版本
7.7.1
备份
任何改动之前先备份是最重要的事情,备份方式:
mv ./config/elasticsearch.yml ./config/elasticsearch.yml.bak
集群
1、进入ES集群主节点
curl http://IP:9200/_cat/nodes //查看node节点情况
//如下面返回,带*号的即为主节点
10.10.115.186 31 95 0 0.00 0.03 0.05 dilmrt - node-1
10.10.115.188 14 98 0 0.00 0.01 0.05 dilmrt * node-3
10.10.115.187 13 93 0 0.02 0.04 0.06 dilmrt - node-2
2、生成证书
./bin/elasticsearch-certutil ca //执行完后会在elasticsearch目录生成一个elastic-stack-ca.p12文件
./bin/elasticsearch-certutil cert -ca ../elastic-stack-ca.p12 //执行完后会在elasticsearch目录生成一个elastic-certificates.p12文件
3、将上述两个文件拷贝传输到所有ES节点,并放置在./config目录下,记得调整文件权限
chmod 644 *.p12
4、调整elasticsearch.yml
增加如下参数:
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
5、依次重启所有ES节点
ps -aux | grep elasticsearch //查看elasticsearch进程号
kill 进程号 //杀死elasticsearch进程
./elasticsearch -d //启动elasticsearch
集群期间会存在中断不可用,待集群恢复后,再次请求ES地址,会提示需要输入用户名密码,此时再次进入ES主节点,进行密码配置
$ ./bin/elasticsearch-setup-passwords interactive //执行该命令设置密码
// 输入y后,依据提示输入密码,会存在多次密码设置,直至完成所有
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]
6、设置完密码后,验证登录
单点
单点ES的步骤相对与集群更加简单,只需集群步骤的4、5、6步骤即可,其中第四步骤的elasticsearch.yml只需要配置三项即可,如下
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
重置密码
已知原有密码情况下,采用curl方式修改密码即可
# elastic123456是新密码
curl -XPOST -u elastic "127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "elastic123456"}'
在控制台输入原有密码 Enter host password for user 'elastic':
忘记原有密码情况下,需对密码进行重置
1、修改elasticsearch.yml,注释xpack.security.enabled: true,保存退出
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
#xpack.security.enabled: true
2、重启elasticsearch,恢复不用密码访问,重启步骤参考上面步骤
3、启动成功后,删除.security-7索引
curl -XDELETE 127.0.0.1:9200/.security-7
# 如下打印,表示成功删除
{"acknowledged":true}
4、参照上面设置密码方式,重新设置密码