轉載,請注明出處:https://www.cnblogs.com/cchilei/p/13085842.html
啟動ES
./bin/elasticsearch -d
設置ES內置用戶及密碼
1、先創建keystore文件
./bin/elasticsearch-keystore create
2、ES 配置文件elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required
3、設置交互式生成密碼(ES必須是啟動狀態)
./bin/elasticsearch-setup-passwords interactive
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
ES生成密鑰
1、在/es安裝目錄/bin/下執行
./elasticsearch-certutil ca --pem
執行后會在bin文件夾下生成根密鑰:elastic-stack-ca.zip(默認zip包的名稱)
2、解壓根密鑰,會生成一個 ca文件夾,包含ca.key,和ca.cert
unzip elastic-stack-ca.zip
3、在/es安裝目錄/bin/下執行
./elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem
執行后會生成節點密鑰:certificate-bundle.zip(默認zip包的名稱)
4、解壓后會生成 一個instance文件夾,包含instance.key,和instance.crt
unzip certificate-bundle.zip
5、在config目錄創建x-pack文件夾(x-pack所屬權限為es用戶)
mkdir config/x-pack
6、將bin目錄生成的ca和instance兩個文件夾 拷貝至x-pack文件夾下
7、重新啟動ES