elasticsearch7.10.2集群部署带认证

安装elasticsearch

rpm包安装

下载地址
https://mirrors.aliyun.com/elasticstack/7.x/yum/7.10.2/

生成证书

bash 复制代码
#1.生成CA证书
# 生成CA证书,执行命令后,系统还会提示你输入密码,可以直接留空
cd /usr/share/elasticsearch/bin
./elasticsearch-certutil ca
 
#会在/usr/share/elasticsearch/下生成一个elastic-stack-ca.p12文件
ls -l /usr/share/elasticsearch/
-rw-------. 1 elastic elastic 2527 May 21 14:29 elastic-stack-ca.p12
 
#2.根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
# 生成证书和私钥,系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以留空
cd /usr/share/elasticsearch/
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把生成的证书放到 /etc/elasticsearch/目录下,并授权

不加认证,启动集群模式

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

启动集群,查看状态

bash 复制代码
curl -XGET  "http://127.0.0.1:9200/_cat/nodes"

添加认证和证书,重启集群

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
#cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

设置口令

bash 复制代码
./bin/elasticsearch-setup-passwords interactive

查看集群信息

bash 复制代码
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cluster/health?pretty"
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cat/nodes"

kibana

vim /etc/kibana/kibana.yml

yaml 复制代码
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.0.11:9200","http://192.168.0.12:9200","http://192.168.0.13:9200"]
xpack.security.enabled: true
kibana.index: ".kibana"
i18n.locale: "zh-CN"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
相关推荐
Lacrimosa&L1 小时前
操作系统概述
运维
Guheyunyi1 小时前
风险感知中枢:监测预警系统的架构与核心
大数据·运维·安全·重构·架构·自动化
东城绝神1 小时前
《Linux运维总结:基于X86_64+ARM64架构CPU使用docker-compose一键离线部署consul 1.21.5容器版集群》
linux·运维·docker·架构·consul
wheeldown2 小时前
【Linux】Linux进程间通信:命名管道(FIFO)的模拟实现重要知识点梳理
linux·运维·服务器
Crazy________2 小时前
34部署LNMP架构详细解析
linux·运维·服务器·nginx
刺客xs2 小时前
linux GDB调试器
linux·运维·windows
板鸭〈小号〉3 小时前
connect 的断线重连
运维·服务器
黄昏晓x4 小时前
Linux----权限
linux·运维·服务器
小白不想白a4 小时前
【shell】每日shell练习(系统服务状态监控/系统性能瓶颈分析)
linux·运维·服务器
一匹电信狗5 小时前
【MySQL】数据库的相关操作
linux·运维·服务器·数据库·mysql·ubuntu·小程序