当我们在配置Elasticsearch的时候,发现如果是在铂金版(Platinum license)的情况下,如果你想要启动密码功能( xpack.security.enabled: true),那么他会提示你需要节点间启用ssl交互验证模式。
如果你不配置,启动的时候会报错:
Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]大概需要如下的配置项
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elk_96.key
xpack.security.transport.ssl.certificate: certs/elk_96.crt
xpack.security.transport.ssl.certificate_authorities: [ "certs/ca.crt" ]
xpack.security.http.ssl.key: certs/elk_96.key
xpack.security.http.ssl.certificate: certs/elk_96.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt
xpack.monitoring.collection.enabled: true证书创建
编辑配置文件
cat /home/root/tmp/instance.yml
instances:
- name: 'elk_96'
dns: [ 'elk_96' ]
- name: "elk_97"
dns: [ 'elk_97' ]
- name: "elk_98"
dns: [ 'elk_98' ]生成证书
/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /home/root/tmp/instance.yml --out ./certs.zip参考资料:
https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html