elasticsearch 7.6.2 xpack认证部署

先看我遇到的问题，再部署，不走弯路。

一：xpack ca证书不加密部署

1.  环境准备：centos 7.7 ELK 7.6.2

[root@es_master kibana]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 

禁用防火墙。或者配置防火墙策略

2. 机器准备

机器ip	安装应用
192.168.186.132	es master x-pack
192.168.186.130	es datanode x-pack
192.168.186.131	es datenode x-pack

3. 下载安装包

下载安装包（三台都需要安装解压）
[root@es_master ]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-linux-x86_64.tar.gz  #下载es
[root@es_master ]#scp elasticsearch-7.6.2-linux-x86_64.tar.gz root@192.168.186.130:/root/
[root@es_master ]#scp elasticsearch-7.6.2-linux-x86_64.tar.gz root@192.168.186.131:/root/
[root@es_master ]# tar -xf elasticsearch-7.6.2-linux-x86_64.tar.gz -C /usr/local/  

4. 创建es用户以及目录

创建目录以及用户（三台）
[root@es_node1 ~]#useradd elastic
[root@es_node1 ]# mkdir -p /data/elastic/data
[root@es_node1 ]# mkdir -p /data/elastic/logs
[root@es_node1 ]# chown -R elastic:elastic /data/elastic/data/
[root@es_node1 ]# chown -R elastic:elastic /data/elastic/logs/

给es安装目录授权

[root@es_master local]# pwd
/usr/local
[root@es_master local]# chown -R elastic:elastic elasticsearch-7.6.2

5. 生成ca证书（master节点）

[root@es_master elasticsearch-7.6.2]# pwd
/usr/local/elasticsearch-7.6.2
[elastic@es_master elasticsearch-7.6.2]$ bin/elasticsearch-certutil ca      #生成ca证书颁发机构
This tool assists you in the generation of X.509 certificates and certificate 
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]:         #回车默认证书名为elastic-stack-ca.p12
Enter password for elastic-stack-ca.p12 :     #是否设置密码  回车为空在下面的配置文件中就不需要添加ca证书的密码
[elastic@es_master elasticsearch-7.6.2]$ 
[elastic@es_master elasticsearch-7.6.2]$ 
[elastic@es_master elasticsearch-7.6.2]$ bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'cert' mode generates X.509 certificate and private keys.
    * By default, this generates a single certificate and key for use
       on a single instance.
    * The '-multiple' option will prompt you to enter details for multiple
       instances and will generate a certificate and key for each one
    * The '-in' option allows for the certificate generation to be automated by describing
       the details of each instance in a YAML file

    * An instance is any piece of the Elastic Stack that requires an SSL certificate.
      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
      may all require a certificate and private key.
    * The minimum required value for each instance is a name. This can simply be the
      hostname, which will be used as the Common Name of the certificate. A full
      distinguished name may also be used.
    * A filename value may be required for each instance. This is necessary when the
      name would result in an invalid file or directory name. The name provided here
      is used as the directory name (within the zip) and the prefix for the key and
      certificate files. The filename is required if you are prompted and the name
      is not displayed in the prompt.
    * IP addresses and DNS names are optional. Multiple values can be specified as a
      comma separated string. If no IP addresses or DNS names are provided, you may
      disable hostname verification in your SSL configuration.

    * All certificates generated by this tool will be signed by a certificate authority (CA).
    * The tool can automatically generate a new CA for you, or you can provide your own with the
         -ca or -ca-cert command line options.

By default the 'cert' mode produces a single PKCS#12 output file which holds:
    * The instance certificate
    * The private key for the instance certificate
    * The CA certificate

If you specify any of the following options:
    * -pem (PEM formatted output)
    * -keep-ca-key (retain generated CA key)
    * -multiple (generate multiple certificates)
    * -in (generate certificates from an input file)
then the output will be be a zip file containing individual certificate/key files

Enter password for CA (elastic-stack-ca.p12) :        #输入ca颁发机构的密码 ，如果有密码则输入。如果上面回车设置为空，则 回车
Please enter the desired output file [elastic-certificates.p12]:      #回车 默认证书文件为elastic-certificates.p12 
Enter password for elastic-certificates.p12 :      #给这个证书文件加密

Certificates written to /usr/local/elasticsearch-7.6.2/elastic-certificates.p12

This file should be properly secured as it contains the private key for 
your instance.

