1、启动一台ES容器;
2、docker exec -it xxxx /bin/bash 进入容器;
3、执行如下命令
bin/elasticsearch-certutil ca //自定义一个密码
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 //输入上面定义的密码
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password //执行此命令,输入上面定义的密码
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password //执行此命令,输入上面定义的密码4、复制文件到config目录
mv elastic-certificates.p12 config
mv elastic-stack-ca.p12 config5、复制容器中config如下文件到宿主机目录(配置文件挂载目录,多个节点配置目录均需复制),使用sudo docker cp命令:
elastic-certificates.p12、elastic-stack-ca.p12、elasticsearch.keystore
#格式
#docker cp CONTAINER ID:容器目录 本地目录
#示例
docker ps -a #查看本地容器ID
sudo docker cp 52ea915e6527:/config /home/config1给文件授权,必须!必须!必须!
chmod 777 *6、使用如下配置文件:
# 配置es的集群名称,默认是elasticsearch
cluster.name: my-application
# 节点名称
node.name: node-1
# es是默认集群中的第一台机器为master,如果这台机挂了就会重新选举master
node.master: true
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 192.168.3.18
# 设置对外服务的http端口
http.port: 9201
# 设置节点间交互的tcp端口 和 http端口不能一致
transport.tcp.port: 9301
http.cors.enabled: true
http.cors.allow-origin: "*"
# 设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点
discovery.zen.ping.unicast.hosts: ["192.168.3.18:9301","192.168.3.18:9302","192.168.3.18:9303"]
discovery.zen.ping_timeout: 3s
# 设置这个参数来保证集群中的节点可以知道其它N个有master资格的节点
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: node-1
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#xpack.security.authc.accept_default_password: false7、删除原来容器,创建并启动新容器(多个文件执行多次,需修改下面细节配置:命名、端口、目录),挂载证书相关文件:
docker run -d -e ES_JAVA_OPTS="-Xms512m -Xmx512m" --name=elasticsearch-1 --net=host -p 9201:9201 -p 9301:9301 --privileged=true -v /opt/elasticsearch/config1/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /opt/elasticsearch/config1/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 -v /opt/elasticsearch/config1/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12 -v /opt/elasticsearch/config1/elasticsearch.keystore:/usr/share/elasticsearch/config/elasticsearch.keystore -v /opt/elasticsearch/data1:/usr/share/elasticsearch/data -v /opt/elasticsearch/logs1:/usr/share/elasticsearch/logs elasticsearch:7.11.18、启动好集群后,进入master节点容器中:
docker exec -it f28a7675197b /bin/bash9、执行如下命令,根据提示为相应用户创建密码(只需要在其中一个节点运行,不需要所有节点运行):
./bin/elasticsearch-setup-passwords interactive10、访问主节点ES地址进行验证:http://192.168.3.18:9201/_cat/nodes?pretty
限制如下输入用户名密码窗口,及验证开启成功,输入elastic用户名及设置的密码即可通过验证
本文暂时没有评论,来添加一个吧(●'◡'●)