2022년 2월 27일 일요일

Elasticsearch 8.0의 변화

엘라스틱 8.0이 릴리즈됐다. 업데이트가 워낙 잦다 보니 좀 무덤덤하긴 하지만, 검색엔진 기능 개선이 많이 이뤄진 모양. (데이터 분석 관점의 개선점은 잘 모르겠음) 설치 과정도 좀 달라졌다. 일단 엘라스틱 실행.
[2022-02-27T13:33:31,655][INFO ][o.e.c.r.a.AllocationService] [MHKANG] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.security-7][0]]])." previous.health="YELLOW" reason="shards started [[.security-7][0]]"

--------------------------------------------------------------------------------------------------------------
-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.

->  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
  voA_9jKuSzizS0mmZX*e

->  HTTP CA certificate SHA-256 fingerprint:
  1f0126eb4bce0fb1e7a83fabafaa8da4b046eadac3a290155fc2b796e8b9b1e0

->  Configure Kibana to use this cluster:
* Run Kibana and click the configuration link in the terminal when Kibana starts.
* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
  eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxNzIuMjIuMzIuMTo5MjAwIiwiMTkyLjE2OC4zMS4xODk6OTIwMCIsIjE5Mi4xNjguNTYuMTo5MjAwIl0sImZnciI6IjFmMDEyNmViNGJjZTBmYjFlN2E4M2ZhYmFmYWE4ZGE0YjA0NmVhZGFjM2EyOTAxNTVmYzJiNzk2ZThiOWIxZTAiLCJrZXkiOiJpQlIwT1g4QnpGbVJ4dzRsZ3ptRjpaa2lJUWV6dFJ4RzQ4YzYzRlZaaDdnIn0=

->  Configure other nodes to join this cluster:
* On this node:
  - Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
  - Uncomment the transport.host setting at the end of config/elasticsearch.yml.
  - Restart Elasticsearch.
* On other nodes:
  - Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
--------------------------------------------------------------------------------------------------------------

보안 기능이 자동으로 활성화되며, elastic 유저 패스워드 및 키바나 연동을 위한 enrollment token 값 등을 보여준다. 다음은 자동 생성된 SSL 인증서와 키스토어 파일.


다음은 elasticsearch.yml 변경 내역. SSL 통신 설정과 함께 마스터 노드 설정이 눈에 띈다. 
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 27-02-2022 04:32:59
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["MHKANG"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

기존 엘라스틱 노드는 IP를 셋팅하지 않으면 localhost로만 서비스를 제공하기 때문에 마스터 설정이 필요 없었는데, 8.0부터는 시스템에 셋팅된 모든 IP(localhost 포함)와 자동 바인딩된다. 자연스럽게 마스터 설정도 필수가 된 모양.

[2022-02-27T13:39:23,236][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [MHKANG] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:12422}

[2022-02-27T13:40:17,687][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [MHKANG] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/192.168.56.1:9200, remoteAddress=/192.168.56.1:12436}

이번엔 키바나 실행
C:\ELK\kibana-8.0.0\bin> .\kibana.bat
[2022-02-27T13:44:34.160+09:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
[2022-02-27T13:44:34.220+09:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2022-02-27T13:44:34.259+09:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-02-27T13:44:34.263+09:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2022-02-27T13:44:34.307+09:00][INFO ][root] Holding setup until preboot stage is completed.

i Kibana has not been configured.

Go to http://localhost:5601/?code=767711 to get started.

표시된 URL 접속 후, enrollment token 값을 입력하면 키바나 설정이 마무리된다. 


다음은 kibana.yml 변경 내역.
# This section was automatically generated during setup.
elasticsearch.hosts: ['https://172.22.32.1:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NDU5MzcyMjYxMzk6TFpCcm1veW5TeS1uVGlhRUhFOU03QQ
elasticsearch.ssl.certificateAuthorities: ['C:\ELK\kibana-8.0.0\data\ca_1645937226575.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://172.22.32.1:9200'], ca_trusted_fingerprint: 1f0126eb4bce0fb1e7a83fabafaa8da4b046eadac3a290155fc2b796e8b9b1e0}]

23.12.15
토큰 입력 후, 인증코드를 요구하는 메시지(kibana-verification-code 명령어 실행)가 뜰 수도 있음. 

관련 글

댓글 없음:

댓글 쓰기

크리에이티브 커먼즈 라이선스