ElasticSearch Xpack集群认证和elasticsearch-head配置
#ES集群配置
- node.name : 各节点需要修改
- node.attr.rack: 各节点需要修改
- #bootstrap.memory_lock: true :建议注释,开启会出现
cluster.name: Elasticsearch-Cluster
node.name: node-111
node.attr.rack: r111
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
#bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.0.14:9300","192.168.0.111:9300","192.168.0.153:9300"]
cluster.initial_master_nodes: ["192.168.0.111","192.168.0.14","192.168.0.153"]
#Xpack集群认证
RPM包安装路径为 /usr/share/elasticsearch
-
第一步 (一路回车,可不设密码)
bin/elasticsearch-certutil ca
-
第二步 (一路回车,可不设密码)
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
-
第三步 拷贝至/etc/elasticsearch下(会在/usr/share/elasticsearch 目录下生成2个文件 p12结尾的文件)
cp /usr/share/elasticsearch/*.p12 /etc/elasticsearch chown elasticsearch.elasticsearch /etc/elasticsearch/*.p12
-
第四步 修改配置文件
[root@VM_0_111_centos ~]# vim /etc/elasticsearch/elasticsearch.yml cluster.name: Elasticsearch-Cluster node.name: node-111 node.attr.rack: r111 path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch #bootstrap.memory_lock: true network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["192.168.0.14:9300","192.168.0.111:9300","192.168.0.153:9300"] cluster.initial_master_nodes: ["node-14","node-111","node-153"] # xpack配置 设置集群互信通信端口9300 transport.port: 9300 #head http.cors.enabled: true http.cors.allow-origin: "*" # xpack + head http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type # 开启X-Pack的安全认证 xpack.security.enabled: true # 开启X-Pack的集群内互信安全认证,与上面安全认证开关同步必开 xpack.security.transport.ssl.enabled: true # 验证模式为证书模式 xpack.security.transport.ssl.verification_mode: certificate # 配置证书路径 xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 #head配置 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
-
第五步 重启elasticsearch
systemctl restart elasticsearch
-
第六步 设置用户密码
# cd /usr/share/elasticsearch bin/elasticsearch-setup-passwords interactive #y,y之后 可设置相同密码
-
第七步 验证
curl -uelastic:设置的密码 -XGET http://你的ip:9200/_cluster/health?pretty
#elasticsearch-head配置
-
Node js 安装
curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - yum install -y nodejs npm config set registry https://registry.npm.taobao.org/ npm config get registry
-
安装elasticsearch-head
yum install -y git bzip2 git clone https://github.com/mobz/elasticsearch-head.git cd elasticsearch-head/ npm install
-
启动访问
#启动 nohup npm start & #访问 http://ip:9100 #认证访问 http://ip:9100/?auth_user=elastic&auth_password=密码
#报错相关
-
集群状态为red
解决:
查看索引
curl -XGET "http://localhost:9200/_cat/indices?v"
删除red状态的索引
curl -XDELETE http://localhost:9200/索引名
#集群命令
-
检查集群状态
#没设置密码 curl -XGET "http://localhost:9200/_cluster/health?pretty=true" #设置密码 curl -XGET -uelastic:elastic "http://localhost:9200/_cluster/health?pretty=true"
-
查看索引状态
curl -XGET "http://localhost:9200/_cat/indices?v"
参考