Day07-ES集群加密，kibana的RBAC实战，zookeeper集群搭建，zookeeper基本管理及kafka单点部署实战

0、昨日内容回顾:

• filebeat多实例

• logstash的多实例

• logstash的分支语法

• logstash的pipeline

• logstash的filter插件之mutate,useragent

• ELFK架构采集日志写入ES集群，并使用kibana出图展示

  • map
  • 可视化库
  • dashboard

• filebeat的模块使用

1、基于nginx的反向代理控制访问kibana

(1)部署nginx服务
略，参考之前的笔记即可。

(2)编写nginx的配置文件

cat > /etc/nginx/conf.d/kibana.conf <<'EOF'
server {
  listen 80;

  server_name kibana.oldboyedu.com;

  location / {
     proxy_pass http://10.0.0.103:5601$request_uri;
     auth_basic "oldboyedu kibana web!";
     auth_basic_user_file conf/htpasswd;
  }
}
EOF

(3)创建账号文件

mkdir -pv /etc/nginx/conf
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/conf/htpasswd admin oldboyedu

(4)启动nginx服务

nginx -t
systemctl reload nginx

(5)访问nginx验证kibana访问

如下图所示。

2、配置ES集群TSL认证:

(1)elk101节点生成证书文件

cd /oldboyedu/softwares/es7/elasticsearch-7.17.5/
./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""  --days 3650

(2)elk101节点为证书文件修改属主和属组

chown oldboyedu:oldboyedu config/elastic-certificates.p12 

(3)elk101节点同步证书文件到其他节点

data_rsync.sh `pwd`/config/elastic-certificates.p12 

(4)elk101节点修改ES集群的配置文件

vim /oldboyedu/softwares/es7/elasticsearch-7.17.5/config/elasticsearch.yml 
...
cluster.name: oldboyedu-linux85-binary
path.data: /oldboyedu/data/es7
path.logs: /oldboyedu/logs/es7
network.host: 0.0.0.0
discovery.seed_hosts: ["elk101.oldboyedu.com","elk102.oldboyedu.com","elk103.oldboyedu.com"]
cluster.initial_master_nodes: ["elk103.oldboyedu.com"]
reindex.remote.whitelist: "10.0.0.*:19200"
node.data: true
node.master: true

# 在最后一行添加以下内容

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

(5)elk101节点同步ES配置文件到其他节点

data_rsync.sh `pwd`/config/elasticsearch.yml 

(6)所有节点重启ES集群

systemctl restart es7

(7)生成随机密码

[[email protected] elasticsearch-7.17.5]# ./bin/elasticsearch-setup-passwords auto
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Future versions of Elasticsearch will require Java 11; your Java version from [/oldboyedu/softwares/jdk1.8.0_291/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = by9j4WkXTocxc7Gl7l8S

Changed password for user kibana_system
PASSWORD kibana_system = t0HSSsrBPACFTDxor4Ix

Changed password for user kibana
PASSWORD kibana = t0HSSsrBPACFTDxor4Ix

Changed password for user logstash_system
PASSWORD logstash_system = JUXrlCfaMa74seZJnhw4

Changed password for user beats_system
PASSWORD beats_system = 2V39PZkHNGIymaVaDFx0

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = UZplScGKm6zAmMCO9Jmg

Changed password for user elastic
PASSWORD elastic = e31LGPoUxik7fnitQidO

(8)postman访问

3、配置kibana连接ES集群

(1)修改kibana的配置文件

[[email protected] elasticsearch-7.17.5]# yy /etc/kibana/kibana.yml 
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.0.0.101:9200","http://10.0.0.102:9200","http://10.0.0.103:9200"<