Setting Up Elasticsearch 7.x Cluster with Certificate AuthoritySearch Engine2024. 11. 27. 13:49
Table of Contents
1. PEM 형식의 인증서 (CA) 파일 생성
- elastic-stack-ca.p12 파일 생성
bin/elasticsearch-certutil ca --pem
2. 압축 해제
- ca/ca.crt, ca/ca.key 파일을 config/certs 폴더로 이동
unzip elastic-stack-ca.p12
3. 인스턴스 yaml 파일 생성
instances:
- name: 'search1'
ip: ['192.168.156.90']
- name: 'search2'
ip: ['192.168.156.91']
- name: 'search3'
ip: ['192.168.156.92']
- name: 'search4'
ip: ['192.168.156.93']
- name: 'search5'
ip: ['192.168.156.94']
- name: 'search6'
ip: ['192.168.156.95']
4. 생성된 CA 인증서와 개인 키를 사용하여, PEM 형식의 Elasticsearch 노드 인증서를 생성하고, 결과를 ZIP 파일로 저장
bin/elasticsearch-certutil cert --pem --ca-cert config/certs/ca.crt --ca-key config/certs/ca.key --in config/instance.yml --out config/certs/certs.zip
5. 서버에 인증서 복사
- ${HOSTNAME}.crt, ${HOSTNAME}.key, ca.crt 파일을 모든 노드의 config/cert/ 경로에 복사
scp -P3030 -r ./certs kogun82@192.168.156.91:/home/es/config
scp -P3030 -r ./certs kogun82@192.168.156.92:/home/es/config
scp -P3030 -r ./certs kogun82@192.168.156.93:/home/es/config
scp -P3030 -r ./certs kogun82@192.168.156.94:/home/es/config
scp -P3030 -r ./certs kogun82@192.168.156.95:/home/es/config
6. config/elasticsearch.yml TLS 설정
cluster.name: kobic-es-cluster
node.name: ${HOSTNAME}
node.master: true
node.data: false
node.attr.rack: r1
path.data: /BiO/storage/elasticsearch/data
path.logs: /BiO/storage/elasticsearch/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.156.90", "192.168.156.91", "192.168.156.92", "192.168.156.93", "192.168.156.94", "192.168.156.95"]
cluster.initial_master_nodes: ["search1", "search2", "search3"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/${HOSTNAME}.key
xpack.security.transport.ssl.certificate: certs/${HOSTNAME}.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/${HOSTNAME}.key
xpack.security.http.ssl.certificate: certs/${HOSTNAME}.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt
7. 패스워드 초기 설정
- 데몬 구동 전 패스워드 초기 설정
./bin/elasticsearch-setup-passwords interactive -u "https://192.168.156.90:9200"반응형
'Search Engine' 카테고리의 다른 글
| 도커 컴포즈를 활용한 Open Distro for Elasticsearch 설치 (0) | 2024.12.26 |
|---|---|
| kibana 구동 시 resource_already_exists_exception 장애 해결 방법 (0) | 2023.07.22 |
| elasticsearch [..all indices on this node will be marked read-only..] 장애 처리 (0) | 2022.05.05 |
| elasticsearch 7.16.3 환경에서 elasticsearch-hq 3.5.12 설치 (0) | 2022.02.05 |
| elasticsearch "No processor type exists with name [attachment]" 장애 해결 (0) | 2022.02.04 |
@kogun82 :: Ctrl+C&V 로 하는 프로그래밍
Korean BioInformation Center(KOBIC) Korea Research Institute of Bioscience & Biotechnology Address: #52 Eoeun-dong, Yuseong-gu, Deajeon, 305-806, KOREA +82-10-9936-2261 e-mail: kogun82@kribb.re.kr Blog: kogun82.tistory.com Homepage: www.kobic.re.kr
포스팅이 좋았다면 "좋아요❤️" 또는 "구독👍🏻" 해주세요!
![elasticsearch [..all indices on this node will be marked read-only..] 장애 처리](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbJLrce%2FbtsDC7T59fT%2FtfIr1ZL9bqFwpv3k0DeIQk%2Fimg.png)
