elasticsearch7.10.2集群部署带认证

安装elasticsearch

rpm包安装

下载地址
https://mirrors.aliyun.com/elasticstack/7.x/yum/7.10.2/

生成证书

bash 复制代码
#1.生成CA证书
# 生成CA证书,执行命令后,系统还会提示你输入密码,可以直接留空
cd /usr/share/elasticsearch/bin
./elasticsearch-certutil ca
 
#会在/usr/share/elasticsearch/下生成一个elastic-stack-ca.p12文件
ls -l /usr/share/elasticsearch/
-rw-------. 1 elastic elastic 2527 May 21 14:29 elastic-stack-ca.p12
 
#2.根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
# 生成证书和私钥,系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以留空
cd /usr/share/elasticsearch/
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把生成的证书放到 /etc/elasticsearch/目录下,并授权

不加认证,启动集群模式

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

启动集群,查看状态

bash 复制代码
curl -XGET  "http://127.0.0.1:9200/_cat/nodes"

添加认证和证书,重启集群

egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml

yaml 复制代码
cluster.name: es
node.name: es1
path.data: /app/es/data
path.logs: /app/es/log
network.host: 0.0.0.0
node.master: true
node.data: true
discovery.seed_hosts: ["172.17.13.10:9300", "172.17.13.11:9300", "172.17.13.12:9300"]
#cluster.initial_master_nodes: ["es1", "es2", "es3"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

设置口令

bash 复制代码
./bin/elasticsearch-setup-passwords interactive

查看集群信息

bash 复制代码
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cluster/health?pretty"
curl -XGET -u elastic:123456 "http://127.0.0.1:9200/_cat/nodes"

kibana

vim /etc/kibana/kibana.yml

yaml 复制代码
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.0.11:9200","http://192.168.0.12:9200","http://192.168.0.13:9200"]
xpack.security.enabled: true
kibana.index: ".kibana"
i18n.locale: "zh-CN"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
相关推荐
风吹落叶花飘荡10 分钟前
Ubuntu系统 系统盘和数据盘扩容具体操作
linux·运维·ubuntu
mykyle41 分钟前
Elasticsearch-ik分析器
大数据·elasticsearch·jenkins
Z7676_1 小时前
OSPF开放式最短路径优先
运维·网络
RPA+AI十二工作室1 小时前
影刀RPA_抖音评价获取_源码解读
运维·机器人·自动化·源码·rpa·影刀
呉師傅4 小时前
佳能iR-ADV C5560复印机如何扫描文件到电脑
运维·网络·windows·计算机外设·电脑
半梦半醒*5 小时前
Linux网络管理
linux·运维·网络·centos·运维开发
破刺不会编程5 小时前
linux线程概念和控制
linux·运维·服务器·开发语言·c++
Nightwish56 小时前
Linux随记(二十一)
linux·运维·服务器
IT成长日记8 小时前
【自动化运维神器Ansible】Ansible常用模块之File模块详解
运维·自动化·ansible·file·常用模块
獭.獭.8 小时前
Linux -- 文件【上】
linux·运维·服务器·进程·pcb