Elastic Stack 7.3 集群部署与 X-Pack 破解
说明
Elastic Stack 指的是 Elasticsearch / kibana 的组合拳
本文涉及的内容是 Elasticsearch 集群部署、X-pack 破解、kibana 部署
废话少说,直接上干货
环境规划
- 操作系统: CentOS Linux release 7.6.1810 (Core)
- JVM 版本: OpenJDK Runtime Environment (build 12.0.1+12)
ES压缩包自带
- 节点规划:
- node1: 192.168.21.31 ( master / data / ingest )开启所有角色
- node2: 192.168.21.32 ( master / data / ingest )开启所有角色
- 运行用户: elasticsearch
- 目录规划:
路径 作用 程序家目录 /data/sa/elasticsearch-7.3.0 配置文件及证书 /data/sa/elasticsearch-7.3.0/config 数据目录 /data/sadata/es7/data 日志目录 /data/sadata/es7/logs - 端口规划:
端口 作用 9200 Elasticsearc 对外服务端口 9300 Elasticsearc 对外服务端口集群通信端口 5601 kibana 对外服务端口
基础环境准备
在所有节点都进行下述操作
创建程序用户
useradd -c "ElasticSearch Application User" -d /data/sadata/es7 -M -s /sbin/nologin elasticsearch
创建目录
mkdir -p /data/sa/
mkdir -p /data/sadata/es7/{data,logs}
chown elasticsearch. /data/sa/ -R
chown elasticsearch. /data/sadata/ -R
配置内核参数
Elasticsearch 对各种文件混合使用了 NioFs( 注:非阻塞文件系统)和 MMapFs ( 注:内存映射文件系统)。请确保你配置的最大映射数量,以便有足够的虚拟内存可用于 mmapped 文件。这可以暂时设置:
echo "vm.max_map_count = 262144" >> /etc/sysctl.conf
sysctl -p
配置文件限制参数
vim /etc/security/limits.conf
# 追加如下配置
elasticsearch soft nofile 65536
elasticsearch hard nofile 65536
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
处理 ES 程序包
下载 Elasticsearch
上面提到 X-Pack 自 6.4.2 版本后已经内置到 elasticsearch 中,因此我们需要下载 elasticsearch 最新版(本文最新版是 7.3.0)注意,本文采用linux方式(非RPM)部署,因此需下载 tag.gz 的压缩包。
# 下载elasticsearch.tar.gz
cd /data/sa
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.0-linux-x86_64.tar.gz
# 解压缩elasticsearch.tar.gz
tar xzvf elasticsearch-7.3.0-linux-x86_64.tar.gz
下载完成并且解压后,我们可以查看自带 x-pack 的模版, 把需要处理的 x-pack-core 先拷贝到临时目录
cd /data/sa/elasticsearch-7.3.0
ls modules/x-pack-core | grep x-pack
# x-pack-core-7.3.0.jar
mkdir /data/sa/tmp/
cp modules/x-pack-core/x-pack-core-7.3.0.jar /data/sa/tmp/
# 下载到本地磁盘,准备反编译
sz /data/sa/elasticsearch-7.3.0/modules/x-pack-core/x-pack-core-7.3.0.jar
准备反编译工具
破解 x-pack 需要反编译工具 Luyten,下载 Luyten.exe windows 版本
运行,并将 x-pack-core-7.3.0.jar 文件拖进去,即可展开 jar 包的源代码了。
修改 X-Pack 源码文件
在 Luyten 工具中我们需要把 2 个文件拷贝出来,再使用文本编辑器进行修改。
- org.elasticsearch.license.LicenseVerifier
- org.elasticsearch.xpack.core.XPackBuild
修改 LicenseVerifier.java
LicenseVerifier
中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回 true.
