===== Install Kibana on Linux =====
Install Debian with basic function, only add SSH server.
Login as root
Modify ''/etc/network/interfaces''
auto enp8s0
iface enp8s0 inet static
address 10.0.0.15
netmask 255.255.0.0
gateway 10.0.0.1
dns-nameservers 10.0.0.1
Set the name of the machine in ''/etc/hostname'' and the IP addresses in ''/etc/hosts''\\
Register it with your DNS server or add it to /etc/hosts on the host system
Update the system
apt update && apt upgrade -y
apt autoremove -y
Create another user and set the password
useradd kenny
passwd kenny
Reboot
reboot now
Login through ssh
ssh kenny@deb11-elk-04
Become root
su -
Install vim, tools for importing the elastic key ring, allow apt to download through https, for mounting SMB shares and unzip.
Then get the elastic key ring and add the repository
apt install -y vim gpg apt-transport-https cifs-utils unzip
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list
Install Kibana
apt update
apt install kibana
Change /etc/kibana/kibana.yml:
In /etc/kibana/kibana.yml set:
server.port: 443
server.host: "deb11-elk-13"
elasticsearch.hosts: ["https://deb11-elk-11:9200", "https://deb11-elk-12:9200" ]
server.publicBaseUrl: "https://deb11-elk-13"
# SSL config
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/deb11-elk-13_https.crt
server.ssl.key: /etc/kibana/certs/deb11-elk-13_https.key
# looging settings below are default in Linux installations (no need to modify)
# But: those settings need to be adjusted and used in Windows setups
# Enables you to specify a file where Kibana stores log output.
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
# layout:
# type: json
On one of the Elasticsearch nodes generate an access token for Kibana
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9
On the Kibana node configure Kibana:
/usr/share/kibana/bin/kibana-setup
? Enter enrollment token: eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9
✔ Kibana configured successfully.
To start Kibana run:
bin/kibana
Get the elasticsearch.serviceAccountToken from ''/etc/kibana/kibana.yml''
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NzE3MTc2Njg4OTA6QllmZml2MGpTNjZzRTdnR1RCMXhRUQ
Generate encryption keys ...
/usr/share/kibana/bin/kibana-encryption-keys generate
xpack.encryptedSavedObjects.encryptionKey: bdab0983a2ef291a97dd0d570329fabd
xpack.reporting.encryptionKey: d10a1eb9b4088bf06a01894fe422a939
xpack.security.encryptionKey: 777d3da41a468bc3524c7c598262538b
… and add all values to the kibana-keystore
/usr/share/kibana/bin/kibana-keystore add elasticsearch.serviceAccountToken
/usr/share/kibana/bin/kibana-keystore add xpack.encryptedSavedObjects.encryptionKey
/usr/share/kibana/bin/kibana-keystore add xpack.reporting.encryptionKey
/usr/share/kibana/bin/kibana-keystore add xpack.security.encryptionKey
remove the line with the ''elasticsearch.serviceAccountToken'' from ''/etc/kibana/kibana.yml''\\
To be able to copy files between the ES nodes and Kibana a mount for the SMB share is needed.\\
Create a file containing the credentials for the share in the root user directory:
cat > /root/backup.crd
username=kenny
password=kennyspassword
To mount the share for the snapshot repository with the correct permissions for the elasticsearch user, we need to know the user id (uid) of the elasticsearch user:
''id -u elasticsearch''
''106''
Create the mount directory
mkdir /mnt/backup
Add the share used for repository in /etc/fstab\\
//10.0.1.10/ES /mnt/backup cifs vers=3.0,credentials=/root/backup.crd,uid=106 0 0
Mount the share
mount //10.0.0.10/ES
On one of the elasticsearch nodes\\
Generate the SSL certificate and key for Kibana\\
/usr/share/elasticsearch/bin/elasticsearch-certutil cert -name deb11-elk-04_https -dns deb11-elk-04 -pem -self-signed
Tell to save it as ''deb11-elk-04_http.zip'' than copy it to the share:\\
cp /usr/share/elasticsearch/deb11-elk-04_http.zip /mnt/backup/debby/deb11-elk-04/
Back to the Kibana node\\
Create the directory for the certificate and key
copy the certificate file, unzip it, move the certificate and key to the certs directory and clean up
mkdir /etc/kibana/certs
cd /etc/kibana/certs
cp /mnt/backup/debby/deb11-elk-04/deb11-elk-04_http.zip ./
unzip deb11-elk-04_http.zip
mv deb11-elk-04_https/* ./
rm -rf deb11-elk-04_https
rm deb11-elk-04_http.zip
chown -R root:kibana /etc/kibana/certs
Allow Kibana to use HTTPS default port (443) ...
Up to Kibana 8.14.x:
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
setcap cap_net_bind_service=+epi /usr/share/kibana/node/bin/node
Since Kibana 8.15:
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
setcap cap_net_bind_service=+epi /usr/share/kibana/node/glibc-217/bin/node
Install Kibana as service and start it
systemctl daemon-reload
systemctl enable kibana.service
systemctl start kibana.service
Kibana is now availbale at ''https://deb11-elk-04''\\
Either use the generated password from the installation of ES or generate a new one on a ES node with
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
Login with elastic and the password
Kibana is installed