반응형
[2022.04.26] How to Install ELK Stack on Ubuntu 20.04 ? (v8.x.x)
ELK 시스템 구축
* 2022-04-26 ELK (version:8.1.3)
* Ubuntu_20.04_amd64
1. Linux(Ubuntu20.04)에서 JAVA 및 vim 설치
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install openjdk-11-jdk
java -version
+ 파일 편집기
sudo apt-get install vim
sudo apt install curl
2. wget 으로 ELK 파일 가져오기
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.1.3-amd64.deb
wget https://artifacts.elastic.co/downloads/logstash/logstash-8.1.3-amd64.deb
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.1.3-amd64.deb
3. ELK 압축해제
sudo dpkg -i elasticsearch-8.1.3-amd64.deb
sudo dpkg -i logstash-8.1.3-amd64.deb
sudo dpkg -i kibana-8.1.3-amd64.deb
4. elasticsearch 디렉토리로 접근하기 위한 권한 설정 후, elasticsearch.yml 설정
sudo chown -R vmadmin:vmadmin /etc/default/elasticsearch
sudo chown -R vmadmin:vmadmin /etc/elasticsearch
sudo chown -R vmadmin:vmadmin /var/lib/elasticsearch
sudo chown -R vmadmin:vmadmin /var/log/elasticsearch✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ HTTP CA certificate SHA-256 fingerprint:
f5f623b216ef697acb95bb8cfc4100f88c8730718ed91907227997f704304e7b
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxOTIuMTY4LjIxNS43OjkyMDAiXSwiZmdyIjoiZjVmNjIzYjIxNmVmNjk3YWNiOTViYjhjZmM0MTAwZjg4Yzg3MzA3MThlZDkxOTA3MjI3OTk3ZjcwNDMwNGU3YiIsImtleSI6IjI0NVRaSUFCQ3c2NmVTUnFrNWZIOl80OUJMLUtGVEtpbmE2LTA5dEcxZkEifQ==
★★★ 30분 지나면 갱신해야함 (kibana token 발급 받는 방법) ★★★
-> root@vmadmin-virtual-machine:/usr/share/elasticsearch/bin# ./elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxOTIuMTY4LjIxNS43OjkyMDAiXSwiZmdyIjoiZjVmNjIzYjIxNmVmNjk3YWNiOTViYjhjZmM0MTAwZjg4Yzg3MzA3MThlZDkxOTA3MjI3OTk3ZjcwNDMwNGU3YiIsImtleSI6Imw0UVdaWUFCTmh4SXVteExLaVlUOkNRNkptQkFNVF9XVWdDRi1xaVRKOVEifQ==
ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
* elasticsearch 실행
/usr/share/elasticsearch/bin$ ./elasticsearch
5. 접근 권한 및 kibana.yml 수정
sudo mkdir /usr/share/kibana/config
sudo mkdir /usr/share/kibana/data
sudo chown -R vmadmin:vmadmin /etc/kibana
sudo cp /etc/kibana/kibana.yml /usr/share/kibana/config/kibana.yml
sudo chown -R vmadmin:vmadmin /run/kibana/
sudo chown -R vmadmin:vmadmin /var/log/kibana/
sudo chown -R vmadmin:vmadmin /usr/share/kibana/data/
6. kibana 접속
a. elastic 비밀번호 재설정(reset)
vmadmin@vmadmin-virtual-machine:/usr/share/elasticsearch/bin$ ./elasticsearch-reset-password -u elastic
Password for the [elastic] user successfully reset.
New value: QQo3yeX9JFdZKWwOCQEK
kibana 접속
http://0.0.0.0:5601/login?next=%2F
kibana
id : elastic
pwd : QQo3yeX9JFdZKWwOCQEK
+ curl elastic 확인 하기 위해선 /etc/elasticsearch/elasticsearch.yml 와 kibana.yml 수정
[elasticsearch.yml]
network.host: 0.0.0.0
http.port: 9200
[kibana.yml]
server.host: "localhost"
http.port: 5601
# This section was automatically generated during setup.
elasticsearch.hosts: ['https://localhost:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NTA5NjM0MjE3NDY6Wm5mSzByOU9RNlc3dU9ESzNJTnNpQQ
elasticsearch.ssl.certificateAuthorities: [/usr/share/kibana/data/ca_1650963422697.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://localhost:9200'], ca_trusted_fingerprint: f5f623b216ef697acb95bb8cfc4100f88c8730718ed91907227997f704304e7b}]
* 여기서 [elasticsearch.hosts] 와 [hosts] 를 ['https://localhost:9200'] 로 변경
# 방화벽 활성화
vmadmin@vmadmin-virtual-machine:/etc/elasticsearch$ sudo ufw enable
Firewall is active and enabled on system startup
# 포트 열기
vmadmin@vmadmin-virtual-machine:/etc/elasticsearch$ sudo ufw allow 9200
vmadmin@vmadmin-virtual-machine:/etc/elasticsearch$ sudo ufw allow 5601
# 포트 상태 보기
vmadmin@vmadmin-virtual-machine:/etc/elasticsearch$ sudo ufw status
Status: active
To Action From
-- ------ ----
9200 ALLOW Anywhere
5601 ALLOW Anywhere
9200 (v6) ALLOW Anywhere (v6)
5601 (v6) ALLOW Anywhere (v6)
elastic curl 확인
vmadmin@vmadmin-virtual-machine:/etc/elasticsearch$ curl -u elastic:QQo3yeX9JFdZKWwOCQEK https://localhost:9200 -k
{
"name" : "vmadmin-virtual-machine",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "LrGM8C2bRYmFz33YG_cNtw",
"version" : {
"number" : "8.1.3",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "39afaa3c0fe7db4869a161985e240bd7182d7a07",
"build_date" : "2022-04-19T08:13:25.444693396Z",
"build_snapshot" : false,
"lucene_version" : "9.0.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
(최종) elasticsearch.yml
======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["vmadmin-virtual-machine"]
http.host: [_local_, _site_]
(최종) kibana.yml
# =================== System: Kibana Server ===================
server.port: 5601
server.host: "localhost"
# =================== System: Elasticsearch ===================
#elasticsearch.username: ""
#elasticsearch.password: ""
# =================== System: Other ===================
# Specifies the path where Kibana creates the process ID file.
pid.file: /run/kibana/kibana.pid
# =================== Search Autocomplete ===================
# This section was automatically generated during setup.
elasticsearch.hosts: ['https://localhost:9200']
# 아래 것은 자동으로 .crt 적용됨
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NTA5NjM0MjE3NDY6Wm5mSzByOU9RNlc3dU9ESzNJTnNpQQ
elasticsearch.ssl.certificateAuthorities: [/usr/share/kibana/data/ca_1650963422697.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://localhost:9200'], ca_trusted_fingerprint: f5f623b216ef697acb95bb8cfc4100f88c8730718ed91907227997f704304e7b}]
반응형
댓글