首页 > 其他分享 >Elasticsearch自签证书

Elasticsearch自签证书

时间:2023-06-13 12:22:53浏览次数:54  
标签:26 2020 Elasticsearch elasticsearch xr 签证 password root

**** 如果方式适合安装时没有配置及证书相关配置,而安装后 进行的证书自签

一、自签证书

1、进入工作目录

进入容器,bin 目录下有生成证书的脚本,路径下文件展示如下(我这里是以 docker 容器部署的模式演示的)

[root@363474ada611 elasticsearch]# ll bin/
total 19604
-rwxr-xr-x. 1 elasticsearch root     1915 Mar 26  2020 elasticsearch
-rwxr-xr-x. 1 elasticsearch root      491 Mar 26  2020 elasticsearch-certgen
-rwxr-xr-x. 1 elasticsearch root      483 Mar 26  2020 elasticsearch-certutil                   # 生成秘钥的
-rwxr-xr-x. 1 elasticsearch root      982 Mar 26  2020 elasticsearch-cli
-rwxr-xr-x. 1 elasticsearch root      433 Mar 26  2020 elasticsearch-croneval
-rwxr-xr-x. 1 elasticsearch root     4316 Mar 26  2020 elasticsearch-env
-rwxr-xr-x. 1 elasticsearch root     1828 Mar 26  2020 elasticsearch-env-from-file
-rwxr-xr-x. 1 elasticsearch root      121 Mar 26  2020 elasticsearch-keystore
-rwxr-xr-x. 1 elasticsearch root      440 Mar 26  2020 elasticsearch-migrate
-rwxr-xr-x. 1 elasticsearch root      126 Mar 26  2020 elasticsearch-node
-rwxr-xr-x. 1 elasticsearch root      172 Mar 26  2020 elasticsearch-plugin
-rwxr-xr-x. 1 elasticsearch root      431 Mar 26  2020 elasticsearch-saml-metadata
-rwxr-xr-x. 1 elasticsearch root      438 Mar 26  2020 elasticsearch-setup-passwords     # 这个是设置密码用的
-rwxr-xr-x. 1 elasticsearch root      118 Mar 26  2020 elasticsearch-shard
-rwxr-xr-x. 1 elasticsearch root      427 Mar 26  2020 elasticsearch-sql-cli
-rwxr-xr-x. 1 elasticsearch root 19986912 Mar 26  2020 elasticsearch-sql-cli-7.6.2.jar
-rwxr-xr-x. 1 elasticsearch root      426 Mar 26  2020 elasticsearch-syskeygen
-rwxr-xr-x. 1 elasticsearch root      426 Mar 26  2020 elasticsearch-users               # 用户管理
-rwxr-xr-x. 1 elasticsearch root      346 Mar 26  2020 x-pack-env
-rwxr-xr-x. 1 elasticsearch root      354 Mar 26  2020 x-pack-security-env
-rwxr-xr-x. 1 elasticsearch root      353 Mar 26  2020 x-pack-watcher-env

2、生成 ca 证书

先执行可执行文件: elasticsearch-certutil 生成 ca 证书文件

[root@6bebc53a88ac bin]#  elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key


# 这里若不自定义文件名称的话直接回车,默认 elastic-stack-ca.p12 默认就行了
Please enter the desired output file [elastic-stack-ca.p12]:
# 这里输入你要设置的密码,回车
Enter password for elastic-stack-ca.p12 :

3、配置证书

再执行命令:elasticsearch-certutil cert  --ca elastic-stack-ca.p12

[root@1d8bdbc07715 bin]# elasticsearch-certutil cert  --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

…………………………此处省略大量废话……………………………..

then the output will be be a zip file containing individual certificate/key files

Enter password for CA (elastic-stack-ca.p12) :                              # 输入上一步执行时设置的密码
Please enter the desired output file [elastic-certificates.p12]:            # 自定义证书文件名,默认就好了
Enter password for elastic-certificates.p12 :                               # 给证书文件设置密码,和上一步同一个密码即可

Certificates written to /usr/share/elasticsearch/elastic-certificates.p12

This file should be properly secured as it contains the private key for 
your instance.