This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

将ca证书copy到两个数据节点

[root@es_master elasticsearch-7.6.2]# mv elastic-certificates.p12 elastic-stack-ca.p12 config/
[root@es_master config]# scp elastic-certificates.p12 elastic-stack-ca.p12 root@es_node1:/usr/local/elasticsearch-7.6.2/config/
[root@es_master config]# scp elastic-certificates.p12 elastic-stack-ca.p12 root@es_node2:/usr/local/elasticsearch-7.6.2/config/

6. 修改配置

数据节点相应修改node.name，node.master，node.data等参数

cluster.name: es_test
node.name: es_master
path.data: /data/elastic/data
path.logs: /data/elastic/logs/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
node.master: false
node.data: true
discovery.seed_hosts: ["192.168.186.132","192.168.186.130","192.168.186.131"]
transport.tcp.port: 9300
cluster.initial_master_nodes: ["es_master","es_node1","es_node2"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

修改jvm参数

[root@es_master config]#jvm.options
-Xms512m
-Xmx512m

7. 启动

切换elastic用户启动
[elastic@es_master elasticsearch-7.6.2]$ bin/elasticsearch

8. 遇到的报错解决方法

8.1 启动后证书密码错误

启动报错：
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
显示证书密码错误。
Enter password for elastic-certificates.p12 : #在这一步回车，不给证书加密

8.2 bootstrap checks failed

启动报错：
[2021-10-08T00:39:36,798][INFO ][o.e.t.TransportService   ] [es_master] publish_address {192.168.186.132:9300}, bound_addresses {[::]:9300}
[2021-10-08T00:39:37,710][INFO ][o.e.b.BootstrapChecks    ] [es_master] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: memory locking requested for elasticsearch process but memory is not locked
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /data/elastic/logs/es_test.log
系统参数优化（三台）：
[root@es_master config]#vim /etc/security/limits.conf
elastic - nofile 65536
[root@es_master config]#vim /etc/sysctl.conf
vm.max_map_count=262144
[root@es_master config]#sysctl -p #立即生效

ERROR: [1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is not locked
系统参数优化（三台）：
[root@es_master config]#ulimit -l unlimited

8.3 数据节点报错

启动数据节点报错，这是java的一个已知问题：https://blog.csdn.net/qq_16513911/article/details/97696038
Caused by: javax.crypto.BadPaddingException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)

8.4 一直无法发现master

配置前提：配置为一个master节点，三个数据节点的角色
es_master：
node.master: true
node.data: true
es_node1/2:
node.master: false
node.data: true

