点击上方“IT那活儿”公众号--专注于企业全栈运维技术分享,不管IT什么活儿,干就完了!!!
1.1 修改 elasticsearch.yml
cluster.name: shsnc-new
node.name: node0
path.data: data/amp/snc_product/elasticsearch/data
network.host: xxx.xxx.3.18
http.port: 9200
transport.tcp.port: 9300
node.master: true
node.data: true
node.ingest: true
bootstrap.memory_lock: true
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: node0
bootstrap.system_call_filter: false
node.attr.box_type: hot
discovery.zen.ping.unicast.hosts: ["xxx.xxx.3.18:9300","xxx.xxx.3.19:9300","xxx.xxx.3.20:9300"]
cluster.name: shsnc-new
node.name: node1
path.data: /data/amp/snc_product/elasticsearch/data
network.host: xxx.xxx.3.19
http.port: 9200
transport.tcp.port: 9300
node.master: true
node.data: true
node.ingest: true
bootstrap.memory_lock: true
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: node0
bootstrap.system_call_filter: false
node.attr.box_type: hot
discovery.zen.ping.unicast.hosts: ["xxx.xxx.3.18:9300","xxx.xxx.3.19:9300","xxx.xxx.3.20:9300"]
cluster.name: shsnc-new
node.name: node2
path.data: /data/amp/snc_product/elasticsearch/data
network.host: xxx.xxx.3.20
http.port: 9200
transport.tcp.port: 9300
node.master: true
node.data: true
node.ingest: true
bootstrap.memory_lock: true
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/amp/snc_product/elasticsearch/config/elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: node0
bootstrap.system_call_filter: false
node.attr.box_type: hot
discovery.zen.ping.unicast.hosts: ["xxx.xxx.3.18:9300","xxx.xxx.3.19:9300","xxx.xxx.3.20:9300"]
1.2 生成证书,在node0执行一次即可
cd elasticsearch
sh elasticsearch.sh stop ##停止ES服务(如果是集群,需要先停止整个集群)
export JAVA_HOME=/data/amp/snc_product/elasticsearch/jdk ##修改JDK的环境变量
./bin/elasticsearch-certutil ca ##一直回车即可
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ##一直回车即可
cp elastic-certificates.p12 ./config/ ##将证书文件放置到node0指定路径
cp elastic-stack-ca.p12 ./config/ ##将证书文件放置到node0指定路径
scp elastic-certificates.p12 elastic-stack-ca.p12 shsnc@xxx.xxx.3.19:/data/amp/snc_product/elasticsearch/config/ ##将证书放到node1指定路径
scp elastic-certificates.p12 elastic-stack-ca.p12 shsnc@xxx.xxx.3.20:/data/amp/snc_product/elasticsearch/config/ ##将证书放到node2指定路径
./bin/x-pack-env ##执行环境变量修改
./bin/x-pack-security-env ##执行环境变量修改
sh elasticsearch.sh start ##启动ES服务(如果是集群,需要先启动整个集群)
./bin/elasticsearch-setup-passwords interactive ##手动配置每个用户密码
[amp@shsnc_50 elasticsearch]$ ./bin/elasticsearch-setup-passwords interactive
##执行命令开始配置账号密码
Your cluster health is currently RED.
This means that some cluster data is unavailable and your cluster is not fully functional.
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]y
##检查完集群健康状态后,是否继续密码配置过程
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
##下面将为默认的用户配置密码
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
export JAVA_HOME=/data/amp/snc_product/jdk
##还原JDK的环境变量
最后重启集群,在页面上访问 http://xxx.xxx.3.18:9200/_cat/indices/进行验证。
spring.elasticsearch.rest.username=elastic
spring.elasticsearch.rest.password=elastic
spring.elasticsearch.rest.username=elastic
spring.elasticsearch.rest.password=elastic
sed -i 's#spring.elasticsearch.rest.username=.*#spring.elasticsearch.rest.username=elastic#g' ./*/config/application*
##修改ES连接账号
sed -i 's#spring.elasticsearch.rest.password=.*#spring.elasticsearch.rest.password=elastic#g' ./*/config/application*
##修改ES连接密码
==============================================================================================================================
本文作者:事业二部(上海新炬中北团队)
本文来源:“IT那活儿”公众号
文章转载自IT那活儿,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
