download
Select the appropriate installation package to download according to your own hardware, here is the linux x86 version:
- Elasticsearch 8.0.0 :www.elastic.co/downloads/p…
- Kibana 8.0.0:www.elastic.co/downloads/p…
Elasticsearch
decompress
Unzip the downloaded compressed package, you can go to the folder
elasticsearch-8.0.0
Modify elasticsearch.yml
cluster.name: qjfy
node.name: node-1
bootstrap.memory_lock: true
network.host: localhost
http.port: 9400
configure
Here are some common configurations, creating non-root users, modifying all users in the directory, modifying system settings, etc., which will not be repeated here.
start up
Switch to the non-root user created by yourself, here is es, and then start the command line in the ES home directory:
./bin/elasticsearch
After a while, the following messages appear, which are:
-
8.x automatically turns on the security settings and gives the initial password of the elastic user, which can be modified using the command
bin/elasticsearch-reset-password -u elastic -i
-
In addition, the HTTP CA certificate is given
-
If you need to install kibana (described in the next chapter), we only need to start kibana and click the given URL, then copy the long list of tokens given here, remember that it is only valid for 30 minutes, if it times out, execute the command to restart Just generate, execute the command to return a long list of new tokens
./bin/elasticsearch-create-enrollment-token -s kibana
-
If you want other nodes to join the cluster, follow the steps below
Elasticsearch security features have been automatically configured! ✅ Authentication is enabled and cluster connections are encrypted. ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`): OxhN+dqEpl+MR_UaVUgV ℹ️ HTTP CA certificate SHA-256 fingerprint: d5f97e829d095c89a8eeb03df6b17792a9e073e5a85448258697b647da7a752b ℹ️ Configure Kibana to use this cluster: • Run Kibana and click the configuration link in the terminal when Kibana starts. • Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes): eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxMjcuMC4wLjE6OTIwMCIsIls6OjFdOjkyMDAiXSwiZmdyIjoiZDVmOTdlODI5ZDA5NWM4OWE4ZWViMDNkZjZiMTc3OTJhOWUwNzNlNWE4NTQ0ODI1ODY5N2I2NDdkYTdhNzUyYiIsImtleSI6IjJSZ1Z5SUVCVkFIZWZJc3JCZXd2OmQ1MUtlN0ZpUnRLYk56SU9Dd2lURGcifQ== ℹ️ Configure other nodes to join this cluster: • On this node: ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`. ⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml. ⁃ Restart Elasticsearch. • On other nodes: ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
Look back at elasticsearch.yml
We open a new terminal and look at the configuration file elasticsearch.yml (as shown below), we can find that the above part is the content of our own configuration, and the following part of the system automatically writes us some "SECURITY AUTO CONFIGURATION" configuration, These contents are that the system automatically enables the HTTP API client connection encryption for us by default, encrypted transmission and authentication between clusters, and automatically joins the cluster. These used to be manually configured, and now it is convenient to automatically generate them.
cluster.name: qjfy
node.name: node-1
bootstrap.memory_lock: true
network.host: localhost
http.port: 9400
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 04-07-2022 07:19:54
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["node-1"]
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
browser view
Enter the following URL in the browser, and enter the account and password to see the successful deployment interface:
https://localhost:9400
Kibana
decompress
Unzip the downloaded compressed package, you can go to the folder
kibana-8.0.0
Modify kibana.yml
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9400"]
configure kibana
Here are also common operations such as creating non-root users and modifying the user to which the directory belongs, so I won't go into details.
start up
Here, if we start kibana directly, an error will occur (as follows), because kibana runs on an operating system that can open a browser by default, linux generally does not have a browser to go to this step, so there is no correct permission to access it safely. Already have elasticsearch securely configured:
[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes.
This is a big pit. I spent two days here, because the documents on the Internet now say that the security configuration of elasticsearch.yml is turned off. Although kibana can be started, elasticsearch is not running on the public network. It must not be changed in this way. I searched for various solutions on the Internet, and finally found a solution here. For details, see the webpage:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html#stack-start-with-security
On a Linux server without a browser, if we want kibana to connect to elasticsearch, we need to pass the following command line to pass the enrollment token generated above into kibana. If it times out, generate a new one:
bin/kibana-setup --enrollment-token eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxMjcuMC4wLjE6OTIwMCIsIls6OjFdOjkyMDAiXSwiZmdyIjoiZDVmOTdlODI5ZDA5NWM4OWE4ZWViMDNkZjZiMTc3OTJhOWUwNzNlNWE4NTQ0ODI1ODY5N2I2NDdkYTdhNzUyYiIsImtleSI6IjJSZ1Z5SUVCVkFIZWZJc3JCZXd2OmQ1MUtlN0ZpUnRLYk56SU9Dd2lURGcifQ==
Then the terminal will print the following information, indicating that the kibana connection elasticsearch security configuration is successful:
Kibana configured successfully!
To start Kibana run:
bin/kibana
At this time, we can start kibana by running it normally, and then enter the URL http://localhost:5601 in the browser , as well as the elastic account and the corresponding password to enter the kibana interface normally.
Look back at kibana.yml
Like elasticsearch.yml, the second half is the security configuration automatically added by the system