/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.license;
import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
/*
byte[] signedContent = null;
byte[] publicKeyFingerprint = null;
try {
final byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
final ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
final int version = byteBuffer.getInt();
final int magicLen = byteBuffer.getInt();
final byte[] magic = new byte[magicLen];
byteBuffer.get(magic);
final int hashLen = byteBuffer.getInt();
publicKeyFingerprint = new byte[hashLen];
byteBuffer.get(publicKeyFingerprint);
final int signedContentLen = byteBuffer.getInt();
signedContent = new byte[signedContentLen];
byteBuffer.get(signedContent);
final XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
license.toXContent(contentBuilder, (ToXContent.Params)new ToXContent.MapParams((Map)Collections.singletonMap("license_spec_view", "true")));
final Signature rsa = Signature.getInstance("SHA512withRSA");
rsa.initVerify(CryptUtils.readPublicKey(publicKeyData));
final BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
BytesRef ref;
while ((ref = iterator.next()) != null) {
rsa.update(ref.bytes, ref.offset, ref.length);
}
return rsa.verify(signedContent);
}
catch (IOException ex) {}
catch (NoSuchAlgorithmException ex2) {}
catch (SignatureException ex3) {}
catch (InvalidKeyException e) {
throw new IllegalStateException(e);
}
finally {
if (signedContent != null) {
Arrays.fill(signedContent, (byte)0);
}
}
*/
return true;
}
public static boolean verifyLicense(final License license) {
/*
byte[] publicKeyBytes;
try {
final InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key");
try {
final ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, (OutputStream)out);
publicKeyBytes = out.toByteArray();
if (is != null) {
is.close();
}
}
catch (Throwable t) {
if (is != null) {
try {
is.close();
}
catch (Throwable t2) {
t.addSuppressed(t2);
}
}
throw t;
}
}
catch (IOException ex) {
throw new IllegalStateException(ex);
}
return verifyLicense(license, publicKeyBytes);
*/
return true;
}
}
修改 XPackBuild.java
XPackBuild
中最后一个静态代码块中 try 的部分全部删除,这部分会验证 jar 包是否被修改.
/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0109: {
/*
if (path.toString().endsWith(".jar")) {
try {
final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
try {
final Manifest manifest = jar.getManifest();
shortHash = manifest.getMainAttributes().getValue("Change");
date = manifest.getMainAttributes().getValue("Build-Date");
jar.close();
}
catch (Throwable t) {
try {
jar.close();
}
catch (Throwable t2) {
t.addSuppressed(t2);
}
throw t;
}
break Label_0109;
}
catch (IOException e) {
throw new RuntimeException(e);
}
}
*/
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
生成.class 文件
mkdir /data/sa/tmp
cd /data/sa/tmp
# 上传编译后的文件到 /data/sa/tmp
ls *.java
