Linux install ES 8.0 and kibana 8.0 to climb the rice pit

Server 2022-07-07 14:20:40 views: null

download

Select the appropriate installation package to download according to your own hardware, here is the linux x86 version:

Elasticsearch

decompress

Unzip the downloaded compressed package, you can go to the folder

elasticsearch-8.0.0

Modify elasticsearch.yml

cluster.name: qjfy
node.name: node-1
bootstrap.memory_lock: true
network.host: localhost
http.port: 9400

configure

Here are some common configurations, creating non-root users, modifying all users in the directory, modifying system settings, etc., which will not be repeated here.

start up

Switch to the non-root user created by yourself, here is es, and then start the command line in the ES home directory:

 ./bin/elasticsearch

After a while, the following messages appear, which are:

  • 8.x automatically turns on the security settings and gives the initial password of the elastic user, which can be modified using the command

      bin/elasticsearch-reset-password -u elastic -i

  • In addition, the HTTP CA certificate is given

  • If you need to install kibana (described in the next chapter), we only need to start kibana and click the given URL, then copy the long list of tokens given here, remember that it is only valid for 30 minutes, if it times out, execute the command to restart Just generate, execute the command to return a long list of new tokens

     	./bin/elasticsearch-create-enrollment-token -s kibana

  • If you want other nodes to join the cluster, follow the steps below

      Elasticsearch security features have been automatically configured!
    ✅ Authentication is enabled and cluster connections are encrypted.
    
    ℹ️  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
      OxhN+dqEpl+MR_UaVUgV
    
    ℹ️  HTTP CA certificate SHA-256 fingerprint:
      d5f97e829d095c89a8eeb03df6b17792a9e073e5a85448258697b647da7a752b
    
    ℹ️  Configure Kibana to use this cluster:
    • Run Kibana and click the configuration link in the terminal when Kibana starts.
    • Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
      eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxMjcuMC4wLjE6OTIwMCIsIls6OjFdOjkyMDAiXSwiZmdyIjoiZDVmOTdlODI5ZDA5NWM4OWE4ZWViMDNkZjZiMTc3OTJhOWUwNzNlNWE4NTQ0ODI1ODY5N2I2NDdkYTdhNzUyYiIsImtleSI6IjJSZ1Z5SUVCVkFIZWZJc3JCZXd2OmQ1MUtlN0ZpUnRLYk56SU9Dd2lURGcifQ==
    
    ℹ️  Configure other nodes to join this cluster:
    • On this node:
      ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
      ⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
      ⁃ Restart Elasticsearch.
    • On other nodes:
      ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.

Look back at elasticsearch.yml

We open a new terminal and look at the configuration file elasticsearch.yml (as shown below), we can find that the above part is the content of our own configuration, and the following part of the system automatically writes us some "SECURITY AUTO CONFIGURATION" configuration, These contents are that the system automatically enables the HTTP API client connection encryption for us by default, encrypted transmission and authentication between clusters, and automatically joins the cluster. These used to be manually configured, and now it is convenient to automatically generate them.

cluster.name: qjfy
node.name: node-1
bootstrap.memory_lock: true
network.host: localhost
http.port: 9400	
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 04-07-2022 07:19:54
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["node-1"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

browser view

Enter the following URL in the browser, and enter the account and password to see the successful deployment interface:

https://localhost:9400

Kibana

decompress

Unzip the downloaded compressed package, you can go to the folder

kibana-8.0.0

Modify kibana.yml

server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9400"]

configure kibana

Here are also common operations such as creating non-root users and modifying the user to which the directory belongs, so I won't go into details.

start up

Here, if we start kibana directly, an error will occur (as follows), because kibana runs on an operating system that can open a browser by default, linux generally does not have a browser to go to this step, so there is no correct permission to access it safely. Already have elasticsearch securely configured:

[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes.

This is a big pit. I spent two days here, because the documents on the Internet now say that the security configuration of elasticsearch.yml is turned off. Although kibana can be started, elasticsearch is not running on the public network. It must not be changed in this way. I searched for various solutions on the Internet, and finally found a solution here. For details, see the webpage:

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html#stack-start-with-security

On a Linux server without a browser, if we want kibana to connect to elasticsearch, we need to pass the following command line to pass the enrollment token generated above into kibana. If it times out, generate a new one:

bin/kibana-setup --enrollment-token eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxMjcuMC4wLjE6OTIwMCIsIls6OjFdOjkyMDAiXSwiZmdyIjoiZDVmOTdlODI5ZDA5NWM4OWE4ZWViMDNkZjZiMTc3OTJhOWUwNzNlNWE4NTQ0ODI1ODY5N2I2NDdkYTdhNzUyYiIsImtleSI6IjJSZ1Z5SUVCVkFIZWZJc3JCZXd2OmQ1MUtlN0ZpUnRLYk56SU9Dd2lURGcifQ==

Then the terminal will print the following information, indicating that the kibana connection elasticsearch security configuration is successful:

Kibana configured successfully!

To start Kibana run:
	bin/kibana

At this time, we can start kibana by running it normally, and then enter the URL http://localhost:5601 in the browser , as well as the elastic account and the corresponding password to enter the kibana interface normally.

Look back at kibana.yml

Like elasticsearch.yml, the second half is the security configuration automatically added by the system

Guess you like

Origin juejin.im/post/7117581201040212004
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com