This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.
[root@1d8bdbc07715 bin]# 

 

4、查看证书生成结果

可看到生成的证书在这里: /usr/share/elasticsearch/    elastic-certificates.p12

[root@1d8bdbc07715 elasticsearch]# ls
LICENSE.txt  NOTICE.txt  README.asciidoc  bin  config  data  elastic-certificates.p12  elastic-stack-ca.p12  jdk  lib  logs  modules  plugins

 

二、密码配置

设置密码:(bin 目录下),这里只允许配置系统用户的密码,用户密码需要使用 Kibana 中进行新增

1、可以查看命里帮助提示,执行如下命令

[root@9a6eebe7a6d7 bin]# elasticsearch-setup-passwords -h                    # 查看命令帮助解释

2、设置密码

[root@368f57c255c9 bin]# elasticsearch-setup-passwords interactive       # interactive自定义密码 atuo 是随机密码
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

# 可以设置所有的用户都为一个密码,以下就是输入你需要设置的各个用户的密码了
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
[root@368f57c255c9 bin]# 

 

标签:26,2020,Elasticsearch,elasticsearch,xr,签证,password,root
From: https://www.cnblogs.com/Alay/p/17477191.html

相关文章

  • Elasticsearch8 单机以及集群部署(docker-compose)
    本文以Elasticsearch8.8.0为例,介绍一下单机安装ES,使用docker-compose方式进行便捷管理需要准本docker环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433473.html需要准备docker-compose环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433907.html官网阅......
  • 对比 redis cluster 和 elasticsearch
    一.对比redis提供了redissentinal的高可用策略,以及rediscluster来支持扩展性(同时也支持高可用)。rediscluster,ealsticsearch都属于有状态数据存储服务,这里做一个简单的对比。特性redisclusterelasticsearch 备注主要设计目标在保证highperformance的条件下,提......
  • flume+elasticsearch
    简单描述一下这个例子:将项目日志实时采集到elasticsearch,便于统一管理。1.收集日志格式为:log4j.properties: org.apache.log4j.Logger: %d{ISO8601}[%l-%M]-[%p]%t%m%nlogback.xml:org.slf4j.Logger:  %date[%logger:%L]-[%level]%thread%msg%n2.flume1.7.0(flume......
  • elasticsearch迁移
    #第一种办法:elasticdump#先升级elasticdump参考https://www.dianjilingqu.com/634305.html1.下载node.js的安装包http://wgethttps://nodejs.org/dist/v10.13.0/node-v10.13.0-linux-x64.tar.gz2.解压安装包tarxfnode-v10.13.0-linux-x64.tar.gzmvnode-v10.13.0-linu......
  • linux命令行elasticsearch查询工具es2unix
    当想在linux的命令行中查看elasticsearch的状态时,可以用es2unix这个工具,插件地址: https://github.com/elasticsearch/es2unix。它是elasticsearch官方推出的,可以通过命令来查看es的各种状态,安装方法curl-sdownload.elasticsearch.org/es2unix/es>/bin/eschmod+x/bin/es这......
  • Linux搭建elasticsearch 7.x 版本
     安装方式传统方式根据平台系统Windows、linux、mac下载安装包以linux为例,进入到想安装的目录位置,下载安装包并解压#进入安装目录cd/home#下载安装包wgethttps://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.3-linux-x86_64.tar.gz#解压tar-z......
  • Elasticsearch专题精讲—— REST APIs —— Document APIs —— Reindex API —— 跨
    Reindexfromremote(跨集群索引)https://www.elastic.co/guide/en/elasticsearch/reference/8.8/docs-reindex.html#reindex-from-remoteReindexsupportsreindexingfromaremoteElasticsearchcluster:Reindex支持从远程Elasticsearch集群进行重新索引:curl-XP......
  • Elasticsearch 修改字段类型
    由于ES不能像关系型数据库直接修改类型,所以要借助中间索引来完成1、创建中间索引(字段维护正确的)put:https://localhost/track_bak{"settings":{"index":{"number_of_shards":"3","number_of_replicas":"1&quo......
  • Elasticsearch专题精讲—— REST APIs —— Document APIs —— Reindex API
    RESTAPIs——DocumentAPIs——ReindexAPIhttps://www.elastic.co/guide/en/elasticsearch/reference/8.8/docs-reindex.html#docs-reindexCopiesdocumentsfromasourcetoadestination.将文档从源复制到目标。Thesourcecanbeanyexist......
  • ElasticSearch-API-Index的使用亲测
    ElasticSearch-API-Index索引创建API允许初始化一个索引。ElasticSearch对多重索引提供了支持,包括跨多个索引执行操作。每个索引在创建时可以让一个特定的设置项与其关联。最简单的方式创建索引curl-XPUT‘http://localhost:9200/twitter/'在创建索引的时候指定分片和副本数量,参......