以上配置启动好长一段时间报错：
[2021-10-08T01:08:09,097][WARN ][o.e.c.c.ClusterFormationFailureHelper] [es_master] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [es_master, es_node1, es_node2] to bootstrap a cluster: have discovered [{es_master}{dE42RyDeTa6W0IxmU0txLg}{Qdue8TeHTXCrWdmq5bhdxA}{192.168.186.132}{192.168.186.132:9300}{dilm}{ml.machine_memory=1913507840, xpack.installed=true, ml.max_open_jobs=20}]; discovery will continue using [192.168.186.130:9300, 192.168.186.131:9300] from hosts providers and [{es_master}{dE42RyDeTa6W0IxmU0txLg}{Qdue8TeHTXCrWdmq5bhdxA}{192.168.186.132}{192.168.186.132:9300}{dilm}{ml.machine_memory=1913507840, xpack.installed=true, ml.max_open_jobs=20}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
发现是配置有问题：https://www.5axxw.com/questions/content/xsrzq9
discovery.seed_hosts: ["192.168.186.132","192.168.186.130","192.168.186.131"]
cluster.initial_master_nodes: ["es_master","es_node1","es_node2"]
由于设计为一台master，两台数据节点。故这里的配置三台服务器都修改配置为：
discovery.seed_hosts: ["192.168.186.132"]
cluster.initial_master_nodes: ["es_master"]
启动后发现进程都正常了，可以看到日志两个节点都加入到集群中来：
[2021-10-08T01:25:13,233][INFO ][o.e.c.s.MasterService    ] [es_master] elected-as-master ([1] nodes joined)[{es_master}{dE42RyDeTa6W0IxmU0txLg}{wLeiFw6VR2mEfvA-Al_PyA}{192.168.186.132}{192.168.186.132:9300}{dilm}{ml.machine_memory=1913507840, xpack.installed=true, ml.max_open_jobs=20} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{es_master}{dE42RyDeTa6W0IxmU0txLg}{wLeiFw6VR2mEfvA-Al_PyA}{192.168.186.132}{192.168.186.132:9300}{dilm}{ml.machine_memory=1913507840, xpack.installed=true, ml.max_open_jobs=20}]}
[2021-10-08T01:25:13,460][INFO ][o.e.c.c.CoordinationState] [es_master] cluster UUID set to [fHapARovTp2rf7u_P-wWQw]
[2021-10-08T01:25:13,592][INFO ][o.e.c.s.ClusterApplierService] [es_master] master node changed {previous [], current [{es_master}{dE42RyDeTa6W0IxmU0txLg}{wLeiFw6VR2mEfvA-Al_PyA}{192.168.186.132}{192.168.186.132:9300}{dilm}{ml.machine_memory=1913507840, xpack.installed=true, ml.max_open_jobs=20}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2021-10-08T01:25:13,862][INFO ][o.e.h.AbstractHttpServerTransport] [es_master] publish_address {192.168.186.132:9200}, bound_addresses {[::]:9200}
[2021-10-08T01:25:13,864][INFO ][o.e.n.Node               ] [es_master] started
[2021-10-08T01:25:14,276][INFO ][o.e.g.GatewayService     ] [es_master] recovered [0] indices into cluster_state
..........
[2021-10-08T01:25:30,174][INFO ][o.e.c.s.MasterService    ] [es_master] node-join[{es_node1}{leRlyc1mRQaFD4omnqgT8Q}{YxlE_RoRRjGm7S4iwOVldg}{192.168.186.130}{192.168.186.130:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true} join existing leader], term: 1, version: 20, delta: added {{es_node1}{leRlyc1mRQaFD4omnqgT8Q}{YxlE_RoRRjGm7S4iwOVldg}{192.168.186.130}{192.168.186.130:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true}}
[2021-10-08T01:25:32,721][INFO ][o.e.c.s.ClusterApplierService] [es_master] added {{es_node1}{leRlyc1mRQaFD4omnqgT8Q}{YxlE_RoRRjGm7S4iwOVldg}{192.168.186.130}{192.168.186.130:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true}}, term: 1, version: 20, reason: Publication{term=1, version=20}
[2021-10-08T01:25:35,528][INFO ][o.e.c.s.MasterService    ] [es_master] node-join[{es_node2}{WYXr6jCiR7m2D7iOvY93Yw}{0bpa3Mr3TTGEJNyjoxQivg}{192.168.186.131}{192.168.186.131:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true} join existing leader], term: 1, version: 21, delta: added {{es_node2}{WYXr6jCiR7m2D7iOvY93Yw}{0bpa3Mr3TTGEJNyjoxQivg}{192.168.186.131}{192.168.186.131:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true}}
[2021-10-08T01:25:39,276][INFO ][o.e.c.s.ClusterApplierService] [es_master] added {{es_node2}{WYXr6jCiR7m2D7iOvY93Yw}{0bpa3Mr3TTGEJNyjoxQivg}{192.168.186.131}{192.168.186.131:9300}{dil}{ml.machine_memory=1913507840, ml.max_open_jobs=20, xpack.installed=true}}, term: 1, version: 21, reason: Publication{term=1, version=21}

 9. 设置用户登录密码

执行设置用户名和密码的命令，需要为4个用户分别设置密码：elastic、kibana、logstash_system、beats_system
1、可以自动设置密码
bin/elasticsearch-setup-passwords auto
2、也可以手动设置密码
bin/elasticsearch-setup-passwords interactive 

[root@es_master elasticsearch-7.6.2]# bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

10. 验证集群

[root@es_master config]# curl -XGET -u elastic es_master:9200/_cat/health?v
Enter host password for user 'elastic':
epoch      timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1633682925 08:48:45  es_test green           3         3      2   1    0    0        0             0                  -                100.0%
##########如果没有用户认证则会报错。
[root@es_master elasticsearch-7.6.2]# curl -XGET  es_node1:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
[root@es_master kibana]# curl -XGET -u elastic "http://192.168.186.133:9200/_cat/nodes"

二、xpack ca证书加密部署

删除没有设置密码的证书，给证书加密
步骤：
1、生成CA证书 bin/elasticsearch-certutil ca，将产生新文件 elastic-stack-ca.p12。
2、为集群中的每个节点生成证书和私钥 bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12，将产生新文件 elastic-certificates.p12
3、将 elastic-certificates.p12 文件复制到每个节点上Elasticsearch配置目录中。例如，config/下。无需将 elastic-stack-ca.p12 文件复制到此目录
4、本文上述密码设为一致的。创建证书时输入了密码，加密密码。
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

1、遇到的问题一

 rm -rf elastic-certificates.p12 elastic-stack-ca.p12 。重新生成证书之后输入密码可能有复制到空格还是什么，还是密码一开始设置为空。
启动的时候还是报错，密码不对

 解决办法：解决方法：把安装目录整个删除，解压重新安装。复制密码的时候小心不要复制到空格。master启动成功，无ssl报错。

ps：猜测将keystore文件删除，重新生成ca证书应该没问题。如果还是不行，就删除安装目录，重新安装吧。

2、遇到的问题二

复制elastic-certificates.p12到node1/2。启动的时候仍然报ssl错
解决办法：发现node1/2上的文件与master不符合。将master节点上的这个文件复制到node1/2上。成功解决问题
[elastic@es_node1 config]$ md5sum elasticsearch.keystore  #通过该命令检查文件不同
6189442dbab2609fc6562a83a1a1a67a  elasticsearch.keystore

