ElasticSearch集群配置密码认证

1、环境介绍
操作系统:centos 7.9
elasticsearch版本:7.13.3

2、生成es ca证书
ElasticSearch集群配置密码认证

bin/elasticsearch-certutil ca

注意:提示输入密码:输入Smtgbk_123(自定义,后面配置文件中用到)
ElasticSearch集群配置密码认证
3、生成p12秘钥

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

注意:提示输入密码:输入Smtgbk_123(自定义,后面配置文件中用到)
ElasticSearch集群配置密码认证
4、创建秘钥目录,并把秘钥放到里面

mkdir /data/elasticsearch/config/certs
mv /data/elasticsearch/elastic-* /data/elasticsearch/config/certs/

ElasticSearch集群配置密码认证
5、把certs目录及其秘钥分发到所有es节点
例子:

scp -r /data/elasticsearch/config/certs/ esmn02.wtown.com:/data/elasticsearch/config/

6、更改所有节点配置文件
添加如下内容:

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: Smtgbk_123
xpack.security.transport.ssl.truststore.password: Smtgbk_123

注意:
http.cors.enabled: true
http.cors.allow-origin: “*”
这两个参数之前配置过,注意不要重复

7、重启所有节点的es服务
查看进程号:

ps -ef | grep ela

杀死进程号:

kill -9 进程号

启动es服务:

/data/elasticsearch/bin/elasticsearch -d

ElasticSearch集群配置密码认证
8、设置密码

/data/elasticsearch/bin/elasticsearch-setup-passwords interactive

9、测试
已经提示输入密码
ElasticSearch集群配置密码认证
用户名:elastic
密码:第8步设置的密码

上一篇:二进制部署K8S集群(六)Master节点之etcd集群部署


下一篇:kubernetes1.18.5安装kubernetes-dashboard2.0.0版本