[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-certutil ca ##生成證書,直接全部回車到最后
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ##生成密鑰直接全部回車到最后
拷貝證書相關文件到其他ES節點,所有ES節點都需要拷貝
創建證書存放目錄,與配置文件中的xpack.security.transport.ssl.keystore.path能對應上
cat elasticsearch.yml
cluster.name: es-test
node.name: node-1
path.data: /home/elk/data
path.logs: /home/elk/logs
network.host: 192.168.222.52
http.port: 9200
discovery.seed_hosts: ["192.168.222.52", "192.168.222.51"]
cluster.initial_master_nodes: ["node-1", "node-2"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
登錄所有ES節點,切換到es用戶,啟動ES服務
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-setup-passwords interactive ##手動設置密碼方式
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-setup-passwords auto ##自動生成