Press "Enter" to skip to content

Elasticsearch 启动security需要启用SSL配置(Transport SSL must be enabled for setups with production licenses. )

当我们在配置Elasticsearch的时候,发现如果是在铂金版(Platinum license)的情况下,如果你想要启动密码功能( xpack.security.enabled: true),那么他会提示你需要节点间启用ssl交互验证模式。

如果你不配置,启动的时候会报错:

Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

大概需要如下的配置项

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elk_96.key
xpack.security.transport.ssl.certificate: certs/elk_96.crt
xpack.security.transport.ssl.certificate_authorities: [ "certs/ca.crt" ]

xpack.security.http.ssl.key: certs/elk_96.key
xpack.security.http.ssl.certificate: certs/elk_96.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt

xpack.monitoring.collection.enabled: true

证书创建

编辑配置文件

cat /home/root/tmp/instance.yml

instances:
  - name: 'elk_96'
    dns: [ 'elk_96' ]
  - name: "elk_97"
    dns: [ 'elk_97' ]
  - name: "elk_98"
    dns: [ 'elk_98' ]

生成证书

/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /home/root/tmp/instance.yml --out ./certs.zip

参考资料:

https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注