본문 바로가기
리눅스

[WIP] 우분투에서 Elasticsearch와 Kibana를 설치 및 재설치하는 방법

SangChul Dot Kr Blog 2026. 3. 23. 21:57
728x90

우분투에서 Elasticsearch와 Kibana를 설치 및 재설치하는 방법

Elasticsearch 삭제

apt --purge autoremove -y elasticsearch
rm -rf /etc/elasticsearch /var/lib/elasticsearch
  • 데이터 + 설정 + 로그까지 완전 제거

Kibana 삭제

apt --purge autoremove -y kibana
rm -rf /etc/kibana /var/lib/kibana /var/log/kibana

1. Elasticsearch 설치

apt install -y elasticsearch

설치 완료 시 자동 생성 정보

  • elastic 계정 비밀번호 생성됨
  • TLS (HTTPS) 자동 적용됨
  • 보안 기능 활성화됨
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : nlF7GuNl4x29UBAfCezQ

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service
systemctl status elasticsearch.service

2. Elasticsearch 설정

elasticsearch.yml

vim /etc/elasticsearch/elasticsearch.yml
$ vim /etc/elasticsearch/elasticsearch.yml
cluster.name: elasticsearch
node.name: node-1

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

http.host: 0.0.0.0
network.host: 0.0.0.0

cluster.initial_master_nodes: ["uk-221"]
# 단일 노드 환경이면 활성화 권장
#discovery.type=single-node

xpack.security.enabled: true
xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

JVM 설정 (옵션)

vim /etc/elasticsearch/jvm.options
$ vim /etc/elasticsearch/jvm.options
-XX:+UseG1GC
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/lib/elasticsearch
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
  • Heap = 서버 RAM의 50% 이하 권장

3. systemd 튜닝

vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
$ vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
[Service]
...
LimitMEMLOCK=infinity
systemctl daemon-reload && systemctl restart elasticsearch
systemctl daemon-reload

Elasticsearch 실행

systemctl enable elasticsearch.service
systemctl start elasticsearch.service
systemctl status elasticsearch.service

4. 정상 동작 확인

TLS 인증 포함 호출

curl -Ss --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .

TLS 무시 테스트

curl -Ssk -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .
$ curl -Ssk -u elastic:Rp4MWwXmVrZ1-wQNjF** https://localhost:9200 | jq .
{
  "name": "node-1",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "JLHxrhzWT2isDki6TGqmjQ",
  "version": {
    "number": "8.2.1",
    "build_flavor": "default",
    "build_type": "deb",
    "build_hash": "db223507a0bd08f8e84a93e329764cc39b0043b9",
    "build_date": "2022-05-19T16:34:08.043347449Z",
    "build_snapshot": false,
    "lucene_version": "9.1.0",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

5. Kibana 설치

apt install -y kibana

6. Kibana 보안 키 생성

/usr/share/kibana/bin/kibana-encryption-keys generate
$ /usr/share/kibana/bin/kibana-encryption-keys generate
## Kibana Encryption Key Generation Utility

The 'generate' command guides you through the process of setting encryption keys for:

xpack.encryptedSavedObjects.encryptionKey
    Used to encrypt stored objects such as dashboards and visualizations
    https://www.elastic.co/guide/en/kibana/current/xpack-security-secure-saved-objects.html#xpack-security-secure-saved-objects

xpack.reporting.encryptionKey
    Used to encrypt saved reports
    https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html#general-reporting-settings

xpack.security.encryptionKey
    Used to encrypt session information
    https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings


Already defined settings are ignored and can be regenerated using the --force flag.  Check the documentation links for instructions on how to rotate encryption keys.
Definitions should be set in the kibana.yml used configure Kibana.

Settings:
xpack.encryptedSavedObjects.encryptionKey: f03de5bd3fadd5bced83d765be6eeb37
xpack.reporting.encryptionKey: c5fd7cab40d539150aa0c8f318697b9a
xpack.security.encryptionKey: f6f241465315670003a5c752ecee5244

출력된 값 /etc/kibana/kibana.yml에 추가

$ echo -e "xpack.encryptedSavedObjects.encryptionKey: f03de5bd3fadd5bced83d765be6eeb37
xpack.reporting.encryptionKey: c5fd7cab40d539150aa0c8f318697b9a
xpack.security.encryptionKey: f6f241465315670003a5c752ecee5244" >> /etc/kibana/kibana.yml

7. Kibana ↔ Elasticsearch 연결

Enrollment Token 생성

/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Kibana 실행

systemctl enable kibana
systemctl start kibana

8. Kibana 초기 인증

브라우저 접속

http://localhost:5601/?code=917177

다음 정보 입력

  • Enrollment Token
  • 또는 Verification Code
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url "https://localhost:9200"
/usr/share/kibana/bin/kibana-verification-code

비밀번호 재설정

/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

노드 추가 시

/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

로그 확인

journalctl -u elasticsearch -f
journalctl -u kibana -f

 

728x90

'리눅스' 카테고리의 다른 글

[WIP] MySQL 클라이언트 실행 시 libtinfo.so.5 오류를 해결하는 방법  (0) 2026.03.23
[WIP] snmpwalk 명령어  (0) 2026.03.23
[WIP] Kibana를 설치하고 구성하는 방법(SSL/TLS 암호화 구성)  (0) 2026.03.21
[WIP] Docker Compose로 EFK(Elasticsearch, Fluentd, Kibana) 스택을 구성하는 방법  (0) 2026.03.21
[WIP] Elasticsearch 클러스터의 상태를 점검하고 모니터링하는 방법  (0) 2026.03.21

'리눅스' Related Articles

티스토리툴바