您的位置 首页 elasticsearch

es集群加密配置(rbac)

es集群加密配置,权限访问控制。

 

(1)生成证书文件:

cd /baimei/softwares/elasticsearch-7.17.5/
./bin/elasticsearch-certutil  cert -out config/baimei-elastic-certificates.p12 -pass ""

 

(2)为证书文件修改属主和属组

chown es:es config/baimei-elastic-certificates.p12

 

(3)同步证书文件到其他节点

 data_rsync.sh `pwd`/config/baimei-elastic-certificates.p12

(4)修改ES集群的配置文件

vim /baimei/softwares/elasticsearch-7.17.5/config/elasticsearch.yml

# 在最后一行添加以下内容

 

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: baimei-elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: baimei-elastic-certificates.p12

 

(5)同步ES配置文件到其他节点

data_rsync.sh /baimei/softwares/elasticsearch-7.17.5/config/elasticsearch.yml 

(6)所有节点重启ES集群

systemctl restart es7

 

(7)生成随机密码(如图所示)

 

/baimei/softwares/elasticsearch-7.17.5/bin/elasticsearch-setupasswords auto

 

Changed password for user apm_system
PASSWORD apm_system = 1FefbKwReqFxZG0IfLMy

Changed password for user kibana_system
PASSWORD kibana_system = MgY2kdSKVLsmUMJPq2TP

Changed password for user kibana
PASSWORD kibana = MgY2kdSKVLsmUMJPq2TP

Changed password for user logstash_system
PASSWORD logstash_system = k5kpdeqEdItE4GHWEtwN

Changed password for user beats_system
PASSWORD beats_system = 9bxKTQG1lHGnKZVjhaOM

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = ppF0kzdHmxez4LxadTb3

Changed password for user elastic
PASSWORD elastic = 79A089Cd9Pb8yEOViET2

 

这样密码配置完成,需要测试一下:

(8)es-head和postman访问

用这个密码登录

Changed password for user elastic
PASSWORD elastic = 79A089Cd9Pb8yEOViET2

成功了

 

(9)配置kibana访问ES

 

vim   /etc/kibana/kibana.yml 
[root@baimeidashu-elk111 ~]#yy  /etc/kibana/kibana.yml 
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.0.0.111:19200","http://10.0.0.112:19200","http://10.0.0.113:19200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "MgY2kdSKVLsmUMJPq2TP"
i18n.locale: "zh-CN"

重启 kibana

systemctl restart kibana

 

(10)登录kibana

PASSWORD elastic = 79A089Cd9Pb8yEOViET2

 

 

(11)使用curl工具登录

curl -u elastic:79A089Cd9Pb8yEOViET2 10.0.0.111:19200/_cat/nodes

 

欢迎来撩 : 汇总all

白眉大叔

关于白眉大叔linux云计算: 白眉大叔

热门文章