Elasticsearch3节点集群配置账号密码安全验证
ES配置文件
root@node1:~# grep -Ev "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: es-pre
node.name: node1
node.master: true
node.data: true
path.data: /data/elk/es/data
path.logs: /data/elk/es/logs
network.host: esIP
http.port: 9200
discovery.seed_hosts: ["node1", "node2", "node3"]
cluster.initial_master_nodes: ["node1", "node2", "node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true
root@node1:~#
生成CA证书
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
拷贝证书文件到es节点目录
mv ./elastic-certificates.p12 /etc/elasticsearch
拷贝证书到es节点并授权
scp /etc/elasticsearch/elastic-certificates.p12 node3:/etc/elasticsearch/
scp /etc/elasticsearch/elastic-certificates.p12 node2:/etc/elasticsearch/
chown elasticsearch.elasticsearch /etc/elasticsearch/elastic-certificates.p12
拷贝es配置文件到es节点
scp /etc/elasticsearch/elasticsearch.yml node2:/etc/elasticsearch/
scp /etc/elasticsearch/elasticsearch.yml node3:/etc/elasticsearch/
三个节点启动ES
systemctl restart elasticsearch.service
登录任一节点设置密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
#需要设置密码的用户
apm_system
kibana_system
kibana
logstash_system
beats_system
remote_monitoring_user
elastic
配置kibana
root@node1:~# grep -Ev "^#|^$" /etc/kibana/kibana.yml
server.port: 5601
server.host: "kibanaIP"
server.publicBaseUrl: "http://kibanaIP"
elasticsearch.hosts: ["http://esIP:9200","http://esIP:9200","http://esIP:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "Your@Passw0rd"
i18n.locale: "zh-CN"