当前位置:   article > 正文

Elasticsearch集群和账号密码设置_elasticsearch集群在bootstrap.yml中配置用户名和密码的方式有几种

elasticsearch集群在bootstrap.yml中配置用户名和密码的方式有几种

环境

  • ubuntu 20.04
  • elasticsearch 8.0
  • 服务器IP:192.168.1.63
  • 目录elastic-master是主节点,目录elastic-node2 是从节点
  • 系统需要新建一个用户来专门启动es,因为es不能使用root用户启动
  • 一台服务器上装多个es来配置集群(多台也是一样的配置)

elasticsearch下载地址

不设置用户名密码和https的启动步骤

  • 解压刚刚下载的es,解压后我就暂时放在elastic-master吧

    tar -zxvf xxxx
    
    • 1
  • 如果不配置集群,那直接就可以启动使用了

    #前台启动
    elastic-master/bin/elasticsearch
    #后台启动
    elastic-master/bin/elasticsearch -d
    
    • 1
    • 2
    • 3
    • 4
  • 进入到主节点elastic-master/config,找到elasticsearch.yml文件,这个文件就是配置文件,将文件改为:

network.host: 0.0.0.0

http.port: 9200
#内部各节点通信端口
transport.port: 9301


#
#集群名,各个节点集群名保证一样,但是节点名不能一样
cluster.name: es-cluster
#节点名
node.name: node-1
#模式启动的时候推选哪个节点来做主几点,可以是IP,也可以是节点名
#cluster.initial_master_nodes: ["node-1","node-2"]
cluster.initial_master_nodes: ["192.168.1.63:9301"]

#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
#节点发现,就是集群中的各个节点
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302"]

#这一块主要是设置,是否允许跨域,是否启用https安全访问等。
#不设置密码
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
http.cors.enabled: true
http.cors.allow-origin: "*"
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 重新解压一份es的源码出来作为从节点,就是刚刚下载的压缩包,目录是elastic-node2
  • 进入到从节点elastic-node2/config,找到elasticsearch.yml文件,这个文件就是配置文件,将文件改为,其实这里不同地方就是节点名和取消设置选主节点的配置:cluster.initial_master_nodes和node.name,端口是因为我同一台服务器,所以需要设置成不同的
network.host: 0.0.0.0

http.port: 9201
transport.port: 9302

cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]

discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9301","192.168.1.63:9302"]


#不设置密码
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
http.cors.enabled: true
http.cors.allow-origin: "*"

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 现在启动两个节点,然后浏览器访问http://192.168.1.63:9200或者http://192.168.1.63:9201就可以看到是否成功了
    #启动主节点
    elastic-master/bin/elasticsearch
    #启动从节点
    elastic-node2/bin/elasticsearch
    
    • 1
    • 2
    • 3
    • 4
  • 如果无法启动或者无法连接到集群,尝试删除掉elastic-master/data目录和elastic-node2/data。特别注意,这个文件删除了,那所有的数据都没有了,慎重。。。。一般来说,主节点如果有数据,不要删除主节点的,先删除从节点的试试

设置用户名密码和https的启动步骤

  • 一般来说,为了安全会设置用户名和https访问

  • 通过bin/elasticsearch-certutil ca生成elastic-stack-ca.p12

    elastic-master/bin/elasticsearch-certutil ca
    
    • 1

    1.出现提示时,接受默认文件名,即 elastic-stack-ca.p12。此文件包含 CA 的公共证书和用于为每个节点签署证书的私钥。
    2…输入 CA 的密码。如果不部署到生产环境,您可以选择将密码留空,这里我随便个密码123123,后面要用到。

