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml docker.elastic.co/kibana/kibana:6.6.2
拷贝search guard模块至容器中
docker cp search-guard-kibana-plugin-6.6.2-18.1.zip kibana:/opt/
登录容器安装模块
docker exec -it kibana bash
/usr/share/kibana/bin/kibana-plugin install file:///opt/search-guard-kibana-plugin-6.6.2-18.1.zip
安装查看
$ /usr/share/kibana/bin/kibana-plugin list [email protected]
修改挂载的kibana配置文件kibana.yml添加配置
注意无法在容器中修改该文件,需要修改挂载的配置文件然后重启容器
# cat kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.url: "https://192.168.1.227:9200" kibana.index: ".kibana" elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" elasticsearch.ssl.verificationMode: none elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ] xpack.monitoring.enabled: false xpack.graph.enabled: false xpack.ml.enabled: false xpack.watcher.enabled: false xpack.security.enabled: false
重启容器
docker restart kibana
登录kibana需要输入用户名和密码admin