Home / Monitoring / ELK Stack / Install Elastic Stack 7.x on CentOS 7 with SSL, TLS & HTTPS
Elasticsearch logo
Elasticsearch logo

Install Elastic Stack 7.x on CentOS 7 with SSL, TLS & HTTPS

This tutorial discusses how to install ElasticSearch 7.10 on CentOS 7. Elasticsearch is an open source search and analytics engine that allows you to store, search, and analyze big volumes of data in real time.

We will cover the minimum steps you’ll need to install ElasticSearch 7 on CentOS 7, with all security features enabled, which isn’t covered in most of howtos

1 / Introduction to the Elastic Stack

Nothing better than a schema to understand the Elastic Stack architecture.

ELK Stack is a stack with three different open source software—Elasticsearch, Logstash, and Kibana

Elastic Stack Architecture
Elastic Stack Architecture

Elasticsearch is ingesting the logs sended by Beats or Logstash and let you analyze them with a GUI : Kibana.

Kibana is a dashboarding open source software from ELK Stack, and it is a very good tool for creating different visualizations, charts, maps, and histograms, and by integrating different visualizations together, we can create dashboards

Logstash, Beats, what is the difference ?

Beats collect & send logs to Elasticsearch directly, where Logstash can collect logs or receive logs from beats, and transform them (ETL) before sending them to Elasticsearch.

2 / Installation

2.1 / Update Centos 7

2.2 / Prerequisites

If you’re in test environment, create the DNS entry in your hosts file.

2.3 / Install Elasticsearch

Download and install the public signing key:

Create the repo for Elasticsearch :

Add the following lines to the file :

Your repository is ready for use. You can now install Elasticsearch :

Lets activate the service on boot

2.4 / Install Kibana

Create the repo for Kibana :

Add the following lines to the file :

Your repository is ready for use. You can now install Kibana:

Lets activate the service on boot

2.5 / Install Logstash

Create the repo for Logstash:

Add the following lines to the file :

Your repository is ready for use. You can now install Logstash:

Lets activate the service on boot

2.6 / Lets secure everything

We’ll start by creating the needed certificates for each instance.

go to /tmp

Create a yaml file and add the instance informations, use the informations you set in the DNS or hosts file :

Generate Certificate Authority (CA) and Server Certificates

Unzip the certs files

Go to the elasticsearch folder to imports the certificates :

Jump to the kibana folder, and do the same things :

Jump to the Logstash folder, and do the same again

Loading...

3 / Configure the ELK Stack

3.1 / Elasticsearch configuration

Open the elasticsearch conf file, and add the following parameters

Add / Replace these parameters

We can now start the elasticsearch service

Then, we can create Elasticsearch users :

Keep the passwords in a safe place ;)

Elasticsearch passwords

3.2 / Kibana Configuration

Open the Kibana conf file, and add the following parameters

Add / Replace these parameters

We can now start the elasticsearch service

Well done ! You can now log in to your server using elastic user :)

https://your-url:5601

Last important step in the Kibana configuration. As we use an autosigned certificate, we have to trust him to avoid issues.

3.3 / Logstash Configuration

Into Kibana, we have to create a Logstash Role & a logstash User, then we will be able to configure it.

To create the role, go “Stack Management”, “Roles”, then click on “Create Role”

Or create it throw API using the “Dev Tools” by entering the following parameters

You should obtain the following answer :

Create the user, and link it to the role :

with API :

Now, Convert logstash.key to PKCS # 8 format for the Beats input plug-in

Configure Logstash

Now, lets create a conf file with generic parameters :

Now, start the logstash service :

You can verify everything is running well on Kibana, in the monitoring section :

4 / Configuration Test

4.1 / Install Filebeat

To validate the configuration, we’ll install filebeat on a server (the local one or a remote server). As we saw in the presentation, we’ll configure filebeat to send logs to logstash, and we’ll see it goes to Elasticsearch

Install Filebeat :

Configure TLS :

Configure filebeat to send logs to Logstash :

Start the filebeat service :

4.2 / Create the Index Pattern

Go to Kibana, “Stack Management”, “Index Pattern”, then click on “Create Index Pattern” :

And check the result in the discover section of Kibana :

Everything working fine, with all securities enabled :)

Loading...

About Alexandre Nogard

One comment

  1. Hey Alexandre,
    Great thanks for this howto.
    After following all steps, I get a message error when trying to log in to elastic server : “Kibana server is not ready yet”
    I’m using CentOs 7.
    Thank you for your help !!

Leave a Reply

Your email address will not be published. Required fields are marked *