[리눅스] elasticsearch와

Ubuntu에 Elasticsearch 및 Kibana를 설치하는 방법

테스트 환경

$ lsb_release -d
Description:	Ubuntu 22.04.1 LTS

Elasticsearch 설치

Elasticsearch용 공식 GPG 키 다운로드

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

Elasticsearch 패키지 저장소 추가

apt-get install -y apt-transport-https
echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
$ echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
deb https://artifacts.elastic.co/packages/8.x/apt stable main

패키지 업데이트 후 Elasticsearch 설치

apt-get update && apt-get install -y elasticsearch
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : MGNCiFpQU_9*-W5EtuLS

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------

Elasticsearch 구성 파일 확인

cat /etc/elasticsearch/elasticsearch.yml | egrep -v '^$|^#'
$ cat /etc/elasticsearch/elasticsearch.yml | egrep -v '^$|^#'
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ("node1")
http.host: 0.0.0.0

Elasticsearch 시작하기 및 Elasticsearch가 부팅 시 자동으로 시작되도록 설정

systemctl --now enable elasticsearch

Elasticsearch 구성 파일 편집(true -> 잘못된)

  • xpack.security.enabled: 거짓
  • xpack.security.enrollment.enabled: 거짓
  • xpack.security.http.ssl.enabled: 거짓
  • xpack.security.transport.ssl.enabled: 거짓
vim /etc/elasticsearch/elasticsearch.yml
...
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
...
# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
...

Elasticsearch 다시 시작

systemctl restart elasticsearch
systemctl status elasticsearch

jq 패키지 설치

apt install -y jq

컬 테스트

curl -s http://127.0.0.1:9200 -k | jq
$ curl -s http://127.0.0.1:9200 -k | jq
{
  "name": "ip-10-201-13-131",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "IcZQ4wjTR1e9Hym9T8RdQg",
  "version": {
    "number": "8.6.2",
    "build_flavor": "default",
    "build_type": "deb",
    "build_hash": "2d58d0f136141f03239816a4e360a8d17b6d8f29",
    "build_date": "2023-02-13T09:35:20.314882762Z",
    "build_snapshot": false,
    "lucene_version": "9.4.2",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

키바나 설치

Kibana 패키지 저장소 추가

echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

패키지 업데이트 후 Kibana 설치

apt-get update && apt-get install -y kibana

Kibana 구성 파일 확인

cat /etc/kibana/kibana.yml | egrep -v '^$|^#'
$ cat /etc/kibana/kibana.yml | egrep -v '^$|^#'
logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
pid.file: /run/kibana/kibana.pid

Kibana 시작하기 및 키바나부팅시 자동으로 시작되도록 설정

systemctl --now enable kibana
systemctl status kibana

Kibana 설정 파일 열기

  • Elasticsearch에 연결하도록 Kibana 설정
vim /etc/kibana/kibana.yml
...
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
...
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ("http://localhost:9200")
...
xpack.reporting.roles.enabled: false
...

키바나 재시작

systemctl restart kibana
systemctl status kibana

참조 URL

– Elasticsearch 설치: https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html

– Kibana 설치: https://www.elastic.co/guide/en/kibana/current/deb.html