elasticsearch使用x-pack安全验证

elasticsearch、kibana、logstash版本：7.3.2

#使用es自带工具生成CA及证书ES_HOME=/usr/local/elasticsearch$ES_HOME/bin/elasticsearch-certutil ca$ES_HOME/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12mkdir $ES_HOME/config/certs && mv $ES_HOME/elastic-* $ES_HOME/config/certs

复制证书到其他es节点

#es配置文件(es1为例)elasticsearch.ymlcluster.name: my-esnode.name: es-1node.master: true node.data: truenode.ingest: falsepath.data: /usr/local/elasticsearch/data/path.logs: /usr/local/elasticsearch/log/network.host: 0.0.0.0http.port: 9200transport.port: 9300transport.compress: truediscovery.seed_hosts: ["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"]cluster.initial_master_nodes: ["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"]#head插件http.cors.enabled: truehttp.cors.allow-origin: "*"#开启安全功能xpack.security.enabled: true#集群内部通信加密xpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

#使用systemd管理es/usr/lib/systemd/system/elasticsearch.service[Unit]Description=ElasticsearchDocumentation=http://www.elastic.coWants=network-online.targetAfter=network-online.target[Service]User=esGroup=esLimitNOFILE=100000LimitNPROC=100000ExecStart=/usr/local/elasticsearch/bin/elasticsearch[Install]WantedBy=multi-user.target

#启动es集群；设置默认账户密码#自动生成密码$ES_HOME/bin/elasticsearch-setup-passwords auto

#手动设置密码$ES_HOME/bin/elasticsearch-setup-passwords interactive

#Kibana相关证书Kibana_HOME=/usr/local/kibana#kibana连接es加密需要使用pem证书cd  $ES_HOME/config/certs#证书转换openssl pkcs12 -in elastic-certificates.p12 -out elastic-certificates.pem -nodesmkdir $Kibana_HOME/config/certs && mv elastic-certificates.pem $Kibana_HOME/config/certs#https证书$ES_HOME/bin/elasticsearch-certutil ca --pemmv $ES_HOME/elastic-stack-ca.zip $Kibana_HOME/config/certs && unzip $Kibana_HOME/config/certs/elastic-stack-ca.zip

#kibana配置文件kibana.ymlserver.host: "192.168.3.102"elasticsearch.hosts: ["http://192.168.3.102:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]elasticsearch.username: "kibana"elasticsearch.password: "ukCAClFof70DU5mWnHC7"logging.dest: /usr/local/kibana/log/kibana.loglogging.quiet: true#启用https访问kibana；使用私有证书会有访问日志报错的问题#server.ssl.enabled: true#server.ssl.certificate: /usr/local/kibana/config/certs/ca/ca.crt#server.ssl.key: /usr/local/kibana/config/certs/ca/ca.key#启用elasticsearch连接加密elasticsearch.ssl.certificateAuthorities: [ "/usr/local/kibana/config/certs/elastic-certificates.pem" ]elasticsearch.ssl.verificationMode: certificate

#systemd管理kibana/usr/lib/systemd/system/kibana.service[Unit]Description=KinabaDocumentation=http://www.elastic.coWants=network-online.targetAfter=network-online.target[Service]User=kibanaGroup=kibanaExecStart=/usr/local/kibana/bin/kibana[Install]WantedBy=multi-user.target

#logstash示例input {  stdin {  }}output {  elasticsearch {    hosts => ["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]    index => "test-%{+YYYY.MM.dd}"    user => "elastic"    password => "HkqZIHZsuXSv6B5OwqJ7"  }}

使用PKCS12配置logstash=>es安全加密未成功(有大佬成功的话私信或者评论下)，可以参考下面链接使用PEM方式来完成各组件之间的安全通信

https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#step-5-2

参考：

https://www.elastic.co/guide/en/elastic-stack-overview/7.3/ssl-tls.html

https://www.elastic.co/guide/en/elasticsearch/reference/7.3/configuring-security.html

https://www.elastic.co/guide/en/kibana/7.3/using-kibana-with-security.html

https://www.elastic.co/guide/en/kibana/7.3/configuring-tls.html