2. Installing OpenDistro for Elasticsearch Plugins
The Opendistro allows us to add plugins to our elastic stack, in particular the security plugin which will allow us to secure our stack and add further features like users and roles management, the alerting plugins which will allow us to create rules and send alerts via slack, webhooks and lately they added Email.
If you are using a cluster of nodes installing a plugin would only be successfully operational if it is installed on all nodes.
Further information about Opendistro plugins can be found here
We are running 7.8.0 so the compatible opendistro plugin version is 1.9.0.0
Disable XPACK security
First lets disable xpack security on both Elasticsearch and Kibana and add this line to their configuration files
xpack.security.enabled: false
Installing Security plugin for Elasticsearch
Navigate to the Elasticsearch home directory (most likely, it is /usr/share/elasticsearch), and run the install command for each plugin.
After installing the modules we must restart Elasticsearch and Kibana to take into account the installed plugins but before restarting them we must run the following script to generate the default certificates of opendistro
If you have a cluster, this step must be done on all Elasticsearch instances before restarting the Elasticsearch service
server.port: 5601
server.host: "192.168.20.222"
server.name: "elk-allinone"
elasticsearch.hosts: ["https://localhost:9200"]
######### for demo purposes I am using the same user admin but you can create a dedicated user for communications between kibana and elasticsearch
elasticsearch.username: "admin"
elasticsearch.password: "admin"
xpack.security.enabled: false
######### Enable SSL #################”
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/esnode.pem
server.ssl.key: /etc/kibana/esnode-key.pem
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/root-ca.pem" ]
elasticsearch.ssl.verificationMode: certificate