Elasticsearch滚动升级,添加X-pack安全验证(6.4.1-6.8.x-7.8.x)

Elasticsearch滚动升级,添加X-pack安全验证(6.4.1-6.8.x-7.8.x)

一.查看官网升级树

Upgrade from	Recommended upgrade path to 7.8.0
7.0–7.7	Rolling upgrade to 7.8.0

6.8	Rolling upgrade to 7.8.0

6.0–6.7	1.	Rolling upgrade to 6.8
2.	Rolling upgrade to 7.8.0

5.6	1.	Rolling upgrade to 6.8
2.	Rolling upgrade to 7.8.0

5.0–5.5	1.	Rolling upgrade to 5.6
2.	Rolling upgrade to 6.8
3.	Rolling upgrade to 7.8.0

二.升级elasticsearch

2.1.先升级slave节点,后升级master

2.2.禁用分片(6.4.1升级到6.8.x)
curl -X PUT http://192.168.50.120:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{"transient": {"cluster.routing.allocation.enable": "none"}}'

systemclt stop elasticsearch
先升级到6.8.x
rpm -Uvh elasticsearch-6.8.10.rpm

启动分片,通过elasticsearch-head查看状态,后启动服务
curl -X PUT http://192.168.50.120:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{"transient": {"cluster.routing.allocation.enable": "all"}}'

2.3.升级到elasticsearch7.8.x

2.3.1.首先去除java环境变量,es7.8自带java环境vim /etc/profile后 ,重启机器
执行上述同样的步骤,禁用分片,停止服务,升级elasticsearch-7.8.10.rpm,启动服务
rpm -Uvh elasticsearch-7.8.10.rpm
2.3.2.升级X-pack安全验证
cd /usr/share/elasticsearch
./bin/elasticsearch-certutil ca直接回车。默认文件会在 ES 根目录产生,名为 elastic-stack-ca.p12。
然后可以将文件 elastic-stack-ca.p12 复制到每个 ES 节点的根目录下。
scp elastic-stack-ca.p12 192.168.50.122:/usr/share/elasticsearch/
scp elastic-stack-ca.p12 192.168.50.121:/usr/share/elasticsearch/)

为集群中的每个节点创建证书和私钥(每个node都要执行以下内容)
生成证书和密钥
./bin/elasticsearch-certutil cert --ca ./elastic-stack-ca.p12 
mv elastic-certificates.p12 /etc/elasticsearch
cd /etc/elasticsearch
chmod 777 elastic-certificates.p12
将生成的文件复制到配置文件目录下,此时需要更改权限chmod 777

修改 ES 配置文件
默认文件: ./config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

设置内置用户密码(统一设置一个)
./bin/elasticsearch-setup-passwords interactive

修改kibana配置文件
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
xpack.security.enabled: true

三.kibana升级

3.1.升级到6.8.10
systemclt stop kibana
rpm -Uvh kibana-6.8.10-x86_64.rpm
启动服务器
3.2.升级到7.8.10(注修改es集群地址)
升级到kibana7.8.10
修改kibana配置文件(指定es集群地址)
需要用:elasticsearch.hosts, 而不是:elasticsearch.url

四.配置logstash /apm文件
logstash配置

input{
    file {
        path=>"/var/log/messages"
        start_position=>"beginning"
    }
}
output {
    elasticsearch {
            hosts => [ "192.168.50.122:9200" ]
            index => "messageslog8623-%{[log_source]}-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "123456"
    }
    stdout { codec => rubydebug}

}

apm配置

######################### APM Server Configuration #########################
output.elasticsearch:
    hosts: ["192.168.50.122:9200"]
    username: "elastic"
    password: "123456"

################################ APM Server ################################

apm-server:
  # Defines the host and port the server is listening on. Use "unix:/path/to.sock" to listen on a unix domain socket.
  host: "0.0.0.0:8200"
  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值