[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-certutil ca ##生成证书,直接全部回车到最后
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ##生成密钥直接全部回车到最后
拷贝证书相关文件到其他ES节点,所有ES节点都需要拷贝
创建证书存放目录,与配置文件中的xpack.security.transport.ssl.keystore.path能对应上
cat elasticsearch.yml
cluster.name: es-test
node.name: node-1
path.data: /home/elk/data
path.logs: /home/elk/logs
network.host: 192.168.222.52
http.port: 9200
discovery.seed_hosts: ["192.168.222.52", "192.168.222.51"]
cluster.initial_master_nodes: ["node-1", "node-2"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
登录所有ES节点,切换到es用户,启动ES服务
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-setup-passwords interactive ##手动设置密码方式
[root@tbds-172-27-0-174 elasticsearch]# bin/elasticsearch-setup-passwords auto ##自动生成