【Elasticsearch7.11】增加身份认证
es master 节点操作:
cd /u01/isi/application/component/elasticsearch-7.11.1
su isi
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
生成elastic-certificates.p12文件在此目录下
cp elastic-certificates.p12 config/elastic-certificates.p12
将elastic-certificates.p12文件拷贝至另外2台ES节点上,文件路径/u01/isi/application/component/elasticsearch-7.11.1/config
赋权chmod 644 /u01/isi/application/component/elasticsearch-7.11.1/config
三台节点执行:
cd /u01/isi/application/component/elasticsearch-7.11.1
su isi
./stop.sh
修改配置文件:
vi config/elasticsearch.yml
最下面添加如下内容:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
启动es:
./start.sh
设置密码,在master节点操作即可:
./bin/elasticsearch-setup-passwords interactive
根据提示输入y ,设置密码即可。需要输入多次。完成后即可