Elasticsearch 7.7.0使用xpack认证
一. 证书配置: (证书需放至各Node的config目录下)
$ cd /opt/elasticsearch/
$ ./bin/elasticsearch-certutil ca
$ ./bin/elasticsearch-certutil cert -ca elastic-stack-ca.p12
$ mv elastic-stack-ca.p12 config/
$ mv elastic-certificates.p12 config/
二. 修改各Node配置文件:
$ grep -E -v "^#|^$" config/elasticsearch.yml
cluster.name: my-es
node.name: node-0
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
network.host: 192.168.3.120
http.port: 9200
transport.tcp.port: 9300
transport.tcp.compress: true
discovery.seed_hosts: ["docker0","docker1","docker2"]
cluster.initial_master_nodes: ["node-0","node-1", "node-2"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /opt/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /opt/elasticsearch/config/elastic-certificates.p12
三. 启动ES,设置内置账号密码:
-
各节点启动
$ ./bin/elasticsearch -d
-
节点启动后在其中一台Node上设置内置账号密码
$ ./bin/elasticsearch-setup-passwords interactive
-
测试
curl -XGET -u elastic http://192.168.3.120:9200/text/name/1 Enter host password for user 'elastic': {"_index":"text","_type":"name","_id":"1","_version":2,"_seq_no":1,"_primary_term":5,"found":true,"_source": { "name":"Laoluo" }}
- 修改elastic账户密码:
curl -H "Content-Type: application/json" -XPUT -u elastic:YourOldPWD 'http://192.168.3.120:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "YourNewPWD" }'
开启认证后,beat,logstash,kibana连接es以及访问es都需要认证。
来源:oschina
链接:https://my.oschina.net/u/4406269/blog/4296426