728x90
elasticsearch, kibana 설치
elasticsearch 삭제
apt --purge autoremove -y elasticsearch
rm -rf /etc/elasticsearch /var/lib/elasticsearch
elasticsearch 설치
apt install -y elasticsearch
$ apt install -y elasticsearch
...
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : nlF7GuNl4x29UBAfCezQ
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
systemctl status elasticsearch.service
elasticsearch.yml 편집
vim /etc/elasticsearch/elasticsearch.yml
$ vim /etc/elasticsearch/elasticsearch.yml
cluster.name: elasticsearch
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["uk-221"]
http.host: 0.0.0.0
#discovery.type=single-node
jvm.options 편집
vim /etc/elasticsearch/jvm.options
$ vim /etc/elasticsearch/jvm.options
-XX:+UseG1GC
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/lib/elasticsearch
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
systemctl status elasticsearch.service
curl -Ss --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .
curl -Ssk -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .
$ curl -Ssk -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .
{
"name": "node-1",
"cluster_name": "elasticsearch",
"cluster_uuid": "JLHxrhzWT2isDki6TGqmjQ",
"version": {
"number": "8.2.1",
"build_flavor": "default",
"build_type": "deb",
"build_hash": "db223507a0bd08f8e84a93e329764cc39b0043b9",
"build_date": "2022-05-19T16:34:08.043347449Z",
"build_snapshot": false,
"lucene_version": "9.1.0",
"minimum_wire_compatibility_version": "7.17.0",
"minimum_index_compatibility_version": "7.0.0"
},
"tagline": "You Know, for Search"
}
728x90
kibana 삭제
apt --purge autoremove -y kibana
rm -rf /etc/kibana /var/lib/kibana
kibana 설치
/usr/share/kibana/bin/kibana-encryption-keys generate
$ /usr/share/kibana/bin/kibana-encryption-keys generate
## Kibana Encryption Key Generation Utility
The 'generate' command guides you through the process of setting encryption keys for:
xpack.encryptedSavedObjects.encryptionKey
Used to encrypt stored objects such as dashboards and visualizations
https://www.elastic.co/guide/en/kibana/current/xpack-security-secure-saved-objects.html#xpack-security-secure-saved-objects
xpack.reporting.encryptionKey
Used to encrypt saved reports
https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html#general-reporting-settings
xpack.security.encryptionKey
Used to encrypt session information
https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings
Already defined settings are ignored and can be regenerated using the --force flag. Check the documentation links for instructions on how to rotate encryption keys.
Definitions should be set in the kibana.yml used configure Kibana.
Settings:
xpack.encryptedSavedObjects.encryptionKey: f03de5bd3fadd5bced83d765be6eeb37
xpack.reporting.encryptionKey: c5fd7cab40d539150aa0c8f318697b9a
xpack.security.encryptionKey: f6f241465315670003a5c752ecee5244
$ echo -e "xpack.encryptedSavedObjects.encryptionKey: f03de5bd3fadd5bced83d765be6eeb37
xpack.reporting.encryptionKey: c5fd7cab40d539150aa0c8f318697b9a
xpack.security.encryptionKey: f6f241465315670003a5c752ecee5244" >> /etc/kibana/kibana.yml
웹 브라우저 접근
http://localhost:5601/?code=917177
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url "https://localhost:9200"
/usr/share/kibana/bin/kibana-verification-code
-----
systemd configuration 편집(elasticsearch.service)
- LimitMEMLOCK=infinity 추가
vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
$ vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
[Service]
...
LimitMEMLOCK=infinity
systemctl daemon-reload && systemctl restart elasticsearch
728x90
'리눅스' 카테고리의 다른 글
Elasticsearch와 Kibana를 Docker를 사용하여 single-node로 실행하는 방법 (0) | 2022.05.26 |
---|---|
Elasticsearch 클러스터와 Kibana를 Docker를 사용하여 실행하는 방법(elasticsearch cluster) (0) | 2022.05.26 |
Ubuntu에서 motd 메시지를 비활성화하는 방법(.hushlogin) (0) | 2022.05.22 |
우분투에서 Laravel을 설치하는 방법 (1) | 2022.05.21 |
bind bad owner name (check-names) (0) | 2022.05.20 |