关于elasticsearch:elastic学习elasticsearch85启动控制台内容

[toc]

1. 不生成证书间接启动

1.1 残缺的控制台信息

间接启动后控制台会展现记录一段要害信息

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━✅ Elasticsearch security features have been automatically configured!✅ Authentication is enabled and cluster connections are encrypted.ℹ️  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):  +H2hnvwZ2DmAHY1Eim_Mℹ️  HTTP CA certificate SHA-256 fingerprint:  d924ffb43dd09829e6f25156b2264dc5b8f5b1d119ac7e1bdde2dd0104776836ℹ️  Configure Kibana to use this cluster:• Run Kibana and click the configuration link in the terminal when Kibana starts.• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):  eyJ2ZXIiOiI4LjUuMiIsImFkciI6WyIyLjAuMC4xOjU5MjAwIl0sImZnciI6ImQ5MjRmZmI0M2RkMDk4MjllNmYyNTE1NmIyMjY0ZGM1YjhmNWIxZDExOWFjN2UxYmRkZTJkZDAxMDQ3NzY4MzYiLCJrZXkiOiJMWFZJVjRVQlVQN1dJOFdZREM2LTpRaTd6WGVHWFFTdS1hZEU1RFJ4Z3Z3In0=ℹ️  Configure other nodes to join this cluster:• On this node:  ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.  ⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.  ⁃ Restart Elasticsearch.• On other nodes:  ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

1.2 整体阐明

1. elastic账号的默认明码
2. HTTP CA证书
3. kibana拜访es的token
4. 其余node退出以后node的cluster的token

1.3 忘性不好我忘了,怎么办

• 问题1. elastic账号默认明码我没看到,清了, 怎么办?
• 问题2. kibana拜访的token超过30分钟了,怎么办?

1.4 重置明码和token

1.4.1 重置明码

运行中另开一个窗口, 应用下列命令能够重置一个明码;

bin/elasticsearch-reset-password -u elastic

1.4.2 重置明码-手动自定义明码

交互式输出明码

bin/elasticsearch-reset-password --username elastic -i

1.5 kibana/其余node退出集群

1.5.1 kibana退出集群的token

(另开命令行执行)

  bin/elasticsearch-create-enrollment-token -s kibana --url "https://localhost:9200"

1.5.2 其余node退出集群token

(另开命令行执行)

  bin/elasticsearch-create-enrollment-token -s node

2. 学生成证书再启动

2.1 控制台信息

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━✅ Elasticsearch security features have been automatically configured!✅ Authentication is enabled and cluster connections are encrypted.ℹ️  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):  DIsWATYoHD8gg8R7Cgdt❌ Unable to generate an enrollment token for Kibana instances, try invoking `bin/elasticsearch-create-enrollment-token -s kibana`.❌ An enrollment token to enroll new nodes wasn't generated. To add nodes and enroll them into this cluster:• On this node:  ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.  ⁃ Restart Elasticsearch.• On other nodes:  ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

2.2 整体阐明

只有一项: elasticsearch的明码

1. elastic账号的默认明码

为什么?

• kibana拜访,用证书
• 其余node退出,用证书

3. 补充:生成证书全过程

3.1 签发CA证书

bin\elasticsearch-certutil.bat ca

目录下生成: elastic-stack-ca.p12

3.2 用CA证书生成节点证书

bin\elasticsearch-certutil.bat cert --ca elastic-stack-ca.p12

会生成: elastic-certificates.p12

留神: 一路回车不要明码

3.3 将CA证书和节点证书mv到config/certs下

如题

3.4 签发HTTP证书

交互过程如下:

bin\elasticsearch-certutil.bat http# 不须要csr, 输出nGenerate a CSR? [y/N]n# 应用生成的CA整肃, 输出yUse an existing CA? [y/N]y# 输出CA门路: 从certs开始CA Path: certs/elastic-stack-ca.p12# 没有CA明码,间接回车Password for elastic-stack-ca.p12:# 设置5年,默认,输出:5yFor how long should your certificate be valid? [5y] 5y# 是否须要每个节点都生成证书:输出nGenerate a certificate per node? [y/N]n# 输出node名称: hostname, 输出后y确认ZB-PF2P9LED# 输出ip: , 输出后y确认192.168.0.102# 方才这些配置还须要批改吗? 输出nDo you wish to change any of these options? [y/N]n# 不必明码, 回车Provide a password for the "http.p12" file:  [<ENTER> for none]# 问要不要给http证书改名, 间接回车What filename should be used for the output zip file? [D:\devs\elastic-safe\es8.5.2\elasticsearch-ssl-http.zip]#最初:Zip file written to D:\devs\elastic-safe\es8.5.2\elasticsearch-ssl-http.zip

3.5 证书放到certs目录下

unzip elasticsearch-ssl-http.zip elasticsearch-ssl-http/mv elasticsearch/http.p12 kibana/elasticsearch-ca.pem config/certs/# 其余的文件删掉即可