엘라스틱 8.0이 릴리즈됐다. 업데이트가 워낙 잦다 보니 좀 무덤덤하긴 하지만, 검색엔진 기능 개선이 많이 이뤄진 모양. (데이터 분석 관점의 개선점은 잘 모르겠음) 설치 과정도 좀 달라졌다. 일단 엘라스틱 실행.
[2022-02-27T13:33:31,655][INFO ][o.e.c.r.a.AllocationService] [MHKANG] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.security-7][0]]])." previous.health="YELLOW" reason="shards started [[.security-7][0]]"
---------------------------------------------------------------------------------------------------------------> Elasticsearch security features have been automatically configured!-> Authentication is enabled and cluster connections are encrypted.
-> Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`): voA_9jKuSzizS0mmZX*e
1f0126eb4bce0fb1e7a83fabafaa8da4b046eadac3a290155fc2b796e8b9b1e0
-> Configure Kibana to use this cluster:* Run Kibana and click the configuration link in the terminal when Kibana starts.* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes): eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxNzIuMjIuMzIuMTo5MjAwIiwiMTkyLjE2OC4zMS4xODk6OTIwMCIsIjE5Mi4xNjguNTYuMTo5MjAwIl0sImZnciI6IjFmMDEyNmViNGJjZTBmYjFlN2E4M2ZhYmFmYWE4ZGE0YjA0NmVhZGFjM2EyOTAxNTVmYzJiNzk2ZThiOWIxZTAiLCJrZXkiOiJpQlIwT1g4QnpGbVJ4dzRsZ3ptRjpaa2lJUWV6dFJ4RzQ4YzYzRlZaaDdnIn0=
-> Configure other nodes to join this cluster:* On this node: - Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`. - Uncomment the transport.host setting at the end of config/elasticsearch.yml. - Restart Elasticsearch.* On other nodes: - Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.--------------------------------------------------------------------------------------------------------------보안 기능이 자동으로 활성화되며, elastic 유저 패스워드 및 키바나 연동을 위한 enrollment token 값 등을 보여준다. 다음은 자동 생성된 SSL 인증서와 키스토어 파일.
다음은 elasticsearch.yml 변경 내역. SSL 통신 설정과 함께 마스터 노드 설정이 눈에 띈다.
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------## The following settings, TLS certificates, and keys have been automatically # generated to configure Elasticsearch security features on 27-02-2022 04:32:59## --------------------------------------------------------------------------------
# Enable security featuresxpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agentsxpack.security.http.ssl: enabled: true keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodesxpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/transport.p12 truststore.path: certs/transport.p12# Create a new cluster with the current node only# Additional nodes can still join the cluster latercluster.initial_master_nodes: ["MHKANG"]
# Allow HTTP API connections from localhost and local networks# Connections are encrypted and require user authenticationhttp.host: [_local_, _site_]
# Allow other nodes to join the cluster from localhost and local networks# Connections are encrypted and mutually authenticated#transport.host: [_local_, _site_]
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------기존 엘라스틱 노드는 IP를 셋팅하지 않으면 localhost로만 서비스를 제공하기 때문에 마스터 설정이 필요 없었는데, 8.0부터는 시스템에 셋팅된 모든 IP(localhost 포함)와 자동 바인딩된다. 자연스럽게 마스터 설정도 필수가 된 모양.
[2022-02-27T13:39:23,236][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [MHKANG] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:12422}
[2022-02-27T13:40:17,687][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [MHKANG] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/192.168.56.1:9200, remoteAddress=/192.168.56.1:12436}이번엔 키바나 실행
C:\ELK\kibana-8.0.0\bin> .\kibana.bat[2022-02-27T13:44:34.160+09:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.[2022-02-27T13:44:34.220+09:00][INFO ][http.server.Preboot] http server running at http://localhost:5601[2022-02-27T13:44:34.259+09:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup][2022-02-27T13:44:34.263+09:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…[2022-02-27T13:44:34.307+09:00][INFO ][root] Holding setup until preboot stage is completed.
i Kibana has not been configured.
Go to http://localhost:5601/?code=767711 to get started.표시된 URL 접속 후, enrollment token 값을 입력하면 키바나 설정이 마무리된다.
다음은 kibana.yml 변경 내역.
# This section was automatically generated during setup.elasticsearch.hosts: ['https://172.22.32.1:9200']elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NDU5MzcyMjYxMzk6TFpCcm1veW5TeS1uVGlhRUhFOU03QQelasticsearch.ssl.certificateAuthorities: ['C:\ELK\kibana-8.0.0\data\ca_1645937226575.crt']xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://172.22.32.1:9200'], ca_trusted_fingerprint: 1f0126eb4bce0fb1e7a83fabafaa8da4b046eadac3a290155fc2b796e8b9b1e0}]23.12.15
토큰 입력 후, 인증코드를 요구하는 메시지(kibana-verification-code 명령어 실행)가 뜰 수도 있음.
관련 글
댓글 없음:
댓글 쓰기