Shulou(Shulou.com)06/03 Report--

This article is to share with you how to use ES cluster to enable user authentication. The article also introduces the kibana-WEB interface to confirm the user 7 and the filebeat server to create a KeyStore, I hope you can learn something through this article.

Please shut down all ElasticSearch, kibana, filebeat processes before doing the following experiment

Elasticsearch- modifies elasticsearch.yml configuration

Add elasticsearch.yml configuration parameters under the conf directory according to the instance in the above table

# add the following configuration to all instances # enable the local user xpack.security.enabled: true# xpack version xpack.license.self_generated.type: basicelasticsearch- to enable the service

Enable all ES services

Sudo-u elasticsearch. / bin/elasticsearchelasticsearch- establish a local built-in user

Local built-in elastic, apm_system, kibana, logstash_system, beats_system, remote_monitoring_user users

# operate on one of the master nodes # interactive custom password auto automatic password sudo-u elasticsearch. / bin/elasticsearch-setup-passwords interactive# enter elastic password # enter apm_system password # enter kibana password # enter logstash_system password # enter beats_system password # enter remote_monitoring_user password

Test internal users

Encrypt elastic users through base64 in the format of "elastic:elastic password"

# for example, the following format curl-H "Authorization: Basic ZWxhc3RpYzplbGFzdGkxMjM0NTY3OA=="http://192.168.1.31:9200/_cat/nodes?v""

If you do not access through Basic or base64 encryption error, the following error will be reported

Kibana- creates a private KeyStore

Create a private KeyStore in 192.168.1.21

Cd / opt/kibana/# create KeyStore sudo-u kibana. / bin/kibana-keystore create# connection ES username, enter the kibanasudo-u kibana. / bin/kibana-keystore add elasticsearch.username# connection ES password here, enter the password sudo-u kibana. / bin/kibana-keystore add elasticsearch.password that just set the kibana

Confirm the private KeyStore at 192.168.1.21

Sudo-u kibana. / bin/kibana-keystore list

Start the service

Sudo-u kibana/ opt/kibana/bin/kibana-c / opt/kibana/config/kibana.ymlkibana-WEB interface confirms the user

Log in to kibana

Enter 192.168.1.21 elastic 5601 in the browser, user name: password: enter the password of elastic before

Filebeat- creates roles and users in the WEB interface

Create a custom filebeat role

For instructions on role permissions, please refer to the appendix link.

Create a custom filebeat user

Create a KeyStore on the filebeat- server

Create the filebeat KeyStore on 192.168.1.11

Cd / opt/filebeat/# create KeyStore. / filebeat keystore create# create test-filebeat user private key. / filebeat keystore add test-filebeat

Confirm filebeat KeyStore

. / filebeat keystore list

Filebeat- configuration filebeat.yml

Configure filebeat.yml

# File input filebeat.inputs: # File input Type-type: log # enable loading enabled: true # File location paths:-/ var/log/nginx/access.log # Custom Parameter fields: type: nginx_access # Type is nginx_access Consistent with the above fields.type # output to elasticsearchoutput.elasticsearch: # user name to connect to the ES cluster username: test-filebeat # password to connect to the ES cluster password: "${test-filebeat password}" # elasticsearch cluster hosts: ["http://192.168.1.31:9200"," http://192.168.1.32:9200", "http://192.168.1.33:9200"] # Index configuration indices: # Index name-index:" nginx_access_% {+ yyy.MM} "# use this index when the type is nginx_access: fields.type:" nginx_access "# close the built-in template setup.template.enabled: false# to enable logging logging. To_files: true# log level logging.level: info# log file logging.files: # log location path: / opt/logs/filebeat/ # log name name: filebeat # log rotation period Must have 2 '1024 keepfiles: 7 # log rotation permission permissions: 0600

Start filebeat

/ opt/filebeat/filebeat-e-c / opt/filebeat/filebeat.yml-d "publish" test

Write a piece of data

Curl-I "http://192.168.1.11"

View in kibana

After reading this article, have you learned how to use ES cluster to turn on user authentication? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel. Thank you for reading.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.