# LicenseVerifier.java XPackBuild.java
# 编译LicenseVerifier.java
/data/sa/elasticsearch-7.3.0/jdk/bin/javac -cp "/data/sa/elasticsearch-7.3.0/lib/elasticsearch-7.3.0.jar:/data/sa/elasticsearch-7.3.0/lib/lucene-core-8.1.0.jar:/data/sa/elasticsearch-7.3.0/modules/x-pack-core/x-pack-core-7.3.0.jar:/data/sa/elasticsearch-7.3.0/modules/x-pack-core/netty-common-4.1.36.Final.jar:/data/sa/elasticsearch-7.3.0/lib/elasticsearch-core-7.3.0.jar" /data/sa/tmp/LicenseVerifier.java
# 编译XPackBuild.java
/data/sa/elasticsearch-7.3.0/jdk/bin/javac -cp "/data/sa/elasticsearch-7.3.0/lib/elasticsearch-7.3.0.jar:/data/sa/elasticsearch-7.3.0/lib/lucene-core-8.1.0.jar:/data/sa/elasticsearch-7.3.0/modules/x-pack-core/x-pack-core-7.3.0.jar:/data/sa/elasticsearch-7.3.0/modules/x-pack-core/netty-common-4.1.36.Final.jar:/data/sa/elasticsearch-7.3.0/lib/elasticsearch-core-7.3.0.jar" /data/sa/tmp/XPackBuild.java
# 查看编译后的文件
ls /data/sa/tmp | grep .class
# LicenseVerifier.class
# XPackBuild.class
替换 LicenseVerifier.class 和 XPackBuild.class
# 创建临时目录
mkdir -p /data/sa/tmp/x-pack/
# 解压x-pack-core-7.3.0.jar
cd /data/sa/tmp/x-pack/
cp /data/sa/elasticsearch-7.3.0/modules/x-pack-core/x-pack-core-7.3.0.jar /data/sa/tmp/x-pack/
/data/sa/elasticsearch-7.3.0/jdk/bin/jar -xvf x-pack-core-7.3.0.jar
# 替换.class文件
cp /data/sa/tmp/XPackBuild.class /data/sa/tmp/x-pack/org/elasticsearch/xpack/core/
cp /data/sa/tmp/LicenseVerifier.class /data/sa/tmp/x-pack/org/elasticsearch/license/
打包新 x-pack-core-7.3.0.jar 文件
cd /data/sa/tmp/x-pack/
# 删除临时拷贝过来的源文件
rm -rf x-pack-core-7.3.0.jar
/data/sa/elasticsearch-7.3.0/jdk/bin/jar cvf x-pack-core-7.3.0.jar .
# 至此新生成一个x-pack-core-7.3.0.jar文件。也就是破解后的文件。
cp /data/sa/tmp/x-pack/x-pack-core-7.3.0.jar /data/sa/elasticsearch-7.3.0/modules/x-pack-core/
# 完成文件替换后临时目录可以删除了
rm -rf /data/sa/tmp/x-pack
至此 elasticsearch程序包已经处理好
启动 ElasticSearch 集群
生成 keystore
密码等敏感信息 ES 是用一个专门的 keystore 存放的, 需要预先创建这个 keystore,命令如下
cd /data/sa/elasticsearch-7.3.0
bin/elasticsearch-keystore create
生成 TSL/SSL 证书
注意,生成证书之后要把证书 *.p12 移动到配置目录,否则会启动报错
cd /data/sa/elasticsearch-7.3.0/
/data/sa/elasticsearch-7.3.0/bin/elasticsearch-certutil ca
/data/sa/elasticsearch-7.3.0/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
ll
# 看到生成了2个.p12证书
# 配置证书权限
chmod 400 *.p12
chown elasticsearch. *.p12
# 把证书移动到配置目录
mv *.p12 config/
主配置文件elasticsearch.yml
vim /data/sa/elasticsearch-7.3.0/config/elasticsearch.yml
# 所有节点 集群名字cluster.name要统一
cluster.name: es7-release
node.name: ${HOSTNAME}
# 开启所有角色,生产环境请根据实际分配
node.master: true
node.data: true
node.ingest: true
# 通信端口与对外服务端口
http.port: 9200
transport.tcp.port: 9300
# 数据及日志目录
path.data: /data/sadata/es7/data
path.logs: /data/sadata/es7/logs
network.host: 0.0.0.0
#使用文件方式配置节点,方便扩展
discovery.zen.hosts_provider: file
# 防止分片路由到相同节点
cluster.routing.allocation.same_shard.host: true
# 指定初始化的master,7.0新的配置,必填不然会报错
cluster.initial_master_nodes: ["192.168.21.31", "192.168.21.32"]
# 指定那些节点可以成为master
discovery.seed_hosts: ["192.168.21.31", "192.168.21.32"]
# 启用xpack 指定SSL证书
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/sa/elasticsearch-7.3.0/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/sa/elasticsearch-7.3.0/config/elastic-certificates.p12
节点发现文件unicast_hosts.txt
