elasticsearch|大数据|kibana的安装(https+密码)

本文涉及的产品
检索分析服务 Elasticsearch 版,2核4GB开发者规格 1个月
云解析 DNS,旗舰版 1个月
云原生大数据计算服务MaxCompute,500CU*H 100GB 3个月
简介: elasticsearch|大数据|kibana的安装(https+密码)

前言:

kibana是比较好安装的,但https+密码就比较麻烦一些了,下面将就如何安装一个可在生产使用的kibana做一个简单的讲述

一,

kibana版本和下载地址

这里我想还是强调一下,kibana的版本需要和elasticsearch的版本一致,小版本都不能差,否则,kibana将不能正确连接到elasticsearch

本例我使用的是elasticsearch-6.3.2版本,因此,下载的kibana版本也是6.3.2

官方下载地址:

Kibana 6.3.2 | Elastic

两个版本二进制和rpm基本没有什么区别,想折腾点就二进制了,不想太麻烦rpm即可,看自己的需求啦。

不过要吐槽一下,官网下载比较慢,即使科学上网仍然很慢,因此,是需要一点耐心了

下载完毕后,没什么好说的,扔到服务器上就可以了

二,

elasticsearch的证书

kibana是安装在192.168.123.15上面的(kibana是node项目,可以安装在任意的服务器上,不需要配置node环境

elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理-CSDN博客这个是elasticsearch集群的https开启,部署的时候没有添加192.168.123.15,因此,重新生成证书:

[root@node4 ~]# cat instances.yml 
instances:
  - name: "node-1"
    dns: ['192.168.123.11']
  - name: "node-2"
    dns: ['192.168.123.12']
  - name: "node-3"
    dns: ['192.168.123.13']    
  - name: 'node-4'
    dns: ['192.168.123.14']
  - name: 'node-5'
    dns: ['192.168.123.15']

执行以下命令生成证书包:

###注:生成的证书格式是pem的,可以直接使用,无需任何转换(哪个服务器都可以,随便找个服务器就可以了)

/data/es/bin/x-pack/certutil cert ca --pem --in instances.yml --out /root/certs.zip
解压上面在root根目录下生成的证书包

在15服务器上,证书放置在此目录下/opt/kibana/(kibana整个也是放置在opt目录下的,二进制方式部署):

[root@centos5 kibana]# ls -al ca.crt node-5.crt node-5.key 
-rw-r--r-- 1 root root 1200 Dec 15 23:07 ca.crt
-rw-r--r-- 1 root root 1180 Dec 15 23:07 node-5.crt
-rw-r--r-- 1 root root 1679 Dec 15 23:07 node-5.key

证书重新分发到elasticsearch集群,然后重启elasticsearch集群

kibana的配置文件:

####注意,密码必须双引号包裹,否则kibana识别不了,会报错,其次是elasticsearch.url 的值是elasticsearch集群的任意一个节点URL就可以了,不需要全部节点都列出

####elasticsearch.ssl.verificationMode: certificate 和elasticsearch的设置一致

[root@centos5 kibana]# cat config/kibana.yml 
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 15666
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: 192.168.123.15
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name.  This is used for display purposes.
server.name: mykibana
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: https://192.168.123.11:19200
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: elastic
elasticsearch.password: "123456"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /opt/kibana/node-5.crt
server.ssl.key: /opt/kibana/node-5.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ "/opt/kibana/ca.crt" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: certificate
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
logging.dest: /var/log/kibana/kibana.log
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# The default locale. This locale can be used in certain circumstances to substitute any missing
# translations.
i18n.defaultLocale: "zh-CN"

根据配置文件,创建目录(kibana.log文件会自动生成)

mkdir /var/log/kibana

三,

启动kibana

/opt/kibana/bin/kibana

此时是前台启动,直接看日志:

###提示kibana的版本是6.3.2,但elasticsearch的版本是6.2.4版本,

[root@centos5 kibana]# tail -n 10  /var/log/kibana/kibana.log 
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:searchprofiler@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:ml@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:tilemap@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:watcher@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:index_management@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:graph@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:security@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:grokdebugger@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:logstash@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}
{"type":"log","@timestamp":"2023-12-15T23:48:48Z","tags":["status","plugin:reporting@6.3.2","info"],"pid":1572,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"This version of Kibana requires Elasticsearch v6.3.2 on all nodes. I found the following incompatible nodes in your cluster: v6.2.4 @ 192.168.123.14:19200 (192.168.123.14), v6.2.4 @ 192.168.123.13:19200 (192.168.123.13), v6.2.4 @ 192.168.123.12:19200 (192.168.123.12), v6.2.4 @ 192.168.123.11:19200 (192.168.123.11)"}

kibana的启动脚本:

cat >/etc/systemd/system/kibana.service <<EOF
[Unit]
Description=Kibana
[Service]
Type=simple
User=kibana
Group=kibana
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/kibana
EnvironmentFile=-/etc/sysconfig/kibana
ExecStart=/opt/kibana/bin/kibana "-c /opt/kibana/config/kibana.yml"
Restart=always
WorkingDirectory=/
[Install]
WantedBy=multi-user.target
EOF

