oneoneelk

Install X-Pack

X-Pack is an extension which adds additional features to Elasticsearch and Kibana, such as security enhancements, machine learning features and others.

In order to install X-Pack into the ELK stack, please follow the steps in the sections below.

Install X-Pack into Elasticsearch

The steps below describe how to install the X-Pack plugin into Elasticsearch:

  • Stop Elasticsearch:

    $ sudo /opt/bitnami/ctlscript.sh stop elasticsearch
    
  • Install the X-Pack plugin in the /opt/bitnami/elasticsearch directory:

    $ cd /opt/bitnami/elasticsearch $ sudo bin/elasticsearch-plugin install x-pack

  • Update the ownership for newly created files and directories, so they are accessible for Elasticsearch:

    $ sudo chown -R elasticsearch:elasticsearch config/elasticsearch.keystore config/x-pack

  • Make sure that the host for Elasticsearch is publicly accessible for X-Pack:

    • Open /opt/bitnami/elasticsearch/config/elasticsearch.yml and update the network.publish_host property value to your server IP address.

      NOTE: X-Pack needs to access Elasticsearch on its assigned port (by default 9200). If you cannot access the port via the IP address mentioned above, change it to 127.0.0.1 and save (this way X-Pack can access Elasticsearch locally). An alternative is to open the port in your firewall, as described in the FAQ.

    • Start Elasticsearch:

      $ sudo /opt/bitnami/ctlscript.sh start elasticsearch
      
  • Generate X-Pack default passwords (note down the passwords you obtain for the elastic and kibana users):

    $ sudo bin/x-pack/setup-passwords auto
    

Disable Apache HTTP authentication

For security purposes, Bitnami enables HTTP authentication for Kibana. However, the X-Pack plugin enables HTTP authentication by default, making Kibana inaccessible.

In order to access Kibana again, please follow the steps below in order to disable the HTTP authentication enabled by Bitnami:

  • In the /opt/bitnami/elasticsearch/apache-conf/elasticsearch.conf file, remove the following lines and save:

    <LocationMatch "^/(elasticsearch|elk).*?">
      AuthType Basic
      AuthName "Insert your Elasticsearch credentials. If you have problems visit: https://docs.bitnami.com/?page=apps&name=elasticsearch"
      AuthBasicProvider file
      AuthUserFile "/opt/bitnami/elasticsearch/apache-conf/password"
      Require user user
    </LocationMatch>
    
  • Restart Apache:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

Install X-Pack into Kibana

The steps below describe how to install the X-Pack plugin into Kibana:

  • Stop Kibana:

    $ sudo /opt/bitnami/ctlscript.sh stop kibana
    
  • Install the X-Pack plugin in the /opt/bitnami/kibana directory (this step may take up to 30 minutes):

    $ cd /opt/bitnami/kibana
    $ sudo bin/kibana-plugin install x-pack
    
  • Modify Kibana configuration for X-Pack to work with the Apache frontend server, to do so:

    • Open /opt/bitnami/kibana/config/kibana.yml.
    • Add the following lines and save, replacing KIBANA_PASSWORD with the credentials for the kibana user you created above:

      elasticsearch.username: kibana
      elasticsearch.password: KIBANA_PASSWORD
      xpack.reporting.kibanaServer.port: 80
      xpack.reporting.kibanaServer.protocol: http
      
  • Start Kibana:

    $ sudo /opt/bitnami/ctlscript.sh start kibana
    

You can now access Kibana at http://SERVER-IP/elk/ with the credentials you created above.