集群搭建过程略
如果已经有正式license可以忽略这个步骤
执行命令激活xpack
curl -H "Content-Type:application/json" -XPOST http://xxx:9200/_xpack/license/start_trial?acknowledge=true
xpack.security.enabled: true
设置密码,在master设置,node节点可以同步该用户名/密码
到此为止完成xpack集群,目前无SSL。
./bin/elasticsearch-certutil ca
保存elastic-stack-ca.p12
路径并输入密码(123456)
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
保存elastic-certificates.p12
路径并输入密码(123456)
将上面生成的两个文件拷贝到elastic的config目录下
比如我设置的是在config/certs下面
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
```
## 2.4 所有elasticsearch节点将密码添加至elasticsearch-keystore
```sh
]$ bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
]$ bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
查看集群状态(也可以通过kibana或者其他工具查看)
http://xxx:9200/_cluster/health
参考地址: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/configuring-tls.html