传输层安全 Elasticsearch 配置

Transport Layer Security Elasticsearch configuration

注:我的Elasticsearch版本是7.15.0


我是 Elasticsearch 的新手,我正在尝试使用 Kibana 警报,为此我必须创建一个 规则和连接器 但是当我选择该字段时,我被告知要 启用传输层安全和 API 密钥 来做所以我按照讲师描述这些步骤的 Elastic Transport Layer Security guide instructions 进行操作:

Encrypt inter-node communications with Transport Layer Security :

1. Open the $ES_PATH_CONF/elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:

cluster.name: my-cluster

b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.

node.name: node-1

c. Add the following settings to enable inter-node communication and provide access to the node’s certificate. Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

由于弹性证书不会在软件安装期间自动生成,因此必须由 [=67= 中的 elasticsearch-certutil 生成] 目录 :

a. 第一:

cd /usr/share/elasticsearch/bin

b. 运行 elastic-certutil 生成 elastic-stack-ca.zip 证书文件:

 bin/elasticsearch-certutil ca

c. 解压缩文件以提取所有信息并将它们移动到 /etc/elasticsearch 目录。

unzip elastic-stack-ca.zip

现在启动elasticsearch服务时出现问题:

sudo service elasticsearch restart 

Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.

我试图通过运行宁这两个控制命令查看错误位置,但我没有理解。

您检查过文件的权限和所有者了吗?文件的权限应为 [​​=10=]。 owner/group 应该是 root:elasticsearch.