ES-Cluster 구성 - 2(MasterNode, Kibana)

2024.03.02 - [Elasticsearch] - ES-Cluster 구성 - 1(공통)

ES-Cluster 구성 - 1(공통)

2024.03.02 - [Elasticsearch] - ES-Cluster 구성 - 3(DataNode)

ES-Cluster 구성 - 3(DataNode)

---

ES Cluter 구성 - MasterNode 설치

# ES 계정 패스워드 설정 및 Kibana token, Node Join token 생성 가이드 확인
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : Tz+EgRffUfGnPryNgHuJ

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
-------------------------------------------------------------------------------------------------
# elasticsearch.yml 설정
sudo vi /etc/elasticsearch/elasticsearch.yml
cluster.name: xg-es                                      # 클러스터 이름
node.name: es-master1                                           # 노드 이름
node.roles: [ master, data_content, data, remote_cluster_client, ingest ]      # 노드 Role 설정 (master, data, data_content, transform, remote_cluster_client 등)
path.data: /data/elasticsearch/lib                               # 인덱스 데이터 디렉토리 설정
path.logs: /data/elasticsearch/log                             # 로그 디렉토리 설정
bootstrap.memory_lock: true                                      # ES 시작 시 메모리 락업하여 전용 사용
network.host: 0.0.0.0                                            # 허용할 네트워크 대역 설정

discovery.seed_hosts: ["es-master1", "es-data1", "es-data2", "es-data3"]        # 클러스터 내에서 통신

cluster.initial_master_nodes: ["es-master1"]        # 초기 클러스터 생성 시 Master 노드 지정

xpack.security.enabled: true
xpack.security.enrollment.enabled: true

xpack.security.http.ssl:                             # http api 통신 시 ssl 사용
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:                        # 노드끼리 통신할 때 ssl 사용
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

http.host: 0.0.0.0
transport.host: 0.0.0.0
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
xpack.security.authc.api_key.enabled: true

path:                                                # ES 스냅샷 생성 시 활용할 디렉토리
  repo:
    - /data/elasticsearch/backup

indices.requests.cache.size: 2%
indices.queries.cache.size: 15%

thread_pool:                                         # Search Thread Pool 설정
    search:
        size: 30
        queue_size: 2000

# jvm.options 설정 (heap memory)
sudo vi /etc/elasticsearch/jvm.options
-Xms16g
-Xmx16g

# elasticsearch 실행
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch && sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

# elastic(Admin) 패스워드 설정
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i
Please confirm that you would like to continue [y/N]y
xgtestes!@

# Cluster 확인
sudo curl -u elastic:'xgtestes!@' --cacert /etc/elasticsearch/certs/http_ca.crt -XGET 'https://localhost:9200'
{
  "name" : "es-master1",
  "cluster_name" : "xg-es",
  "cluster_uuid" : "7DlOEOaQRn6xQCVWo92fug",
  "version" : {
    "number" : "8.12.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "6185ba65d27469afabc9bc951cded6c17c21e3f3",
    "build_date" : "2024-02-01T13:07:13.727175297Z",
    "build_snapshot" : false,
    "lucene_version" : "9.9.2",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

---

Kibana 연동 (계정 정보 : elastic/xgtestes!@)

# kibana install (v8.12.1)
sudo apt install -y kibana

# kibana conf 설정
sudo vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"

# kibana 실행
sudo systemctl enable kibana.service && sudo systemctl start kibana.service
sudo systemctl status kibana.service

# ES 노드와 통신을 위해 kibana enrollment-token 생성 (master 노드에서 실행, --url : ES Master ip)
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url "https://IP:9200"
eyJ2ZXIiOiI4LjEyLjEiLCJhZHIiOlsiMTAuMTAuMTIuMTgxOjkyMDAiXSwiZmdyIjoiNjJiNWZiN2UyZThjZDgzYTUwZGVhMDk2MjEyOGU5OTQ3MWI1MmJiM2UwN2VmOGExZmZmZDQxNmEyMWQzYzZhNCIsImtleSI6ImhON256NDBCN25KS3RfUF9tSjNGOkpwRWU5R1AwVDYycVhUalhNUWN6dncifQ==

# 브라우저에서 Kibana 주소로 접속 후 토큰 입력
http://IP:5601

# kibana 서버에서 인증 코드 확인 후 입력
sudo /usr/share/kibana/bin/kibana-verification-code
Your verification code is:  731 527

(계정 정보 : elastic/xgtestes!@)

# kibana.yml에서 추가된 설정 확인
sudo tail /etc/kibana/kibana.yml
elasticsearch.hosts: ['https://IP:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3MDg1OTA2MTEyNjg6aERvSXhQS2pRaHVCTnJGUlJ3cEhjZw
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1708590612460.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://IP:9200'], ca_trusted_fingerprint: 62b5fb7e2e8cd83a50dea0962128e99471b52bb3e07ef8a1fffd416a21d3c6a4}]

# encryptedSavedObjects key 설정 (Kibana에서 Security tab 사용 가능)
# Key Generator(256bit/32자) http://www.unit-conversion.info/texttools/random-string-generator/
sudo vi /etc/kibana/kibana.yml

xpack.encryptedSavedObjects:
  encryptionKey: "p2s7v9yqwkrejkjqwe$B&E)H@McQfTjW"      # 임의로 32자 설정

# kibana 재실행
sudo systemctl restart kibana
sudo systemctl status kibana