一、部署es集群

参考
https://www.jianshu.com/p/965f4cf3246c

二、生成证书和密钥

1、/usr/share/elasticsearch/bin/elasticsearch-certutil ca

2、/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
一路回车默认就行了

3、证书部署脚本
生成证书以后，要复制到集群每个节点，并修改yml配置文件,然后重启

#配置证书存放目录
mkdir /etc/elasticsearch/certs
cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/certs
chmod -R elasticsearch:elasticsearch /etc/elasticsearch/certs

#修改yml配置文件
echo "xpack.security.audit.enabled: true" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.security.enabled: true" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.license.self_generated.type: basic" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.enabled: true" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.verification_mode: certificate" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.keystore.path: certs\/elastic-certificates.p12" >> /etc/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.truststore.path: certs\/elastic-certificates.p12" >> /etc/elasticsearch/elasticsearch.yml

4、在master节点设置所有默认账号的密码
执行命令
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
然后一路y确认
最后输入密码

5、修改kibana.yml

echo "elasticsearch.username: \"elastic\"" >> /etc/kibana/kibana.yml
echo "elasticsearch.password: \"XXXX\"" >> /etc/kibana/kibana.yml
systemctl restart kibana

注：
1）es集群里，只用在一个master节点配置即可

2）此方式只能使用一次，第二次执行时修改密码会报错

Unexpected response code [503] from calling PUT http://39.104.166.15:9201/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index
Possible next steps:
* Try running this tool again.
* Try running with the --verbose parameter for additional messages.
* Check the elasticsearch logs for additional error details.
* Use the change password API manually.
ERROR: Failed to set password for user [apm_system].

3）如果第一次设置密码出现此报错可尝试自动生成密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

4）如果已经执行过了，只能尝试调用RestFull修改，这个我还没尝试过，后面补文档

5)一定要先设置集群间证书认证，再设置账号密码，不然会报错无法获取集群状态而设置不了。

Unexpected response code [503] from calling PUT http://39.104.166.15:9201/_security/user/apm_system/_password?pretty

6)证书一定要方式在es的certs目录里，且将其赋予其elasticsearch用户和用户组，否则会报错。

[2020-12-14T02:48:25,120][ERROR][o.e.b.Bootstrap ] [es01] Exception
java.security.AccessControlException: access denied ("java.io.FilePermission" "/es_data" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1036) ~[?:?]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.10.0.jar:7.10.0]
[2020-12-14T02:48:25,131][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [es01] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.security.AccessControlException: access denied ("java.io.FilePermission" "/es_data" "read")
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/es_data" "read")