Elasticsearch集群和账号密码设置
环境
- ubuntu 20.04
- elasticsearch 8.0
- 服务器IP:192.168.1.63
- 目录elastic-master是主节点,目录elastic-node2 是从节点
- 系统需要新建一个用户来专门启动es,因为es不能使用root用户启动
- 一台服务器上装多个es来配置集群(多台也是一样的配置)
elasticsearch下载地址
不设置用户名密码和https的启动步骤
-
解压刚刚下载的es,解压后我就暂时放在elastic-master吧
tar -zxvf xxxx -
如果不配置集群,那直接就可以启动使用了
#前台启动 elastic-master/bin/elasticsearch #后台启动 elastic-master/bin/elasticsearch -d -
进入到主节点elastic-master/config,找到elasticsearch.yml文件,这个文件就是配置文件,将文件改为:
network.host: 0.0.0.0
http.port: 9200
#内部各节点通信端口
transport.port: 9301
#
#集群名,各个节点集群名保证一样,但是节点名不能一样
cluster.name: es-cluster
#节点名
node.name: node-1
#模式启动的时候推选哪个节点来做主几点,可以是IP,也可以是节点名
#cluster.initial_master_nodes: ["node-1","node-2"]
cluster.initial_master_nodes: ["192.168.1.63:9301"]
#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
#节点发现,就是集群中的各个节点
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302"]
#这一块主要是设置,是否允许跨域,是否启用https安全访问等。
#不设置密码
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
http.cors.enabled: true
http.cors.allow-origin: "*"
- 重新解压一份es的源码出来作为从节点,就是刚刚下载的压缩包,目录是elastic-node2
- 进入到从节点elastic-node2/config,找到elasticsearch.yml文件,这个文件就是配置文件,将文件改为,其实这里不同地方就是节点名和取消设置选主节点的配置:cluster.initial_master_nodes和node.name,端口是因为我同一台服务器,所以需要设置成不同的
network.host: 0.0.0.0
http.port: 9201
transport.port: 9302
cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9301","192.168.1.63:9302"]
#不设置密码
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
http.cors.enabled: true
http.cors.allow-origin: "*"
- 现在启动两个节点,然后浏览器访问http://192.168.1.63:9200或者http://192.168.1.63:9201就可以看到是否成功了
#启动主节点 elastic-master/bin/elasticsearch #启动从节点 elastic-node2/bin/elasticsearch - 如果无法启动或者无法连接到集群,尝试删除掉elastic-master/data目录和elastic-node2/data。特别注意,这个文件删除了,那所有的数据都没有了,慎重。。。。一般来说,主节点如果有数据,不要删除主节点的,先删除从节点的试试
设置用户名密码和https的启动步骤
-
一般来说,为了安全会设置用户名和https访问
-
通过bin/elasticsearch-certutil ca生成elastic-stack-ca.p12
elastic-master/bin/elasticsearch-certutil ca1.出现提示时,接受默认文件名,即 elastic-stack-ca.p12。此文件包含 CA 的公共证书和用于为每个节点签署证书的私钥。
2…输入 CA 的密码。如果不部署到生产环境,您可以选择将密码留空,这里我随便个密码123123,后面要用到。 -
生成elastic-stack-ca.p12
elastic-master/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p121.会弹出三次提示,分别是输入密码,输出文件,输入密码,第一次密码是输入上一步设置的密码,也是123123,输出文件可以直接回车,默认就行。最后一次叫输入密码,什么都不要输入,直接回车就行,否则启动的时候会报错输入刚刚的密码,最后生成elastic-stack-ca.p12密码不要写,直接回车 不然会报错xpack Caused by: java.io.IOException: keystore password was incorrect
2.生成的证书文件在elastic-master目录下,需要给文件权限和移动到elastic-master/config目录下chmod 777 elastic-master/elastic-stack-ca.p12 chmod 777 elastic-master/elastic-certificates.p12 mv elastic-master/elastic-stack-ca.p12 elastic-master/config mv elastic-master/elastic-certificates.p12 elastic-master/config -
创建keystore
bin/elasticsearch-keystore create -
更改主节点配置文件elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
transport.port: 9301
cluster.name: es-cluster
node.name: node-1
cluster.initial_master_nodes: ["192.168.1.63:9301"]
cluster.auto_shrink_voting_configuration: false
#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#开启密码认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
#配置https的,如果启动不了,可以先注释下面的配置,启动成功后,设置完密码后再打开这些配置重新启动
xpack.security.transport.ssl.truststore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
- 先将刚刚生成的证书文件发送复制到从节点的config目录下,elastic-node2/config目录下
- 再更改从节点配置文件elasticsearch.yml
network.host: 0.0.0.0
http.port: 9201
transport.port: 9302
cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303"]
#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
#配置https的,如果启动不了,可以先注释下面的配置,启动成功后,设置完密码后再打开这些配置重新启动
xpack.security.transport.ssl.truststore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
-
启动主节点和从节点,这个时候可能会报错,提示的大概是证书或者密码错误这些,如果没报错就算完成了,直接访问https://192.168.1.63:9200,如果提示证书不安全,忽略就行,然后就会提示叫输入账号密码。
-
启动成功的情况,启动成功了但是还没有设置密码,所以登录不进去,先设置密码。会要求设置很多用户的密码,耐心点,我们记住一个elastic用户的密码就行
elastic-master/bin/elasticsearch-setup-passwords interactive -
如果启动失败,那可能需要按下面操作一波
1.先更改主节点的配置文件elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
transport.port: 9301
cluster.name: es-cluster
node.name: node-1
cluster.initial_master_nodes: ["192.168.1.63:9301"]
cluster.auto_shrink_voting_configuration: false
#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302"]
#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elasticsearch-8.0.0/config/elastic-certificates.p12
xpack.security.transport.ssl.verification_mode: certificate
2.更改从节点配置elasticsearch.yml
network.host: 0.0.0.0
http.port: 9201
transport.port: 9302
cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303"]
#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.transport.ssl.verification_mode: certificate
3.在重新启动,启动成功后,再设置密码,再用之前的配置文件启动https。
说明
- 所有节点共用同一份证书,用户密码也是共有的。因为我是在同一台服务部署多个es,我不知道在多台服务器上部署会不会出现用户名密码不对。如果有,就在各个子节点都执行设置密码的命令
补充
如果后面又要加一台节点进来,安装好后就把主节点的证书复制过来就行了,改改配置文件就行了,然后登录账号密码是复用主节点的账号密码,复制的证书文件有:config/certs/elastic-certificates.p12 ,config/certs/elastic-stack-ca.p12,config/elasticsearch.keystore
1147
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