每当对 unicast_hosts.txt 文件进行更改时,Elasticsearch 都会选择新的更改,并使用新的主机列表。以便种子节点列表可以动态更改,而无需重新启动每个节点。
vim unicast_hosts.txt
#把所有的节点加进来,格式为 node:port
192.168.21.31:9300
192.168.21.32:9300
内存配置文件jvm.options
vim /data/sa/elasticsearch-7.3.0/config/jvm.options
# 修改jvm参数。根据机器实际情况修改,这里修改为4g
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms4g
-Xmx4g
配置 Systemd 启动脚本elasticsearch.service
使用 CentOS 的服务守护进程 systemd 启动 ES
/usr/lib/systemd/system/elasticsearch.service
追加如下配置
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
RuntimeDirectory=elasticsearch
PrivateTmp=true
Environment=ES_HOME=/data/sa/elasticsearch-7.3.0
Environment=JAVA_HOME=/data/sa/elasticsearch-7.3.0/jdk
Environment=ES_PATH_CONF=/data/sa/elasticsearch-7.3.0/config
Environment=PID_DIR=/data/sadata/es7/logs
WorkingDirectory=/data/sa/elasticsearch-7.3.0
User=elasticsearch
Group=elasticsearch
ExecStart=/data/sa/elasticsearch-7.3.0/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535
# Specifies the maximum number of processes
LimitNPROC=4096
# Specifies the maximum size of virtual memory
LimitAS=infinity
# Specifies the maximum file size
LimitFSIZE=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no
# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
启动 ElasticSearch
# 确保权限没问题
chown elasticsearch. /data/sa/ -R
chown elasticsearch. /data/sadata/ -R
# 启动
systemctl daemon-reload
systemctl start elasticsearch
# 查看状态
systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2019-08-19 14:21:37 CST; 24h ago
Docs: http://www.elastic.co
Main PID: 14219 (java)
CGroup: /system.slice/elasticsearch.service
├─14219 /data/sa/elasticsearch-7.3.0/jdk/bin/java -Xms4g -Xmx4g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networ...
└─14313 /data/sa/elasticsearch-7.3.0/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Aug 19 14:21:37 release-elk-s1 systemd[1]: Started Elasticsearch.
Aug 19 14:21:39 release-elk-s1 elasticsearch[14219]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in...re release.
Hint: Some lines were ellipsized, use -l to show in full.
把 ES 程序及配置同步到其他节点
# 同步ES程序及配置
rsync -avzR /data/sa/elasticsearch* 192.168.21.32:/
# 同步启动脚本
rsync -avzR /usr/lib/systemd/system/elasticsearch.service 192.168.21.32:/
到节点 2 上面启动 ES
systemctl daemon-reload
systemctl start elasticsearch
至此,ES集群启动完毕
设置密码
# 生产建议用auto,生成随机密码,更多帮助 请使用--help参数
./bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Changed password for user apm_system
PASSWORD apm_system = 24UtJKbNI1UqHUQkKPZY
Changed password for user kibana
PASSWORD kibana = 8SSZMisIY0NZFMCS6wv9
Changed password for user logstash_system
PASSWORD logstash_system = rFhWkYzayIUZVl8VIunJ
Changed password for user beats_system
PASSWORD beats_system = U1B4O5SKrSEatqDQRsQz
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = zdpj7HqO02yRXZR9Bwa2
Changed password for user elastic
PASSWORD elastic = tWbWZc7NE3wYqS6DvSu4
# 查看ES信息,看到 You Know, for Search 即可
curl -u elastic:tWbWZc7NE3wYqS6DvSu4 localhost:9200/
{
"name" : "release-elk-s1",
"cluster_name" : "es7-release",
"cluster_uuid" : "cfS_xu_4Qnaxhn8fCkiA4A",
