elasticsearch6.8.6配置xpack（生成密钥）

转载，请注明出处：https://www.cnblogs.com/cchilei/p/13085842.html

启动ES

./bin/elasticsearch -d

设置ES内置用户及密码

1、先创建keystore文件

./bin/elasticsearch-keystore create

2、ES 配置文件elasticsearch.yml

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required

3、设置交互式生成密码（ES必须是启动状态）

./bin/elasticsearch-setup-passwords interactive

Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:

ES生成密钥

1、在/es安装目录/bin/下执行

./elasticsearch-certutil ca --pem

执行后会在bin文件夹下生成根密钥：elastic-stack-ca.zip（默认zip包的名称）

2、解压根密钥，会生成一个 ca文件夹，包含ca.key,和ca.cert

unzip elastic-stack-ca.zip

3、在/es安装目录/bin/下执行

./elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem

执行后会生成节点密钥：certificate-bundle.zip（默认zip包的名称）

4、解压后会生成 一个instance文件夹，包含instance.key,和instance.crt

unzip certificate-bundle.zip

5、在config目录创建x-pack文件夹（x-pack所属权限为es用户）

mkdir config/x-pack

6、将bin目录生成的ca和instance两个文件夹 拷贝至x-pack文件夹下

7、重新启动ES