=====================严格按照顺序来执行!!!=============================
1、先关闭集群
2、进入ES安装目录:
安装x-pack前,x-pack-6.2.2.zip和license.json都不能放在es/plugins目录下,会报路径问题;
关闭ES,上传以下三个文件到所有节点ES安装目录:
x-pack-6.2.2.zip 下载的与ES对应的离线包
x-pack-core-6.2.2.jar pojie后的jar包,要替换安装x-pack-6.2.2.zip后对应目录的相同名称的jar包
license.json 已经修改后的license,白金版,2050年到期
3、所有节点,ES安装x-pack,并替换jar包:
./bin/elasticsearch-plugin install file:///zywa/elasticsearch/elasticsearch-6.2.2/x-pack-6.2.2.zip
rm -f plugins/x-pack/x-pack-core/x-pack-core-6.2.2.jar
mv x-pack-core-6.2.2.jar plugins/x-pack/x-pack-core
4、所有节点上传instance.key、instance.crt、ca.crt三个文件到:/zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack目录,该目录在下面的配置文件elasticsearch.yml中有设置:
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.key
xpack.security.transport.ssl.certificate: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.crt
xpack.security.transport.ssl.certificate_authorities: ["/zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/ca.crt"]
5、启动或重启ES集群后,才可以进行设置密码:
注意: ./bin/x-pack/setup-passwords interactive只能执行一次,执行成功后,以后就只能通过kibana界面或dsl语句用户密码登录后进行更新,更改,不能再重复执行,切记密码!!!!=================================
es启动后,在其中一个ES节点进行设置密码,执行如下命令:
./bin/x-pack/setup-passwords interactive
密码统一设置为: infobeat123
6、(所有节点)关闭x-pack认证:在elasticsearch.yml中添加如下一个配置,所有其它以xpack开头的xpack.*参数先全部注释,目的就是先绕过xpack导入白金版的license.json:
xpack.security.enabled: false
7、重启ES !!(单节点操作导入证书)
导入白金版的license.json,输入刚才./bin/x-pack/setup-passwords interactive设置的用户密码:
curl -XPUT -u elastic 'http://node1.hadoop:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
返回:{"acknowledged":true,"license_status":"valid"},代表成功!
8、查看license:
curl -u elastic:123456 "http://node1.hadoop:9200/_xpack/license"
返回结果中有如下两个参数值则license.json生效:
"type" : "platinum",
"expiry_date" : "2050-12-11T16:00:00.000Z",
9、(所有节点)修改配置文件如下,认证相关参数如下:
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization,Content-Type"
discovery.zen.fd.ping_timeout: 60s
discovery.zen.fd.ping_retries: 10
#三个节点开启,单节点,2节点关闭该参数
#discovery.zen.minimum_master_nodes: 2
#xpack.security.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.key
xpack.security.transport.ssl.certificate: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.crt
xpack.security.transport.ssl.certificate_authorities: ["/zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/ca.crt"]
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.watcher.enabled: false
xpack.ml.enabled: false
##xpack.security.http.ssl.enabled: true
##xpack.security.http.ssl.key: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.key
##xpack.security.http.ssl.certificate: /zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/instance.crt
##xpack.security.http.ssl.certificate_authorities: ["/zywa/elasticsearch/elasticsearch-6.2.2/config/x-pack/ca.crt"]
10、再重启ES集群!!
curl -H 'Content-Type: application/json' -u elastic:infobeat123 -XGET 'node1:9200/_cat/health?pretty=true'
检查三个节点的日志文件,不报错即可:logs/my-cluster.log
kibana检查节点状态等:
GET /_cat/health?v
GET /_cat/nodes?v
============================常用命令===============================================================================
卸载x-pack:
./bin/kibana-plugin remove x-pack
./bin/elasticsearch-plugin remove x-pack
并注释掉所有的xpack.*配置即可;
Kibana 无需安装 x-pack,使用简单的用户密码进行验证,参考提供的对应文件;
logstash 无需安装x-pack,使用简单的用户密码进行验证,参考提供的对应文件;;
修改elastic密码:123456为infobeat123:
curl -H 'Content-Type: application/json' -u elastic:123456 -XPUT 'http://node3:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "infobeat123" }'
教程和安装包下载地址:链接:https://pan.baidu.com/s/1kFoDlHtje4CoS_SlczXM5g
提取码:pql6
![k8s部署es集群和kibana[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)