# 7.9.3 elasticsearch logstash kibana
# Linux version CentOS Linux release 7.9.2009 (Core)
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
es1 192.168.1.149
es2 192.168.1.145
es3 192.168.1.147
安装前配置
# yum 设置
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -ri 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum install lrzsz wget vim net-tools bind-utils -y
yum install ntp -y
ntpdate cn.ntp.org.cn
setenforce 0
systemctl stop firewalld;systemctl disable firewalld
sed -ri '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
#配置hosts
[root@es1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.149 es1
192.168.1.145 es2
#es 下载
https://mirrors.aliyun.com/elasticstack/7.x/yum/7.9.3/?spm=a2c6h.25603864.0.0.69183851dogJaO
#也可以选择下载完上传上去
[root@es1 ~]# scp -r elasticsearch-7.9.3-x86_64.rpm 192.168.1.145:/root
[root@es1 ~]# scp -r elasticsearch-7.9.3-x86_64.rpm 192.168.1.147:/root
#install
#所有节点执行
yum install elasticsearch-7.9.3-x86_64.rpm -y
#es1
[root@es1 ~]# cat /etc/elasticsearch/elasticsearch.yml |egrep -v '^#'
node.name: es1
path.data: /var/lib/elasticsearch #数据目录
path.logs: /var/log/elasticsearch #日志目录
network.host: 192.168.1.149 #IP地址
http.port: 9200 #es端口号
discovery.seed_hosts: ["es1", "es2","es3"] #发现主机
cluster.initial_master_nodes: ["es2", "es3"] #集群
#es2
[root@es2 ~]# cat /etc/elasticsearch/elasticsearch.yml |egrep -v '^#'
node.name: es2
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.145
http.port: 9200
discovery.seed_hosts: ["es1", "es2","es3"]
cluster.initial_master_nodes: ["es1", "es2"]
#es3
[root@es3 ~]# cat /etc/elasticsearch/elasticsearch.yml |egrep -v '^#'
node.name: es3
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.147
http.port: 9200
discovery.seed_hosts: ["es1", "es2"."es3"]
cluster.initial_master_nodes: ["es1", "es2"]
生成xpack
#es ssl生成证书
[root@es1 ~]# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]:
ERROR: Output file '/usr/share/elasticsearch/elastic-stack-ca.p12' already exists
[root@es1 ~]# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]:
ERROR: Output file '/usr/share/elasticsearch/elastic-stack-ca.p12' already exists
[root@es1 ~]# rm -rf /usr/share/elasticsearch/elastic-stack-ca.p12
[root@es1 ~]# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: #zip文件回车即可
Enter password for elastic-stack-ca.p12 : #键入密码
---------------------------------------------------------------------------------------
#证书目录
[root@es1 ~]# ls /usr/share/elasticsearch/elastic-stack-ca.p12
/usr/share/elasticsearch/elastic-stack-ca.p12
[root@es1 ~]# cd /usr/share/elasticsearch/
[root@es1 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'cert' mode generates X.509 certificate and private keys.
* By default, this generates a single certificate and key for use
on a single instance.
* The '-multiple' option will prompt you to enter details for multiple
instances and will generate a certificate and key for each one
* The '-in' option allows for the certificate generation to be automated by describing
the details of each instance in a YAML file
* An instance is any piece of the Elastic Stack that requires an SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* All certificates generated by this tool will be signed by a certificate authority (CA).
* The tool can automatically generate a new CA for you, or you can provide your own with the
-ca or -ca-cert command line options.
By default the 'cert' mode produces a single PKCS#12 output file which holds:
* The instance certificate
* The private key for the instance certificate
* The CA certificate
If you specify any of the following options:
* -pem (PEM formatted output)
* -keep-ca-key (retain generated CA key)
* -multiple (generate multiple certificates)
* -in (generate certificates from an input file)
then the output will be be a zip file containing individual certificate/key files
Enter password for CA (elastic-stack-ca.p12) : #输入上次键入的密码 如果上次是直接回车 这次也回车即可
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 : #同上
Certificates written to /usr/share/elasticsearch/elastic-certificates.p12
This file should be properly secured as it contains the private key for
your instance.
This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.
For client applications, you may only need to copy the C
# 证书复制
mkdir /etc/elasticsearch/certs/
cp /usr/share/elasticsearch/*.p12 /etc/elasticsearch/certs/
chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs/
scp -rp /etc/elasticsearch/certs/ 192.168.1.145:/etc/elasticsearch/certs/
scp -rp /etc/elasticsearch/certs/ 192.168.1.147:/etc/elasticsearch/certs/
#所有节点配置xpack e主配置文件添加即可
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic-stack-ca.p12
#重启es
systemctl enable elasticsearch
systemctl restart elasticsearch
#如果节点证书配置密码的话,这里要加入密码库 我们上面配置了密码 所以这里需要加入
[root@es1 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
Enter value for xpack.security.transport.ssl.keystore.secure_password:
[root@es1 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
Enter value for xpack.security.transport.ssl.truststore.secure_password:
xpack密码初始化
#初始化es密码
[root@es1 elasticsearch]#
[root@es1 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
#查看节点 输入上次初始化后的密码
[root@es1 elasticsearch]# !curl
curl http://192.168.1.149:9200/_cat/nodes?v -u elastic
Enter host password for user 'elastic':
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.149 29 94 4 0.12 0.18 0.28 dilmrt - es1
192.168.1.145 33 66 10 0.20 0.36 0.23 dilmrt * es2
192.168.1.147 28 66 12 0.17 0.24 0.17 dilmrt - es3
kibana安装
#kibana 配置
[root@es1 elasticsearch]# cat /etc/kibana/kibana.yml |egrep -v '^#'|grep -v '^$'
server.port: 5601 #监听端口
server.host: "192.168.1.149" #ip地址
server.name: "es1" #域名
elasticsearch.hosts: ["http://192.168.1.149:9200"] #es地址
kibana.index: ".kibana"
elasticsearch.username: "elastic" #xpack账户
elasticsearch.password: "shanyao" #xpack密码
#启动kibana
systemctl start kibana
systemctl enable kibana
#查看端口
[root@es1 elasticsearch]# netstat -antup|grep 5601
tcp 0 0 192.168.1.149:5601 0.0.0.0:* LISTEN 16737/node
#没起来可以查看es日志
logstash安装
#安装jdk
yum install java-1.8.0-openjdk -y
yum install logstash-7.9.3.rpm -y
#主配置文件存在于/etc/logstash/ logstash-sample.conf 过滤的文件模板 logstash.yml主配置文件 命令在/usr/share/logstash/bin/ 下
[root@es1 ~]# ls /etc/logstash/
conf.d/ jvm.options log4j2.properties logstash-sample.conf logstash.yml pipelines.yml startup.options
#配置
[root@es1 ~]# cat /etc/logstash/logstash.yml |egrep -v '^$|^#'
path.data: /var/lib/logstash
pipeline.ordered: auto
path.logs: /var/log/logstash
xpack.monitoring.enabled: enable #开启xpack
xpack.monitoring.elasticsearch.username: "elastic" #用户名
xpack.monitoring.elasticsearch.password: "shanyao" #密码
xpack.monitoring.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"] #监听的es
#过滤文件模板
[root@es1 ~]# cat /etc/logstash/logstash-sample.conf |egrep -v '^$|^#'
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.1.149:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "shanyao"
}
}
#查询服务
[root@es1 ~]# !net
netstat -antup|grep 5044
tcp6 0 0 :::5044 :::* LISTEN 21903/java