转载,请注明出处:https://www.cnblogs.com/cchilei/p/13085842.html
启动ES
./bin/elasticsearch -d
设置ES内置用户及密码
1、先创建keystore文件
./bin/elasticsearch-keystore create
2、ES 配置文件elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required
3、设置交互式生成密码(ES必须是启动状态)
./bin/elasticsearch-setup-passwords interactive
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
ES生成密钥
1、在/es安装目录/bin/下执行
./elasticsearch-certutil ca --pem
执行后会在bin文件夹下生成根密钥:elastic-stack-ca.zip(默认zip包的名称)
2、解压根密钥,会生成一个 ca文件夹,包含ca.key,和ca.cert
unzip elastic-stack-ca.zip
3、在/es安装目录/bin/下执行
./elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem
执行后会生成节点密钥:certificate-bundle.zip(默认zip包的名称)
4、解压后会生成 一个instance文件夹,包含instance.key,和instance.crt
unzip certificate-bundle.zip
5、在config目录创建x-pack文件夹(x-pack所属权限为es用户)
mkdir config/x-pack
6、将bin目录生成的ca和instance两个文件夹 拷贝至x-pack文件夹下
7、重新启动ES