  • 生成elastic-stack-ca.p12

    elastic-master/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
    
    • 1

    1.会弹出三次提示,分别是输入密码,输出文件,输入密码,第一次密码是输入上一步设置的密码,也是123123,输出文件可以直接回车,默认就行。最后一次叫输入密码,什么都不要输入,直接回车就行,否则启动的时候会报错输入刚刚的密码,最后生成elastic-stack-ca.p12密码不要写,直接回车 不然会报错xpack Caused by: java.io.IOException: keystore password was incorrect
    2.生成的证书文件在elastic-master目录下,需要给文件权限和移动到elastic-master/config目录下

    chmod 777 elastic-master/elastic-stack-ca.p12
    chmod 777 elastic-master/elastic-certificates.p12
    mv elastic-master/elastic-stack-ca.p12 elastic-master/config
    mv elastic-master/elastic-certificates.p12 elastic-master/config
    
    • 1
    • 2
    • 3
    • 4
  • 创建keystore

    bin/elasticsearch-keystore create
    
    • 1
  • 更改主节点配置文件elasticsearch.yml



network.host: 0.0.0.0

http.port: 9200
transport.port: 9301


cluster.name: es-cluster
node.name: node-1
cluster.initial_master_nodes: ["192.168.1.63:9301"]
cluster.auto_shrink_voting_configuration: false
#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]





xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#开启密码认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12

#配置https的,如果启动不了,可以先注释下面的配置,启动成功后,设置完密码后再打开这些配置重新启动
xpack.security.transport.ssl.truststore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/xway-rd/elastic-master/config/elastic-certificates.p12
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 先将刚刚生成的证书文件发送复制到从节点的config目录下,elastic-node2/config目录下
  • 再更改从节点配置文件elasticsearch.yml

network.host: 0.0.0.0

http.port: 9201
transport.port: 9302


cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]

discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303"]



#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12



#配置https的,如果启动不了,可以先注释下面的配置,启动成功后,设置完密码后再打开这些配置重新启动
xpack.security.transport.ssl.truststore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 启动主节点和从节点,这个时候可能会报错,提示的大概是证书或者密码错误这些,如果没报错就算完成了,直接访问https://192.168.1.63:9200,如果提示证书不安全,忽略就行,然后就会提示叫输入账号密码。

  • 启动成功的情况,启动成功了但是还没有设置密码,所以登录不进去,先设置密码。会要求设置很多用户的密码,耐心点,我们记住一个elastic用户的密码就行

    elastic-master/bin/elasticsearch-setup-passwords interactive
    
    • 1
  • 如果启动失败,那可能需要按下面操作一波
    1.先更改主节点的配置文件elasticsearch.yml



network.host: 0.0.0.0

http.port: 9200
transport.port: 9301


cluster.name: es-cluster
node.name: node-1
cluster.initial_master_nodes: ["192.168.1.63:9301"]
cluster.auto_shrink_voting_configuration: false
#discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303","192.168.1.59:9304"]
discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302"]




#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true


xpack.security.transport.ssl.keystore.path: /home/xway-rd/elasticsearch-8.0.0/config/elastic-certificates.p12


xpack.security.transport.ssl.verification_mode: certificate

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32

2.更改从节点配置elasticsearch.yml


network.host: 0.0.0.0

http.port: 9201
transport.port: 9302


cluster.name: es-cluster
node.name: node-2
#cluster.initial_master_nodes: ["192.168.1.63:9302"]

discovery.seed_hosts: ["192.168.1.63:9301","192.168.1.63:9302","192.168.1.63:9303"]



#设置密码
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /home/xway-rd/elastic-node2/config/elastic-certificates.p12
xpack.security.transport.ssl.verification_mode: certificate
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25

3.在重新启动,启动成功后,再设置密码,再用之前的配置文件启动https。

说明

  • 所有节点共用同一份证书,用户密码也是共有的。因为我是在同一台服务部署多个es,我不知道在多台服务器上部署会不会出现用户名密码不对。如果有,就在各个子节点都执行设置密码的命令

补充

如果后面又要加一台节点进来,安装好后就把主节点的证书复制过来就行了,改改配置文件就行了,然后登录账号密码是复用主节点的账号密码,复制的证书文件有:config/certs/elastic-certificates.p12 ,config/certs/elastic-stack-ca.p12,config/elasticsearch.keystore

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Gausst松鼠会/article/detail/682196
推荐阅读
相关标签
  

闽ICP备14008679号