elasticsearch7.10.2集群部署带认证

安装elasticsearch

rpm包安装

下载地址
https://mirrors.aliyun.com/elasticstack/7.x/yum/7.10.2/

生成证书

bash 复制代码
#1.生成CA证书
# 生成CA证书,执行命令后,系统还会提示你输入密码,可以直接留空
cd /usr/share/elasticsearch/bin
./elasticsearch-certutil ca
 
#会在/usr/share/elasticsearch/下生成一个elastic-stack-ca.p12文件
ls -l /usr/share/elasticsearch/
-rw-------. 1 elastic elastic 2527 May 21 14:29 elastic-stack-ca.p12
 
#2.根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
# 生成证书和私钥,系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以留空
cd /usr/share/elasticsearch/
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把生成的证书放到 /etc/elasticsearch/目录下,并授权

不加认证,启动集群模式

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

启动集群,查看状态

bash 复制代码
curl -XGET  "http://127.0.0.1:9200/_cat/nodes"

添加认证和证书,重启集群

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
#cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

设置口令

bash 复制代码
./bin/elasticsearch-setup-passwords interactive

查看集群信息

bash 复制代码
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cluster/health?pretty"
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cat/nodes"

kibana

vim /etc/kibana/kibana.yml

yaml 复制代码
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.0.11:9200","http://192.168.0.12:9200","http://192.168.0.13:9200"]
xpack.security.enabled: true
kibana.index: ".kibana"
i18n.locale: "zh-CN"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
相关推荐
云动雨颤18 分钟前
Python 自动化办公神器|一键转换所有文档为 PDF
运维·python
Fanmeang27 分钟前
OSPF高级特性之FRR
运维·网络·华为·ip·ospf·spf·frr
小张不嚣张꒰ঌ(˚ᆺ˚)໒꒱27 分钟前
Centos7在yum当中遇到Could not resolve host: mirrorlist.centos.org解决方案
linux·运维·服务器·centos
Sca_杰34 分钟前
centos指令
linux·运维·centos
几道之旅35 分钟前
centos 7 安装NVIDIA Container Toolkit
linux·运维·centos
DuelCode36 分钟前
Windows VMWare Centos Docker部署Nginx并配置对Springboot应用的访问代理
linux·运维·服务器
myloveasuka43 分钟前
信号操作集函数
linux·运维·服务器·c语言·c++·vscode
亦舒.1 小时前
宝塔面板Nginx手动配置负载均衡实战指南
运维·nginx·负载均衡
舒克起飞了2 小时前
linux系统编程——Makefile、GDB调试
linux·运维·服务器
deming_su3 小时前
轻松上手:使用Nginx实现高效负载均衡
运维·nginx·负载均衡