elasticsearch版本升级并附加安全性验证(7.5.0->7.17.0)
linux java 864 0
treenewbee 2022-05-07

  1. 下载es安装包(https://elasticsearch.cn/download/)

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gz

  2. 将es安装包解压到和旧版本相同的目录下(若path.data和path.logs使用外部目录,则可不修改配置文件)

    tar -zxvf elasticsearch-7.17.0-linux-x86_64.tar.gz

  3. 修改新版本es文件夹权限

    chown -R es:es elasticsearch-7.17.0

  4. 修改elasticsearch-env使用自带jdk

    #修改前
if [ ! -z "$JAVA_HOME" ]; then
JAVA="$JAVA_HOME/bin/java"
JAVA_TYPE="JAVA_HOME"
 else
if [ "$(uname -s)" = "Darwin" ]; then
  # macOS has a different structure
  JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
else
 JAVA="$ES_HOME/jdk/bin/java"
fi
JAVA_TYPE="bundled jdk"
 fi

    #修改后
if [ "$(uname -s)" = "Darwin" ]; then
 # macOS has a different structure
 JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
  else
 JAVA="$ES_HOME/jdk/bin/java"
  fi
  JAVA_TYPE="bundled jdk"

  5. 配置X-PACK安全认证

    #切换到 elasticsearch 安装文件目录 bin 下,借助elasticsearch-certutil命令生成证书(注意生成证书后需要修改certs文件夹权限):
./elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass

    #---------------修改配置
# 开启xpack
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
# 证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

    #重启es服务
./elasticsearch

    #-------------设置用户名密码
elastic 账号:拥有 superuser 角色,是内置的超级用户。
kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
#手动设置(多个内置账号依次输入,每个账号需要输入两次)
./elasticsearch-setup-passwords interactive
#自动设置(注意保存)
./elasticsearch-setup-passwords auto
#修改密码
curl -H 'Content-Type: application/json' -u elastic:123456 -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "1234567" }'

  6. java服务配置jest用户名密码

    spring.elasticsearch.jest.username: elastic
spring.elasticsearch.jest.password: 123456
#若/_cluster/health接口报错,可配置RestClient信息
spring.elasticsearch.rest.username: elastic
spring.elasticsearch.rest.password: 123456

  7. 修改elasticsearch-head访问方式

    #elasticsearch.yml中增加如下配置
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#在访问elasticsearch-head的url中拼接授权信息
http://IP:9100/?base_uri=http://IP:9200&auth_user=elastic&auth_password=yourpasswd
登录写评论
关于 条款 FAQ API 备站 联系赞助 GitHub Powered by .NET 7.0.20 © Netnr 2024