elasticsearch集群开启权限验证
1.配置主节点的elasticsearch.yml文件
在最下面增加以下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
2.配置用户和用户组
ps:我是rpm包安装的,所以路径在/usr/share/elasticsearch
启动elasticsearch,执行以下命令:
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
设置一系列用户组的密码
3.配置cert证书
1.为Elasticsearch集群创建一个证书颁发机构。
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
2.为集群中的每个节点生成证书和私钥
后面的elastic-stack-ca.p12为上一步执行对文件的命名
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
3.将证书拷贝到elasticsearch的每个节点下面config/certs目录下
elastic-certificates.p12
4.配置elasticsearch.yml文件
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
5.如果在创建证书的过程中加了密码,需要将你的密码加入到你的Elasticsearch keystore中去。每个节点都需要
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
证书文件的权限很重要!!!
证书文件的权限很重要!!!
证书文件的权限很重要!!!