"version" : {
"number" : "7.3.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "de777fa",
"build_date" : "2019-07-24T18:30:11.767338Z",
"build_snapshot" : false,
"lucene_version" : "8.1.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
导入许可证
申请 license
完成以上步骤后,我们还需要去 elastic 官网申请一个 license, License 申请地址。
申请完成后,下载下来的 License 格式为 json 格式。并将该 License 的type
、expiry_date_in_millis
、max_nodes
分别修改成platinum
、2497795199999
、1000
。如下:
{
"license": {
"uid": "78ce47fd-761f-4fb6-a382-e2a977d8f602",
"type": "platinum",
"issue_date_in_millis": 1566086400000,
"expiry_date_in_millis": 2497795199999,
"max_nodes": 1000,
"issued_to": "jan lam (pp)",
"issuer": "Web Form",
"signature": "AAAAAwAAAA1qOcebYjS8+ZHeKEs5AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCcMOHHtBt4PdAoybz1A32J++LTFvMri0Aw9VOzbuKFQ4tbjMpX++nNsMNEA60WnRoBPB+vRECK6MFiaRZa195hBO3GB8DPUbCm6V297BSX1EnlcAfl6hzlUS2qgMLnWf54afh+YGhGrkkTPdLBzmuWguGRVnCu0k03StBYXLKKIPeLIxdIPv5vjKk157gkV12esng+b6IbihQG9lzmcpoFMh+MmK1OP5JQPBRRL/Jkz91a3cipDRfQmj6CZddCmE6rpViXou5q5t8JczDn7p3/FE+ADdOR6L41vaQ0nCuN14eN8lwqdcE+FPoeJkou5llGH+linqwuA8sGszwr2UOa",
"start_date_in_millis": 1566086400000
}
}
我们将过期时间写到 2050 年,type 改为 platinum 白金版,这样我们就会拥有全部的 x-pack 功能。
加载 License 到 elasticsearch
# 查看现在的许可
curl -u elastic:tWbWZc7NE3wYqS6DvSu4 'http://localhost:9200/_license'
{
"license" : {
"status" : "active",
"uid" : "08ac3b91-4222-44f1-a4c7-64d175b75f22",
"type" : "basic",
"issue_date" : "2019-08-19T06:22:11.529Z",
"issue_date_in_millis" : 1566195731529,
"max_nodes" : 1000,
"issued_to" : "es7-release",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
# 可以看到现在是 base版本
cd /data/sa
# 上传修改后的许可证到 /data/sa/license.json
curl -XPUT -u elastic:tWbWZc7NE3wYqS6DvSu4 'http://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
# 得到如下提示即表示导入成功
{"acknowledged":true,"license_status":"valid"}
# 再查看许可证
curl -u elastic:tWbWZc7NE3wYqS6DvSu4 'http://localhost:9200/_license'
{
"license" : {
"status" : "active",
"uid" : "78ce47fd-761f-4fb6-a382-e2a977d8f602",
"type" : "platinum",
"issue_date" : "2019-08-18T00:00:00.000Z",
"issue_date_in_millis" : 1566086400000,
"expiry_date" : "2049-02-24T15:59:59.999Z",
"expiry_date_in_millis" : 2497795199999,
"max_nodes" : 1000,
"issued_to" : "jan lam (pp)",
"issuer" : "Web Form",
"start_date_in_millis" : 1566086400000
}
}
# 可以看到变为白金版,到期时间为2049-02-24,破解成功了!
安装配置 kibana
下载并安装 Kibana
这里避免麻烦,使用rpm安装就可以了
cd /data/sa
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.3.0-x86_64.rpm
yum install ./kibana-7.3.0-x86_64.rpm
修改配置
vim /etc/kibana/kibana.yml
# 主要修改下述配置
# 监听端口
server.port: 5601
server.host: "0.0.0.0"
# 指定ES集群
elasticsearch.hosts: ["http://192.168.21.31:9200", "http://192.168.21.32:9200"]
# 指定kibana专用账号密码
elasticsearch.username: "kibana"
elasticsearch.password: "8SSZMisIY0NZFMCS6wv9"
启动 kibana 服务
systemctl start kibana
使用浏览器访问 http://192.168.21.32:5601 就能看到 Kibana 界面了
http://192.168.21.32:5601/app/monitoring 可以看到 ES 以 kibana 的状态
至此所有所有Elastic Stack部署完成
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!