最后：三个节点均已经重新解压，配置不变。密码无需更新设置，因为第一次操作密码更改的记录在原有的data目录中。 （猜测是这样）

3、遇到的问题三

已经安装成功，但是第二天重启虚拟机后又出现交换分区问题。

需要修改
/etc/security/limits.conf
baoshan soft memlock unlimited
baoshan hard memlock unlimited

修改之后重启机器：
/etc/sysctl.conf
vm.swappiness=0

三、安装kibana

[root@es_master local]#tar -xf /usr/local/kibana-7.6.2-linux-x86_64.tar.gz 
[elastic@es_master config]$ pwd
/usr/local/kibana-7.6.2-linux-x86_64/config
[elastic@es_master config]$ vim kibana.yml
elasticsearch.hosts: ["http://192.168.186.133:9200"]
logging.dest: /var/log/kibana/kibana.log
server.host: "192.168.186.132"
server.port: 5601
elasticsearch.username: "kibana"   
elasticsearch.password: "123456"   #在 kibana.yml 文件中填写连接ES的用户凭证，上一步有为 kibana 用户初始化密码。
elasticsearch.requestTimeout: 90000

ps ：如果你不想将用户ID和密码放在kibana.yml文件中明文配置，可以将它们存储在密钥库中。运行以下命令以创建Kibana密钥库并添加配置：
./bin/kibana-keystore create
./bin/kibana-keystore add elasticsearch.username
./bin/kibana-keystore add elasticsearch.password

增加内存参数，切换用户启动kibana

root@es_master kibana-7.6.2-linux-x86_64]# cd bin/
[root@es_master bin]# vim kibana
NODE_OPTIONS="$NODE_OPTIONS --max-old-space-size=200"
[elastic@es_master bin]$ ./kibana
events.js:174
      throw er; // Unhandled 'error' event
      ^

Error: ENOENT: no such file or directory, open '/var/log/kibana/kibana.log'
Emitted 'error' event at:
    at errorOrDestroy (internal/streams/destroy.js:107:12)
    at WriteStream.onerror (_stream_readable.js:734:7)
    at WriteStream.emit (events.js:198:13)
    at lazyFs.open (internal/fs/streams.js:277:12)
    at FSReqWrap.args [as oncomplete] (fs.js:140:20)

解决方法：创建目录/var/log/kibana/，授权chown -R elastic:elastic kibana/
再次启动有个报警
{"type":"log","@timestamp":"2021-10-09T03:22:19Z","tags":["reporting","warning"],"pid":4686,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml"}
解决方法：在kibana.yml中添加【xpack.reporting.encryptionKey】和【xpack.security.encryptionKey】
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"

后台启动方式，至此安装成功。
[elastic@es_master bin]$ nohup ./kibana &
[root@es_master ]# netstat -antpul | grep 5601    #看到端口监听成功，登录用elastic用户即可完成。
tcp        0      0 192.168.186.133:5601    0.0.0.0:*               LISTEN      5306/./../node/bin/ 

四、附录

1. es三台配置详情

cluster.name: es_test
node.name: es_master
path.data: /data/elastic/data
path.logs: /data/elastic/logs/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
node.master: true
node.data: true
discovery.seed_hosts: ["192.168.186.132"]
transport.tcp.port: 9300
cluster.initial_master_nodes: ["es_master"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#允许跨域让各种可视化工具连接到Es
http.cors.enabled: true
http.cors.allow-origin: "*"

cluster.name: es_test
node.name: es_node1
path.data: /data/elastic/data
path.logs: /data/elastic/logs/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
node.master: false
node.data: true
discovery.seed_hosts: ["192.168.186.132"]
transport.tcp.port: 9300
cluster.initial_master_nodes: ["es_master"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

cluster.name: es_test
node.name: es_node2
path.data: /data/elastic/data
path.logs: /data/elastic/logs/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
node.master: false
node.data: true
discovery.seed_hosts: ["192.168.186.132"]
transport.tcp.port: 9300
cluster.initial_master_nodes: ["es_master"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2. kibana配置详情

elasticsearch.hosts: ["http://192.168.186.133:9200"]
logging.dest: /var/log/kibana/kibana.log
server.host: "192.168.186.133"
server.port: 5601
elasticsearch.username: "kibana"
elasticsearch.password: "123456"
elasticsearch.requestTimeout: 90000
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"

有个博主的排版好看点：Elasticsearch7.6版本集群部署(含X-PACK安全认证)_代码里有毒的博客-CSDN博客