elasticsearch 7.x配置集群密码认证模式

本文详细介绍如何在Elasticsearch中生成SSL证书,包括使用elasticsearch-certutil工具生成CA及节点证书,修改elasticsearch.yml配置文件启用安全传输,并设置密码策略。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一 生成证书

在elasticsearch目录下执行,会在目录elasticsearch的文件目录生成elastic-stack-ca.p12文件,比如我这里是/home/elasticsearch

./elasticsearch-certutil ca

Please enter the desired output file [elastic-stack-ca.p12]: elastic-stack-ca.p12
Enter password for elastic-stack-ca.p12 :

生成 elastic-stack-ca.p12后,执行命令elasticsearch-certutil,需要注意的是elastic-stack-ca.p12文件必须是完整路径

./elasticsearch-certutil cert --ca /home/elasticsearch/elastic-stack-ca.p12

Enter password for CA (/home/elasticsearch/elastic-stack-ca.p12) : 
Please enter the desired output file [elastic-certificates.p12]: elastic-certificates.p12
Enter password for elastic-certificates.p12 :   #这里可以不用输入密码,直接按回车键

Certificates written to /home/elasticsearch/elastic-certificates.p12

生成的elastic-certificates.p12文件拷贝到每个节点的config目录下

二 修改配置elasticsearch.yml

elasticsearch.yml配置文件中增加下列配置

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

三 配置密码

在bin目录下输入下列命令

./elasticsearch-setup-passwords interactive

 

Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]

 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值