已安装成功
在elasticsearch.yml 中设置
xpack.security.enabled: false
设置用户名和密码
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
启动报错
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
ERROR: Elasticsearch did not exit normally - check the logs at /usr/local/elasticsearch/logs/elasticsearch.log
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
启动报错
org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
继续配置证书,在创建这两个文件的时候,提示需要输入密码(我输入的):123456
生成elastic-stack-ca.p12文件
./bin/elasticsearch-certutil ca
生成elastic-certificates.p12文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
启动报错,提示我没有获取到密码或密码不正确
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/local/elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
在网上百度了,看了一些文章后,在 elasticsearch.yml 中添加了以下设置
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.type: PKCS12
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.transport.ssl.truststore.password: 123456
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
启动还是报错
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.http.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/local/elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption
我想要达到的结果
elasticsearch 8.0.0 能安装成功,设置用户名和密码成功,并能访问