Elastic Stack学习--elasticsearch安装X-Pack

x-pack作为elasticsearch的增强组件，主要提供安全、监控等功能。elasticsearch安装x-pack组件的顺序如下图：

离线安装x-pack

    因为大多数情况下，生产环境中的服务器无法访问到外网环境，因此，使用离线安装方式；在线安装方式见参考连接；
1）下载离线安装包，并上传至服务器；（集群中每个elasticsearch节点都要执行）

注：x-pack离线安装包包含elasticsearch、logstash、kibana中所需组件，可以共用；

2）执行安装命令；（集群中每个elasticsearch节点都要执行）

bin/elasticsearch-plugin install file:///path/to/file/x-pack-6.2.2.zip

注：此处的安装包路径一定是绝对路径，直接使用压缩包安装即可，无需解压；格式类似：file://路径
安装成功后结果类似如下：

current workdir: /home/work/elasticsearch-6.2.2
-> Downloading file:///home/work/x-pack-6.2.2.zip
[=================================================] 100%??
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: plugin forks a native controller        @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.

Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-security,x-pack-deprecation,x-pack-watcher,x-pack-core,x-pack-graph,x-pack-upgrade,x-pack-ml,x-pack-monitoring,x-pack-logstash

3）重启elasticsearch；启动后可看到加载组件中包含x-pack-*;（集群中每个elasticsearch节点都要执行）

[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-core]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-deprecation]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-graph]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-logstash]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-ml]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-monitoring]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-security]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-upgrade]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService     ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-watcher]
[2018-03-13T13:29:20,046][DEBUG][o.e.a.ActionModule       ] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security

4）以交互方式为内置用户elastic, kibana, logstash_system设置密码；（集群中任意一个elasticsearch节点执行即可）

bin/x-pack/setup-passwords interactive

期间需要输入每个用户要设置的密码，输入日志如下：

Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]

注意：设置密码进需要在集群中任意一个elasticsearch节点执行完成即可，如果执行第二次，将会给出如下错误提示，如果需要更新密码，则可以通过kibana上的Management > Users进行更新：

Failed to authenticate user 'elastic' against http://10.113.130.33:8200/_xpack/security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /home/work/elasticsearch-6.2.2/config/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

参考

Setting Up User Authentication
Elasticsearch系列(三)----Elasticsearch5.5.1与插件安装