github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Added Load Balancing Across Multiple Elasticsearch Nodes section.

Browse source 
Described how to use an ES client node for load balancing.

Removed (broken) kibana4_server role example.
This commit is contained in:
debadair 2015-03-03 14:16:13 -08:00
parent 68f97835de
commit 2623d24ba8
1 changed files with 65 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

99
docs/production.asciidoc
View file

@ -1,13 +1,10 @@
[[production]]
== Using Kibana in a Production Environment
When you set up Kibana in a production environment, rather than on your local
machine, you need to consider:
* <<configuring-kibana-shield, Configuring Kibana to Work with Shield>>
* <<enabling-ssl, Enabling SSL>>
* <<controlling-access, Controlling Access>>
* <<load-balancing, Load Balancing Across Multiple Elasticsearch Nodes>>
* Where you are going to run Kibana.
* Whether you need to encrypt communications to and from Kibana.
* If you need to control access to your data.
=== Deployment Considerations
How you deploy Kibana largely depends on your use case. If you are the only user,
you can run Kibana on your local machine and configure it to point to whatever
Elasticsearch instance you want to interact with. Conversely, if you have a large
@ -15,35 +12,19 @@ number of heavy Kibana users, you might need to load balance across multiple
Kibana instances that are all connected to the same Elasticsearch instance.
While Kibana isn't terribly resource intensive, we still recommend running Kibana
on its own node, rather than on one of your Elasticsearch nodes.
separate from your Elasticsearch data or master nodes. To distribute Kibana
traffic across the nodes in your Elasticsearch cluster, you can run Kibana
and an Elasticsearch client node on the same machine. For more information, see
<<load-balancing, Load Balancing Across Multiple Elasticsearch Nodes>>.
[float]
[[configuring-kibana-shield]]
=== Configuring Kibana to Work with Shield
If you are using Shield to authenticate Elasticsearch users, you need to provide
Kibana with user credentials so it can access the `.kibana` index. The Kibana user
needs permission to perform the following actions on the `.kibana` index:
the Kibana server with credentials so it can access the `.kibana` index and monitor
the cluster.
----
'.kibana':
- indices:admin/create
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update
- indices:admin/create
----
For more information about configuring access in Shield,
see https://www.elasticsearch.org/guide/en/shield/current/_shield_with_kibana_4.html[Shield with Kibana 4]
in the Shield documentation.
To configure credentials for Kibana, set the `kibana_elasticsearch_username` and
To configure credentials the Kibana server, set the `kibana_elasticsearch_username` and
`kibana_elasticsearch_password` properties in `kibana.yml`:
----
@ -51,6 +32,13 @@ To configure credentials for Kibana, set the `kibana_elasticsearch_username` and
kibana_elasticsearch_username: kibana4
kibana_elasticsearch_password: kibana4
----
For information about assigning the Kibana server the necessary permissions in Shield,
see https://www.elasticsearch.org/guide/en/shield/current/_shield_with_kibana_4.html[Shield with Kibana 4]
in the Shield documentation.
[float]
[[enabling-ssl]]
=== Enabling SSL
Kibana supports SSL encryption for both client requests and the requests the Kibana server
sends to Elasticsearch.
@ -82,6 +70,8 @@ If you are using a self-signed certificate for Elasticsearch, set the `ca` prope
ca: /path/to/your/ca/cacert.pem
----
[float]
[[controlling-access]]
=== Controlling access
You can use http://www.elasticsearch.org/overview/shield/[Elasticsearch Shield]
(Shield) to control what Elasticsearch data users can access through Kibana.
@ -89,6 +79,47 @@ Shield provides index-level access control. If a user isn't authorized to run
the query that populates a Kibana visualization, the user just sees an empty
visualization.
To configure access to Kibana using Shield, you create one or more Shield roles
To configure access to Kibana using Shield, you create Shield roles
for Kibana using the `kibana4` default role as a starting point. For more
information, see http://www.elasticsearch.org/guide/en/shield/current/_shield_with_kibana_4.html[Using Shield with Kibana 4].
information, see http://www.elasticsearch.org/guide/en/shield/current/_shield_with_kibana_4.html[Using Shield with Kibana 4].
[float]
[[load-balancing]]
=== Load Balancing Across Multiple Elasticsearch Nodes
If you have multiple nodes in your Elasticsearch cluster, the easiest way to distribute Kibana requests
across the nodes is to run an Elasticsearch _client_ node on the same machine as Kibana.
Elasticsearch client nodes are essentially smart load balancers that are part of the cluster. They
process incoming HTTP requests, redirect operations to the other nodes in the cluster as needed, and
gather and return the results. For more information, see http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-node.html[Node] in the Elasticsearch reference.
To use a local client node to load balance Kibana requests:
. Install Elasticsearch on the same machine as Kibana.
. Configure the node as a client node. In `elasticsearch.yml`, set both `node.data` and `node.master` to `false`:
+
--------
# 3. You want this node to be neither master nor data node, but
# to act as a "search load balancer" (fetching data from nodes,
# aggregating results, etc.)
#
node.master: false
node.data: false
--------
. Configure the client node to join your Elasticsearch cluster. In `elasticsearch.yml`, set the `cluster.name` to the
name of your cluster.
+
--------
cluster.name: "my_cluster"
--------
. Make sure Kibana is configured to point to your local client node. In `kibana.yml`, the `elasticsearch_url` should be set to
`localhost:9200`.
+
--------
# The Elasticsearch instance to use for all your queries.
elasticsearch_url: "http://localhost:9200"
--------