1、建立ES集羣
2、在任何一個節點創建一個ca,記住ca密碼
bin/elasticsearch-certutil ca
3、拿ca文件到個節點創建基於ca的該主機的憑證,需要ca密碼,並設置憑證密碼
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
4、將證書密碼添加到keystore,keystore不存在時用./bin/elasticsearch-keystore create創建
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
5、將生成的憑證用主機名命名,放在${ES_HOME}/config/certs/
6、所有節點的憑證發送到其他所有節點的certs目錄
7、配置config/elasticsearch.yml,打開安全模式,重啓集羣
8、設置角色、用戶等
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/defining-roles.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/users-command.html