OOKB - Olaf's Own Knowledge Base

User Tools

Site Tools

Trace:
elastic:kibanaonlinux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
elastic:kibanaonlinux [2023/03/09 19:34] – created olafelastic:kibanaonlinux [2024/10/20 14:41] (current) – Updated location of node since Kibana 8.15 olaf
Line 45: Line 45:
  
  
-Install vim, tools for importing the elastic key ring and allow apt to download through https.+Install vim, tools for importing the elastic key ringallow apt to download through https, for mounting SMB shares and unzip.
 Then get the elastic key ring and add the repository Then get the elastic key ring and add the repository
 <code bash> <code bash>
-apt install -y vim gpg apt-transport-https +apt install -y vim gpg apt-transport-https cifs-utils unzip
 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list
 </code> </code>
  
 +Install Kibana
 +<code bash>
 +apt update
 +apt install kibana
 +</code>
 +
 +Change /etc/kibana/kibana.yml:
 +<code yaml>
 +In /etc/kibana/kibana.yml set:
 +server.port: 443
 +server.host: "deb11-elk-13"
 +elasticsearch.hosts: ["https://deb11-elk-11:9200", "https://deb11-elk-12:9200" ]
 +server.publicBaseUrl: "https://deb11-elk-13"
 +# SSL config
 +server.ssl.enabled: true
 +server.ssl.certificate: /etc/kibana/certs/deb11-elk-13_https.crt
 +server.ssl.key: /etc/kibana/certs/deb11-elk-13_https.key
 +
 +# looging settings below are default in Linux installations (no need to modify)
 +# But: those settings need to be adjusted and used in Windows setups
 +# Enables you to specify a file where Kibana stores log output.
 +logging:
 +  appenders:
 +    file:
 +      type: file
 +      fileName: /var/log/kibana/kibana.log
 +      layout:
 +        type: json
 +  root:
 +    appenders:
 +      - default
 +      - file
 +#  layout:
 +#    type: json
 +</code>
 +
 +
 +On one of the Elasticsearch nodes generate an access token for Kibana
 +<code bash>
 +/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
 +
 +eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9
 +</code>
 +
 +On the Kibana node configure Kibana:
 +<code bash>
 +/usr/share/kibana/bin/kibana-setup
 +? Enter enrollment token: eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9
 +
 +✔ Kibana configured successfully.
 +
 +To start Kibana run:
 +  bin/kibana
 +
 +</code>
 +
 +Get the elasticsearch.serviceAccountToken from ''/etc/kibana/kibana.yml''
 +<code yaml>elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NzE3MTc2Njg4OTA6QllmZml2MGpTNjZzRTdnR1RCMXhRUQ</code>
 +
 +Generate encryption keys ...
 +<code bash>/usr/share/kibana/bin/kibana-encryption-keys generate
 +
 +xpack.encryptedSavedObjects.encryptionKey: bdab0983a2ef291a97dd0d570329fabd
 +xpack.reporting.encryptionKey: d10a1eb9b4088bf06a01894fe422a939
 +xpack.security.encryptionKey: 777d3da41a468bc3524c7c598262538b
 +</code>
 +… and add all values to the kibana-keystore
 +<code bash>
 +/usr/share/kibana/bin/kibana-keystore add elasticsearch.serviceAccountToken
 +/usr/share/kibana/bin/kibana-keystore add xpack.encryptedSavedObjects.encryptionKey
 +/usr/share/kibana/bin/kibana-keystore add xpack.reporting.encryptionKey
 +/usr/share/kibana/bin/kibana-keystore add xpack.security.encryptionKey
 +</code>
 +remove the line with the ''elasticsearch.serviceAccountToken'' from ''/etc/kibana/kibana.yml''\\
 +
 +To be able to copy files between the ES nodes and Kibana a mount for the SMB share is needed.\\
 +Create a file containing the credentials for the share in the root user directory:
 +<code bash>
 +cat > /root/backup.crd
 +username=kenny
 +password=kennyspassword
 +<ctrl-d>
 +</code>
 +
 +To mount the share for the snapshot repository with the correct permissions for the elasticsearch user, we need to know the user id (uid) of the elasticsearch user:
 +''id -u elasticsearch''
 +''106''
 +
 +Create the mount directory
 +<code bash>
 +mkdir /mnt/backup
 +</code>
 +
 +Add the share used for repository in /etc/fstab\\
 +<code bash>
 +//10.0.1.10/ES       /mnt/backup     cifs    vers=3.0,credentials=/root/backup.crd,uid=106         0
 +</code>
 +
 +
 +Mount the share
 +<code bash>
 +mount //10.0.0.10/ES
 +</code>
 +
 +
 +
 +On one of the elasticsearch nodes\\
 +
 +Generate the SSL certificate and key for Kibana\\
 +<code bash>
 +/usr/share/elasticsearch/bin/elasticsearch-certutil cert -name deb11-elk-04_https -dns deb11-elk-04 -pem -self-signed</code>
 +
 +Tell to save it as ''deb11-elk-04_http.zip'' than copy it to the share:\\
 +<code bash>
 +cp /usr/share/elasticsearch/deb11-elk-04_http.zip /mnt/backup/debby/deb11-elk-04/
 +</code>
 +
 +Back to the Kibana node\\
 +Create the directory for the certificate and key
 +copy the certificate file, unzip it, move the certificate and key to the certs directory and clean up
 +<code bash>
 +mkdir /etc/kibana/certs
 +cd /etc/kibana/certs
 +cp /mnt/backup/debby/deb11-elk-04/deb11-elk-04_http.zip ./
 +unzip deb11-elk-04_http.zip
 +mv deb11-elk-04_https/* ./
 +rm -rf deb11-elk-04_https
 +rm deb11-elk-04_http.zip
 +chown -R root:kibana /etc/kibana/certs
 +</code>
 +
 +Allow Kibana to use HTTPS default port (443) ...
 +
 +Up to Kibana 8.14.x:
 +<code bash>
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
 +setcap cap_net_bind_service=+epi /usr/share/kibana/node/bin/node
 +</code>
 +
 +Since Kibana 8.15:
 +<code bash>
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
 +setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
 +setcap cap_net_bind_service=+epi /usr/share/kibana/node/glibc-217/bin/node
 +</code>
 +
 +
 +
 +Install Kibana as service and start it
 +<code bash>
 +systemctl daemon-reload
 +systemctl enable kibana.service
 +
 +systemctl start kibana.service
 +</code>
 +
 +Kibana is now availbale at ''https://deb11-elk-04''\\
 +
 +Either use the generated password from the installation of ES or generate a new one on a ES node with 
 +<code bash>
 +/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
 +</code>
 +Login with elastic and the password
  
 +Kibana is installed
elastic/kibanaonlinux.1678390486.txt.gz · Last modified: 2023/03/09 19:34 by olaf

Page Tools