2019独角兽企业重金招聘Python工程师标准>>>
一、ES-5.6.12 安装
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/setup.html
/etc/elasticsearch/elasticsearch.yml
cluster.name: harry_es
node.name: harry001
node.master: true
node.data: true
node.ingest: false
# chmod 755 -R /data
# chown elasticsearch:elasticsearch -R /data/data/es
# chown elasticsearch:elasticsearch -R /data/logs/es
path.data: /data/data/es
path.logs: /data/logs/es
#bootstrap.memory_lock: true
#
network.host: harry001
discovery.zen.ping.unicast.hosts: ["harry001"]
discovery.zen.minimum_master_nodes: 1
二、X-Pack-5.6.12安装
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/installing-xpack-es.html
/usr/share/elasticsearch/bin/elasticsearch-plugin install x-pack
#/usr/share/elasticsearch/bin/elasticsearch-plugin install file:///...../x-pack-5.6.12.zip
三、SSL Key/Crt生成
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/certgen.html
1. 编写instances.yml
/etc/elasticsearch/instances.yml
instances:
- name: "harry001"
ip:
- "192.168.10.1"
dns:
- "harry001"
- name: "harry002"
ip:
- "192.168.10.2"
dns:
- "harry002"
2. 生成key/crt
/usr/share/elasticsearch/bin/x-pack/certgen --in /etc/elasticsearch/instances.yml --out /etc/elasticsearch/certificate-bundle.zip
harry001 $ /usr/share/elasticsearch/bin/x-pack/certgen --in /etc/elasticsearch/instances.yml --out /etc/elasticsearch/certificate-bundle.zip
harry001 $ pwd
/etc/elasticsearch
harry001 $ unzip certificate-bundle.zip
Archive: certificate-bundle.zip
creating: ca/
inflating: ca/ca.crt
inflating: ca/ca.key
creating: harry001/
inflating: harry001/harry001.crt
inflating: harry001/harry001.key
creating: harry002/
inflating: harry002/harry002.crt
inflating: harry002/harry002.key
#以下操作在harry001上。重命名是为了配置一致化
harry001 $ mv ca/ca.crt x-pack/es_pack_ca.crt
harry001 $ mv harry001/harry001.key x-pack/es_pack.key
harry001 $ mv harry001/harry001.crt x-pack/es_pack.crt
#以下操作在harry002上。重命名是为了配置一致化. 需要复制harry001上的certificate-bundle.zip。
harry002 $ mv ca/ca.crt x-pack/es_pack_ca.crt
harry002 $ mv harry002/harry002.key x-pack/es_pack.key
harry002 $ mv harry002/harry002.crt x-pack/es_pack.crt
3. 进行ssl配置
cluster.name: harry_es
node.name: harry001
node.master: true
node.data: true
node.ingest: false
# chmod 755 -R /data
# chown elasticsearch:elasticsearch -R /data/data/es
# chown elasticsearch:elasticsearch -R /data/logs/es
path.data: /data/data/es
path.logs: /data/logs/es
#bootstrap.memory_lock: true
#
network.host: harry001
discovery.zen.ping.unicast.hosts: ["harry001"]
discovery.zen.minimum_master_nodes: 1
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: "/etc/elasticsearch/x-pack/es_xpack.key"
xpack.ssl.certificate: "/etc/elasticsearch/x-pack/es_xpack.crt"
xpack.ssl.certificate_authorities: ["/etc/elasticsearch/x-pack/es_xpack_ca.crt"]
# xpack.monitoring
xpack.monitoring.enabled: false
# xpack.watcher
xpack.watcher.enabled: false
# xpack.ml
xpack.ml.enabled: false
node.ml: false
elastic:changeme