人妖在线一区,国产日韩欧美一区二区综合在线,国产啪精品视频网站免费,欧美内射深插日本少妇

新聞動(dòng)態(tài)

docker安裝Elasticsearch7.6集群并設(shè)置密碼的方法步驟

發(fā)布日期:2021-12-08 17:22 | 文章來源:源碼中國

Elasticsearch從6.8開始, 允許免費(fèi)用戶使用X-Pack的安全功能, 以前安裝es都是裸奔。接下來記錄配置安全認(rèn)證的方法。

為了簡化物理安裝過程,我們將使用docker安裝我們的服務(wù)。

一些基礎(chǔ)配置

es需要修改linux的一些參數(shù)。

設(shè)置vm.max_map_count=262144

sudo vim /etc/sysctl.conf
vm.max_map_count=262144

不重啟, 直接生效當(dāng)前的命令

sysctl -w vm.max_map_count=262144

es的data和logs目錄需要給1000的用戶授權(quán), 我們假設(shè)安裝3個(gè)實(shí)力的es集群,先創(chuàng)建對(duì)應(yīng)的數(shù)據(jù)存儲(chǔ)文件

mkdir -p es01/data
mkdir -p es01/logs
mkdir -p es02/data
mkdir -p es02/logs
mkdir -p es03/data
mkdir -p es03/logs
## es的用戶id為1000,這里暫且授權(quán)給所有人好了
sudo chmod 777 es* -R

關(guān)于版本和docker鏡像

Elasticsearch分幾種licenses,其中Open Source和Basic是免費(fèi)的, 而在6.8之后安全功能才開始集成在es的Basic授權(quán)上。

Basic對(duì)應(yīng)docker鏡像為

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2

同時(shí)dockerhub同步為elasticsearch. 我們直接拉取elasticsearch:7.6.2就好。

開始

首先,創(chuàng)建docker-compose.yml

version: '2.2'
services:
  es01:
    image: elasticsearch:7.6.2
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es01/data:/usr/share/elasticsearch/data
      - ./es01/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9200:9200
    networks:
      - elastic
  es02:
    image: elasticsearch:7.6.2
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es02/data:/usr/share/elasticsearch/data
      - ./es02/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9201:9200
    networks:
      - elastic
  es03:
    image: elasticsearch:7.6.2
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es03/data:/usr/share/elasticsearch/data
      - ./es03/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9202:9200
    networks:
      - elastic
  kib01:
    depends_on: 
      - es01
    image: kibana:7.6.2
    container_name: kib01
    ports:
      - 5601:5601
    environment:
      ELASTICSEARCH_URL: http://es01:9200
      ELASTICSEARCH_HOSTS: http://es01:9200
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
    networks:
      - elastic
networks:
  elastic:
    driver: bridge

關(guān)于elasticsearch.yml

內(nèi)容如下

network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true
  • network.host 設(shè)置允許其他ip訪問,解除ip綁定
  • xpack.security 則是安全相關(guān)配置,其中ssl的證書需要自己生成

關(guān)于證書elastic-certificates.p12

es提供了生成證書的工具elasticsearch-certutil,我們可以在docker實(shí)例中生成它,然后復(fù)制出來,后面統(tǒng)一使用。

首先運(yùn)行es實(shí)例

sudo docker run -dit --name=es elasticsearch:7.6.2 /bin/bash

進(jìn)入實(shí)例內(nèi)部

sudo docker exec -it es /bin/bash

生成ca: elastic-stack-ca.p12

[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 :

再生成cert: elastic-certificates.p12

[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'cert' mode generates X.509 certificate and private keys.

這個(gè)生成elastic-certificates.p12 就是我們需要使用的。

復(fù)制出證書, ctrl+d退出容器內(nèi)部

sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 .
# 關(guān)閉這個(gè)容器
sudo docker kill es
sudo docker rm es

如此獲取了證書。

生成密碼

我們首先要啟動(dòng)es集群,去里面生成密碼。

sudo docker-compose up

然后進(jìn)入其中一臺(tái)

sudo docker exec -it es01 /bin/bash

生成密碼用auto, 自己設(shè)置用 interactive

[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords -h
Sets the passwords for reserved users
Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user
Non-option arguments:
command              
Option             Description        
------             -----------        
-E <KeyValuePair>  Configure a setting
-h, --help         Show help          
-s, --silent       Show minimal output
-v, --verbose      Show verbose output

[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y

Changed password for user apm_system
PASSWORD apm_system = YxVzeT9B2jEDUjYp66Ws
Changed password for user kibana
PASSWORD kibana = 8NnThbj0N02iDaTGhidU
Changed password for user logstash_system
PASSWORD logstash_system = 9nIDGe7KSV8SQidSk8Dj
Changed password for user beats_system
PASSWORD beats_system = qeuVaf1VEALpJHfEUOjJ
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = DtZCrCkVTZsinRn3tW3D
Changed password for user elastic
PASSWORD elastic = q5f2qNfUJQyvZPIz57MZ

使用密碼

瀏覽器訪問localhost:9200/9201/9202 需要輸入賬號(hào)

輸入對(duì)應(yīng)的elastic/password就好

瀏覽器訪問localhost:5601

忘記密碼

如果生成后忘記密碼了怎么辦, 可以進(jìn)入機(jī)器去修改。

進(jìn)入es的機(jī)器

sudo docker exec -it es01 /bin/bash

創(chuàng)建一個(gè)臨時(shí)的超級(jí)用戶RyanMiao

./bin/elasticsearch-users useradd ryan -r superuser
Enter new password: 
ERROR: Invalid password...passwords must be at least [6] characters long
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-users useradd ryan -r superuser
Enter new password: 
Retype new password:

用這個(gè)用戶去修改elastic的密碼:

curl -XPUT -u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
{
  "password": "q5f2qNfUJQyvZPIz57MZ"
}'

參考 http://codingfundas.com/setting-up-elasticsearch-6-8-with-kibana-and-x-pack-security-enabled/index.html

到此這篇關(guān)于docker安裝Elasticsearch7.6集群并設(shè)置密碼的方法步驟的文章就介紹到這了,更多相關(guān)docker安裝Elasticsearch7.6集群 內(nèi)容請(qǐng)搜索本站以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持本站!

版權(quán)聲明:本站文章來源標(biāo)注為YINGSOO的內(nèi)容版權(quán)均為本站所有,歡迎引用、轉(zhuǎn)載,請(qǐng)保持原文完整并注明來源及原文鏈接。禁止復(fù)制或仿造本網(wǎng)站,禁止在非www.sddonglingsh.com所屬的服務(wù)器上建立鏡像,否則將依法追究法律責(zé)任。本站部分內(nèi)容來源于網(wǎng)友推薦、互聯(lián)網(wǎng)收集整理而來,僅供學(xué)習(xí)參考,不代表本站立場(chǎng),如有內(nèi)容涉嫌侵權(quán),請(qǐng)聯(lián)系alex-e#qq.com處理。

實(shí)時(shí)開通

自選配置、實(shí)時(shí)開通

免備案

全球線路精選!

全天候客戶服務(wù)

7x24全年不間斷在線

專屬顧問服務(wù)

1對(duì)1客戶咨詢顧問

在線
客服

在線客服:7*24小時(shí)在線

客服
熱線

400-630-3752
7*24小時(shí)客服服務(wù)熱線

關(guān)注
微信

關(guān)注官方微信
頂部