Fortytwo - Answer to the Ultimate Question of Life, the Universe, and Everything

User Tools

Site Tools

Trace:
elasticsearch-tls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
elasticsearch-tls [2020/11/07 12:18] – [Configure Kibana for TLS and User Authentication] baumielasticsearch-tls [2020/11/08 12:41] (current) baumi
Line 23: Line 23:
 Please enter the desired output file [elastic-stack-ca.zip]: Please enter the desired output file [elastic-stack-ca.zip]:
 [root@elk-test-elasticsearch elasticsearch]# unzip -d /certs/ elastic-stack-ca.zip [root@elk-test-elasticsearch elasticsearch]# unzip -d /certs/ elastic-stack-ca.zip
 +Archive:  elastic-stack-ca.zip
 +   creating: /certs/ca/
 +  inflating: /certs/ca/ca.crt
 +  inflating: /certs/ca/ca.key
  
 [root@elk-test-elasticsearch elasticsearch]# bin/elasticsearch-certutil http [root@elk-test-elasticsearch elasticsearch]# bin/elasticsearch-certutil http
Line 153: Line 157:
   - ./elasticsearch/config/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro   - ./elasticsearch/config/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
 </code> </code>
-  - Copy P12 file to correct place<code>cp certs/elasticsearch/http.p12 elasticsearch/config/elasticsearch.p12</code>+  - Copy P12 file to correct place<code> 
 +cp certs/elasticsearch/http.p12 elasticsearch/config/elasticsearch.p12 
 +$ sudo chown 1000:1000 elasticsearch/config/elasticsearch.p12 
 +$ sudo chmod 600 elasticsearch/config/elasticsearch.p12 
 +</code>
   - Update elasticsearch.yml<code>   - Update elasticsearch.yml<code>
 $ grep xpack elasticsearch/config/elasticsearch.yml $ grep xpack elasticsearch/config/elasticsearch.yml
Line 204: Line 212:
       - ./kibana/config/elasticsearch-ca.pem:/usr/share/kibana/config/elasticsearch-ca.pem:ro       - ./kibana/config/elasticsearch-ca.pem:/usr/share/kibana/config/elasticsearch-ca.pem:ro
 </code> </code>
-  - Add TLS & authentication information to kibana.yml +  - Add TLS & authentication information to kibana.yml<code> 
-  - +elasticsearch: 
 +  hosts: [ "https://elk-test-elasticsearch:9200"
 +  ssl.certificateAuthorities: [ "config/elasticsearch-ca.pem"
 +  username: "kibana_system" 
 +  password: "***" 
 +</code> 
 +  - Restart elk-stack<code> 
 +$ docker-compose up -d && docker-compose logs -f 
 +</code> 
 + 
 +===== Move username & password from Kibana Config ===== 
 + 
 +  - Create Keystore and populate with logon information<code> 
 +$ docker exec -it elk-test-kibana bash 
 +bash-4.2$ bin/kibana-keystore create 
 +Created Kibana keystore in /usr/share/kibana/config/kibana.keystore 
 +bash-4.2$ bin/kibana-keystore add elasticsearch.username 
 +Enter value for elasticsearch.username: ************* 
 +bash-4.2$ bin/kibana-keystore add elasticsearch.password 
 +Enter value for elasticsearch.password: ******************** 
 +</code> 
 +  - Copy keystore to persistent storage<code> 
 +$ docker cp elk-test-kibana:/usr/share/kibana/config/kibana.keystore /srv/elk-test/kibana/config/ 
 +</code> 
 +  - Adjust docker-compose.yml for bind mount of keystore file<code> 
 +services: 
 +  kibana: 
 +    volumes: 
 +      - ./kibana/config/kibana.keystore:/usr/share/kibana/config/kibana.keystore 
 +</code> 
 +  - Remove elasticsearch.username and elasticsearch.username from kibana.yml 
 +  - Restart kibana 
 + 
 + 
 {{tag>kb elasticsearch}} {{tag>kb elasticsearch}}
  
elasticsearch-tls.1604747919.txt.gz · Last modified: by baumi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki