ES设置证书和创建用户，kibana连接es

1、启动好es

2、进入es容器

docker exec -it es /bin/bash

3、生成ca证书

./bin/elasticsearch-certutil ca

注：两个红方框位置直接回车

4、生成cert证书

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

注：前两个红框直接回车，第三个红框可以直接回车，也可以输入证书密码

5、查看证书

ls

6、拷贝es容器的证书

1. 进入es的config文件夹

2. 拷贝容器证书

3. docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 ./

4. 授权证书

5. chmod 777 elastic-certificates.p12

7、添加配置文档

vi elasticsearch.yml

network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
 
xpack.security.audit.enabled: true

8、修改docker-compose.yml文件

services:
  es:
    image: harbor-operation.maas.com.cn/library/elasticsearch:8.6.0
    container_name: es
    environment:
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./data:/usr/share/elasticsearch/data
      - ./log:/usr/share/elasticsearch/log
      - ./plugins:/usr/share/elasticsearch/plugins
      - /home/clouduser/cxb/efk/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
      - /home/clouduser/cxb/efk/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
    ports:
      - "9200:9200"
      - "9300:9300"
    networks:
      - docker-common-net
 
networks:
  docker-common-net:
    external: true

9、重启es容器

docker-compose关闭es容器

docker-compose down

docker-compose开启es容器

docker-compose up -d

10、设置账号密码

进入es容器

docker exec -it es /bin/bash

设置密码（账号默认为 elastic）

./bin/elasticsearch-setup-passwords interactive

11、创建新用户

因为es 不允许使用elastic用户登录kibana，所以这里需要创建一个自定义用户。

进入es容器，docker exec -it es bash，执行bin/elasticsearch-users useradd test

添加了用户，并需要给这个用户添加角色不然会报错

角色授权

bin/elasticsearch-users roles -a superuser test

bin/elasticsearch-users roles -a kibana_system test

12、ip+9200 验证

使用默认账户elastic登录或者使用自定义的账号登录

13、遇到的问题

ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

es | bootstrap check failure [2] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

上面的问题解决方案就是14，配置对应的yml解决

14、配套能启动es的yml

elasticsearch.yml

http.host: 0.0.0.0

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12

xpack.security.audit.enabled: true

证书

15、kibana

services:
  kibana:
    image: harbor-operation.maas.com.cn/library/kibana:8.6.0
    restart: always
    container_name: kibana
    environment:
      - TZ=Asia/Shanghai
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
    ports:
      - "5601:5601"
    networks:
      - docker-common-net
 
networks:
  docker-common-net:
    external: true

kibana.yml

i18n.locale: zh-CN
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://es:9200" ]
elasticsearch.username: "root"
elasticsearch.password: "123456"

验证，输入上面的账号密码，登录成功。