elasticsearch7.10.2集群部署带认证

安装elasticsearch

rpm包安装

下载地址
https://mirrors.aliyun.com/elasticstack/7.x/yum/7.10.2/

生成证书

bash 复制代码
#1.生成CA证书
# 生成CA证书,执行命令后,系统还会提示你输入密码,可以直接留空
cd /usr/share/elasticsearch/bin
./elasticsearch-certutil ca
 
#会在/usr/share/elasticsearch/下生成一个elastic-stack-ca.p12文件
ls -l /usr/share/elasticsearch/
-rw-------. 1 elastic elastic 2527 May 21 14:29 elastic-stack-ca.p12
 
#2.根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
# 生成证书和私钥,系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以留空
cd /usr/share/elasticsearch/
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把生成的证书放到 /etc/elasticsearch/目录下,并授权

不加认证,启动集群模式

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

启动集群,查看状态

bash 复制代码
curl -XGET  "http://127.0.0.1:9200/_cat/nodes"

添加认证和证书,重启集群

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
#cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

设置口令

bash 复制代码
./bin/elasticsearch-setup-passwords interactive

查看集群信息

bash 复制代码
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cluster/health?pretty"
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cat/nodes"

kibana

vim /etc/kibana/kibana.yml

yaml 复制代码
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.0.11:9200","http://192.168.0.12:9200","http://192.168.0.13:9200"]
xpack.security.enabled: true
kibana.index: ".kibana"
i18n.locale: "zh-CN"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
相关推荐
好名字更能让你们记住我1 小时前
Linux多线程(十二)之【生产者消费者模型】
linux·运维·服务器·jvm·windows·centos
门思科技1 小时前
设计可靠 LoRaWAN 设备时需要考虑的关键能力
运维·服务器·网络·嵌入式硬件·物联网
学习编程的gas2 小时前
Linux开发工具——gcc/g++
linux·运维·服务器
二闹2 小时前
SLF4J/Logback 配置与 ELK 集成实战指南
后端·elasticsearch·logstash
dessler3 小时前
Kafka-消费者(Consumer)和消费者组(Consumer Group)
linux·运维·kafka
进击的程序汪3 小时前
Linux 启动过程流程图--ARM版
linux·运维·arm开发
紫璨月3 小时前
nginx反向代理的bug
运维·nginx·bug
没有名字的小羊3 小时前
2.安装Docker
运维·docker·容器
xiezhr3 小时前
50 个常用 Docker 命令
运维·docker·容器
egoist20234 小时前
【Linux仓库】进程优先级及进程调度【进程·肆】
linux·运维·服务器·进程切换·进程调度·进程优先级·大o1调度