x-pack作为elasticsearch的增强组件,主要提供安全、监控等功能。elasticsearch安装x-pack组件的顺序如下图:
离线安装x-pack
因为大多数情况下,生产环境中的服务器无法访问到外网环境,因此,使用离线安装方式;在线安装方式见参考连接;
1)下载离线安装包,并上传至服务器;(集群中每个elasticsearch节点都要执行)
注:x-pack离线安装包包含elasticsearch、logstash、kibana中所需组件,可以共用;
2)执行安装命令;(集群中每个elasticsearch节点都要执行)
bin/elasticsearch-plugin install file:///path/to/file/x-pack-6.2.2.zip注:此处的安装包路径一定是绝对路径,直接使用压缩包安装即可,无需解压;格式类似:file://路径
安装成功后结果类似如下:
current workdir: /home/work/elasticsearch-6.2.2
-> Downloading file:///home/work/x-pack-6.2.2.zip
[=================================================] 100%??
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin forks a native controller @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.
Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-security,x-pack-deprecation,x-pack-watcher,x-pack-core,x-pack-graph,x-pack-upgrade,x-pack-ml,x-pack-monitoring,x-pack-logstash3)重启elasticsearch;启动后可看到加载组件中包含x-pack-*;(集群中每个elasticsearch节点都要执行)
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-core]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-deprecation]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-graph]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-logstash]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-ml]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-monitoring]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-security]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-upgrade]
[2018-03-13T13:29:15,122][INFO ][o.e.p.PluginsService ] [gzhxy-matrix-001.gzhxy.baidu.com] loaded plugin [x-pack-watcher]
[2018-03-13T13:29:20,046][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security4)以交互方式为内置用户elastic, kibana, logstash_system设置密码;(集群中任意一个elasticsearch节点执行即可)
bin/x-pack/setup-passwords interactive期间需要输入每个用户要设置的密码,输入日志如下:
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]注意:设置密码进需要在集群中任意一个elasticsearch节点执行完成即可,如果执行第二次,将会给出如下错误提示,如果需要更新密码,则可以通过kibana上的Management > Users进行更新:
Failed to authenticate user 'elastic' against http://10.113.130.33:8200/_xpack/security/_authenticate?pretty
Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
This tool used the keystore at /home/work/elasticsearch-6.2.2/config/elasticsearch.keystore
ERROR: Failed to verify bootstrap password参考
Installing X-Pack in Elasticsearch
Setting Up User Authentication
Elasticsearch系列(三)----Elasticsearch5.5.1与插件安装
