ELK

Panduan Tambahkan host pada file /etc/hosts vim /etc/hosts /etc/hosts 127.0.0.1 localhost 192.168.10.71 elasticsearch-node01 192.168.10.72 elasticsearch-node02 192.168.10.73 elasticsearch-node03 Unduh dan install package elasticsearch wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-amd64.deb dpkg -i elasticsearch-7.14.0-amd64.deb Konfigurasi elasticsearch /etc/elasticsearch/elasticsearch.yml cluster.name: elasticsearch-demo node.name: elasticsearch-node01 path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: 0.0.0.0 http.port: 9200 cluster.initial_master_nodes: ["elasticsearch-node01", "elasticsearch-node02", "elasticsearch-node03"] node.master: true node.data: true discovery.zen.ping.unicast.hosts: ["192.168.10.71" , "192.168.10.72", "192.168.10.73"] discovery.zen.minimum_master_nodes: 2 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12 Buat sertifikat SSL dari salah satu node. Sebagai contoh dari elasticsearch-node01 /usr/share/elasticsearch/bin/elasticsearch-certutil ca /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 mv /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/elastic-certificates.p12 chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 Distribusikan sertifikat ke semua node scp /etc/elasticsearch/elastic-certificates.p12 \ elasticsearch-node02:/etc/elasticsearch/elastic-certificates.p12 scp /etc/elasticsearch/elastic-certificates.p12 \ elasticsearch-node03:/etc/elasticsearch/elastic-certificates.p12 ssh elasticsearch-node02 chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 ssh elasticsearch-node03 chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 Jalankan dan enable service elasticsearch systemctl enable --now elasticsearch Setup password elasticsearch dari salah satu node /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto Catatan Jangan lupa menyimpan password! ...

Panduan Perintah mengganti password user sendiri curl -u <user> -XPUT \ 'http://localhost:9200/_xpack/security/user/_password?pretty' \ -H 'Content-Type: application/json' -d' { "password": "<password>" }' Contoh mengganti password user sendiri curl -u elastic -XPUT \ 'http://localhost:9200/_xpack/security/user/_password?pretty' \ -H 'Content-Type: application/json' -d' { "password": "sangatrahasia" }' Contoh output [root@rocky ~]# curl -u elastic -XPUT \ > 'http://localhost:9200/_xpack/security/user/_password?pretty' \ > -H 'Content-Type: application/json' -d' > { "password": "sangatrahasia" }' Enter host password for user 'elastic': { } Perintah mengganti password user lain (Admin) curl -u <user_admin> -XPUT \ 'http://localhost:9200/_xpack/security/user/<user_lain>/_password?pretty' \ -H 'Content-Type: application/json' -d' { "password": "<password>" }' Contoh mengganti password user lain (Admin) curl -u elastic -XPUT \ 'http://localhost:9200/_xpack/security/user/kibana/_password?pretty' \ -H 'Content-Type: application/json' -d' { "password": "inipasswordkibana" }' Contoh output [root@rocky ~]# curl -u elastic -XPUT \ > 'http://localhost:9200/_xpack/security/user/kibana/_password?pretty' \ > -H 'Content-Type: application/json' -d' > { "password": "inipasswordkibana" }' Enter host password for user 'elastic': { } Referensi ...