###按实际的kibana存放路径和kibana.yml 文件路径填写,这里出于安全考虑使用的是kibana这个普通用户,因此,需要创建该普通用户,并将kibana和kibana日志给予普通用户kibana的权限

[root@centos5 ~]# useradd kibana
[root@centos5 ~]# chown -Rf kibana. /opt/kibana/
[root@centos5 ~]# chown -Rf kibana. /var/log/kibana/
[root@centos5 ~]# systemctl enable kibana
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
[root@centos5 ~]# systemctl restart kibana
[root@centos5 ~]# systemctl status kibana
● kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2023-12-16 12:08:47 CST; 5s ago
 Main PID: 2191 (node)
   CGroup: /system.slice/kibana.service
           └─2191 /opt/kibana/bin/../node/bin/node --no-warnings /opt/kibana/bin/../src/cli -c /opt/kibana/config/kibana.yml
Dec 16 12:08:47 centos5 systemd[1]: Started Kibana.

浏览器输入:https://192.168.123.15:15666

登录界面输入账号elastic,密码123456

报错,kibana版本和elasticsearch版本不匹配

 

解决方案为升级或者迁移elasticsearch集群到6.3.2版本,这里就展开说了,篇幅太长了。

目录
相关文章
|
2月前
|
自然语言处理 大数据 应用服务中间件
大数据-172 Elasticsearch 索引操作 与 IK 分词器 自定义停用词 Nginx 服务
大数据-172 Elasticsearch 索引操作 与 IK 分词器 自定义停用词 Nginx 服务
77 5
|
2月前
|
存储 分布式计算 大数据
大数据-169 Elasticsearch 索引使用 与 架构概念 增删改查
大数据-169 Elasticsearch 索引使用 与 架构概念 增删改查
70 3
|
4月前
|
SQL JSON 大数据
ElasticSearch的简单介绍与使用【进阶检索】 实时搜索 | 分布式搜索 | 全文搜索 | 大数据处理 | 搜索过滤 | 搜索排序
这篇文章是Elasticsearch的进阶使用指南,涵盖了Search API的两种检索方式、Query DSL的基本语法和多种查询示例,包括全文检索、短语匹配、多字段匹配、复合查询、结果过滤、聚合操作以及Mapping的概念和操作,还讨论了Elasticsearch 7.x和8.x版本中type概念的变更和数据迁移的方法。
ElasticSearch的简单介绍与使用【进阶检索】 实时搜索 | 分布式搜索 | 全文搜索 | 大数据处理 | 搜索过滤 | 搜索排序
|
6天前
|
存储 负载均衡 监控
揭秘 Elasticsearch 集群架构,解锁大数据处理神器
Elasticsearch 是一个强大的分布式搜索和分析引擎,广泛应用于大数据处理、实时搜索和分析。本文深入探讨了 Elasticsearch 集群的架构和特性,包括高可用性和负载均衡,以及主节点、数据节点、协调节点和 Ingest 节点的角色和功能。
19 0
|
2月前
|
SQL 分布式计算 NoSQL
大数据-170 Elasticsearch 云服务器三节点集群搭建 测试运行
大数据-170 Elasticsearch 云服务器三节点集群搭建 测试运行
58 4
|
2月前
|
存储 JSON 监控
大数据-167 ELK Elasticsearch 详细介绍 特点 分片 查询
大数据-167 ELK Elasticsearch 详细介绍 特点 分片 查询
61 4
|
2月前
|
运维 监控 数据可视化
大数据-171 Elasticsearch ES-Head 与 Kibana 配置 使用 测试
大数据-171 Elasticsearch ES-Head 与 Kibana 配置 使用 测试
86 1
|
2月前
|
SQL 分布式计算 大数据
大数据-168 Elasticsearch 单机云服务器部署运行 详细流程
大数据-168 Elasticsearch 单机云服务器部署运行 详细流程
64 2
|
4月前
|
安全 Nacos 数据安全/隐私保护
【技术干货】破解Nacos安全隐患:连接用户名与密码明文传输!掌握HTTPS、JWT与OAuth2.0加密秘籍,打造坚不可摧的微服务注册与配置中心!从原理到实践,全方位解析如何构建安全防护体系,让您从此告别数据泄露风险!
【8月更文挑战第15天】Nacos是一款广受好评的微服务注册与配置中心,但其连接用户名和密码的明文传输成为安全隐患。本文探讨加密策略提升安全性。首先介绍明文传输风险,随后对比三种加密方案:HTTPS简化数据保护;JWT令牌减少凭证传输,适配分布式环境;OAuth2.0增强安全,支持多授权模式。每种方案各有千秋,开发者需根据具体需求选择最佳实践,确保服务安全稳定运行。
426 0
|
5月前
|
机器学习/深度学习 人工智能 文字识别
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org