文章目录
文章主要介绍避免证书加密的坑,前期的准备工作和环境参数这里就不介绍了
Centos7.9:192.168.247.133/192.168.247.134 (本地虚机)
安装包版本 :elasticsearch-8.13.3-linux-x86_64.tar.gz
1:创建用户
[root@localhost ~]# adduser es
[root@localhost ~]# echo 123456 | passwd --stdin es
接下来的操作都在es用户下操作,记得赋权
2:直接从安装包解压开始,先配置主节点
解压安装包
tar -zxvf elasticsearch-8.13.3-linux-x86_64.tar.gz
3:编辑配置文件
vi elasticsearch-8.13.3/config/elasticsearch.yml
cluster.name: my-application #集群名称 所有节点一致
node.name: node-1 #节点名称,各个节点不同
path.data: /data/elk/data #数据目录自定义
path.logs: /data/elk/data #日志目录
network.host: 0.0.0.0
http.port: 9200 #端口
只需要配置这几个参数,然后启动
./bin/elasticsearch -d
(后台启动)
启动成功后会自动生成certs文件夹,里面是相关文件,在conf目录下
cat /elasticsearch-8.13.3/config/elasticsearch.yml
这些配置也会自动生成
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Discover existing nodes in the cluster
discovery.seed_hosts: ["192.168.247.133:9300"]
4:修改密码
./bin/elasticsearch-reset-password -u elastic -i
按照提示修改密码
5 :在主节点生成token
./bin/elasticsearch-create-enrollment-token -s node
至此主节点配置完成,接下来配置其它节点
6:其它节点配置文件,同样要先解压,进入解压目录
vi elasticsearch-8.13.3/config/elasticsearch.yml
cluster.name: my-application
node.name: node-2
path.data: /data/elk/data
path.logs: /data/elk/data
network.host: 0.0.0.0
http.port: 9200
7:启动并加入主节点,使用主节点生成的token(使用token启动其它节点,加入集群)
./bin/elasticsearch -d --enrollment-token <token码>
#这里使用时不用带上<>
启动成功后加密相关的配置都会在配置文件中自动生成
8:验证
网页验证:
https://192.168.247.133:9200/_cat/health?v
命令行验证:
(https)
curl -u elastic:123456 -k -X GET "https://192.168.247.133:9200/_cluster/health?pretty"
(http)
curl -u elastic:123456 -X GET "192.168.247.133:9200/_cluster/health?pretty"
9:访问https://192.168.247.134:9200/
用户:elastic
密码就是你上面修改的