elasticsearch设置账号和密码的完整代码示例
作者:小石潭记丶
1、es安装,挂载路径根据实际情况修改
docker run -d --restart always \ --name es \ -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \ -e "discovery.type=single-node" \ -e "TZ=Asia/Shanghai" \ -v /mnt/data/efk/es/data:/usr/share/elasticsearch/data \ -v /home/clouduser/cxb/efk/account-efk/es-plugins:/usr/share/elasticsearch/plugins \ -v /home/clouduser/cxb/efk/account-efk/es-config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 \ -v /home/clouduser/cxb/efk/account-efk/es-config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ --network docker-common-net \ -p 9200:9200 \ -p 9300:9300 \ elasticsearch:8.6.0
2、生成证书
#进入es容器 docker exec -it es /bin/bash # 生成ca ./bin/elasticsearch-certutil ca
注:两个红方框位置直接回车
3、生成cert证书
# 再生成cert ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
注:前两个红框直接回车,第三个红框可以直接回车,也可以输入证书密码
4、查看证书
# 查看两个证书 ls
5、退出容器
exit
6、拷贝es容器的证书
或者直接拷贝到宿主机,通过挂载的方式挂载进去。
# 进入es的config文件夹 mkdir -p /data/es/single/config && cd /data/es/single/config # 拷贝容器证书 docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 ./ # 授权证书 chmod 777 elastic-certificates.p12
7、添加配置文档
vi elasticsearch.yml
network.host: 0.0.0.0 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.audit.enabled: true
修改docker-compon.yml
# 进入文件目录 cd /data/es/single # 添加两行 - /data/es/single/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 - /data/es/single/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
目前青田实际的yml文件:通过挂载的方式实现的上面两个步骤
cluster.name: "docker-cluster" network.host: 0.0.0.0 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.audit.enabled: true
8、设置es账号、密码
# 进入es容器 docker exec -it es /bin/bash # 设置密码(账号默认为 elastic) ./bin/elasticsearch-setup-passwords interactive
注:密码可设置为同一个密码,容易记住
9、给kibana设置账目密码
/home/clouduser/cxb/efk/account-efk/kibana/kibana.yml
i18n.locale: zh-CN server.host: "0.0.0.0" server.shutdownTimeout: "5s" elasticsearch.hosts: [ "http://es:9200" ] elasticsearch.username: "root" elasticsearch.password: "1q*********"
1,FATAL Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead.
界面会显示:Kibana server is not ready yet.
这是因为es 不允许使用elastic用户登录kibana
所以这里需要创建一个自定义用户
进入es容器,docker exec -it es bash,执行bin/elasticsearch-users useradd test
添加了用户,并需要给这个用户添加角色不然会报错
角色授权
bin/elasticsearch-users roles -a superuser test
bin/elasticsearch-users roles -a kibana_system test
总结
到此这篇关于elasticsearch设置账号和密码的文章就介绍到这了,更多相关elasticsearch设置账号和密码内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!