1.加密kibana服务配置es的账号密码
进入/usr/share/kibana
[root@ansible kibana]# bin/kibana-keystore create Created Kibana keystore in /var/lib/kibana/kibana.keystore [root@ansible kibana]# bin/kibana-keystore add elasticsearch.username Enter value for elasticsearch.username: ****** #输入es的kibana账号 [root@ansible kibana]# bin/kibana-keystore add elasticsearch.password Enter value for elasticsearch.password: ****** #输入kibana账号对应密码
在kibana.yml 里不需输入es的账号密码,与下面logstash有所不同,logstash对应还需使用对应变量
2.加密logstash 里输出到es账号密码
[root@elk logstash]# set +o history
[root@elk logstash]# export LOGSTASH_KEYSTORE_PASS=mypassword
[root@elk logstash]# set -o history
[root@elk logstash]# ./bin/logstash-keystore add ES_USER --path.settings /etc/logstash/
Enter value for ES_USER: 输入es账号
[root@elk logstash]# ./bin/logstash-keystore add ES_PASS --path.settings /etc/logstash/
Enter value for ES_PASS:输入es密码
查看结果:
[root@elk logstash]# ./bin/logstash-keystore list --path.settings /etc/logstash/
es_pass
es_user
logstash 使用变量
output { elasticsearch { hosts => "localhost:9200" manage_template => false index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" user => "${ES_USER}" password => "${ES_PWD}" } }