當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

02.德国博士练习_01_cluster_install

發布時間：2024/2/28 编程问答 29 豆豆

生活随笔收集整理的這篇文章主要介紹了 02.德国博士练习_01_cluster_install 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

文章目錄

- 1. exercise01: node role , network
- 2. exercise02
- - 1.transport通信加密
  - 2. 開啟security

1. exercise01: node role , network

# ** EXAM OBJECTIVE: INSTALLATION AND CONFIGURATION ** # GOAL: Setup an Elasticsearch cluster that satisfies a given set # of requirements # REQUIRED SETUP: /# Download the exam version of Elasticsearch # Deploy the cluster `eoc-01-cluster`, so that it satisfies the # following requirements: # (i) has three nodes, named `node1`, `node2`, and `node3`, # (ii) all nodes are eligible master nodesNow, let’s configure the network and discovery settings. # Bind `node1` to the IP address “151.101.2.217” and port “9201” # Bind `node2` to the IP address “151.101.2.218” and port “9202” # Bind `node3` to the IP address “151.101.2.219” and port “9203” # Configure the cluster discovery module of `node2` and `node3` so # as to use `node1` as seed host# Configure `node1` to be a data node but not an ingest node # Configure `node2` and `node3` to be both an ingest and data node # Configure `node1` to disallow swapping on its host# Configure the JVM settings of each node so that it uses a minimum # and maximum of 8 GB for the heap # Configure the logging settings of each node so that # (i) the logs directory is not the default one, # (ii) the log level for transport-related events is "debug" # Configure the nodes so as to disable the possibility to delete # indices using wildcards cluster.name: eoc-01-cluster node.name: node1 network.host: 10.76.0.98node.ingest: falsehttp.port: 19200 transport.port: 19300bootstrap.system_call_filter: falsediscovery.seed_hosts:- 10.76.0.98:19300cluster.initial_master_nodes:- node1- node2- node3bootstrap.memory_lock: true action.destructive_requires_name: truelog4j2設置logger.transport.name = org.elasticsearch.transport logger.transport.level = debug cluster.name: eoc-01-cluster node.name: node2 network.host: 10.76.3.145node.data: true node.ingest: truehttp.port: 19200 transport.port: 19300bootstrap.system_call_filter: falsediscovery.seed_hosts:- 10.76.0.98:19300cluster.initial_master_nodes:- node1- node2- node3log4j2設置logger.transport.name = org.elasticsearch.transport logger.transport.level = debug cluster.name: eoc-01-cluster node.name: node2 network.host: 10.76.0.129http.port: 19200 transport.port: 19300node.data: true node.ingest: truebootstrap.system_call_filter: falsediscovery.seed_hosts:- 10.76.0.98:19300cluster.initial_master_nodes:- node1- node2- node3log4j2設置logger.transport.name = org.elasticsearch.transport logger.transport.level = debug

2. exercise02

# ** EXAM OBJECTIVE: INSTALLATION AND CONFIGURATION ** # GOAL: Secure a cluster and an index using Elasticsearch Security # REQUIRED SETUP: # (i) a running Elasticsearch cluster with at least one node and # a Kibana instance, # (ii) no index with name `hamlet` is indexed on the cluster

這個是多節點的security開啟，默認情況下
單節點的只需要在yml中配置security開啟，然后初始化內置用戶的密碼即可
多節點必須要滿足多節點下的transport的通信是加密的，所以多了一個transport 通信加密環節

1.transport通信加密

生成CA

bin/elasticsearch-certutil ca

使用CA生成證書

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把這兩個證書放到config下的certs目錄（需要創建）

mkdir config/certs mv elastic-* config/certs/

yml中配置

xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

在其他機器中做同樣的配置
將config/certs 下的東西拷貝到其他幾點，并放到config/certs下面，重復步驟4

2. 開啟security

單機版的只有這一步

yml中設置開啟security

xpack.security.enabled: true

重新啟動es
kill cat pid && bin/elasticsearch -d -p pid

設置內置用戶的初始密碼
./bin/elasticsearch-setup-passwords interactive
這一步注意看看題目有沒有要求

設置kibana用戶

這個耗時很久，不熟練。

初始化數據

# Create the index `hamlet` and add some documents by running the # following _bulk command:PUT hamlet/_doc/_bulk {"index":{"_index":"hamlet","_id":0}} {"line_number":"1","speaker":"BERNARDO","text_entry":"Whos there?"} {"index":{"_index":"hamlet","_id":1}} {"line_number":"2","speaker":"FRANCISCO","text_entry":"Nay, answer me: stand, and unfold yourself."} {"index":{"_index":"hamlet","_id":2}} {"line_number":"3","speaker":"BERNARDO","text_entry":"Long live the king!"} {"index":{"_index":"hamlet","_id":3}} {"line_number":"4","speaker":"FRANCISCO","text_entry":"Bernardo?"} {"index":{"_index":"hamlet","_id":4}} {"line_number":"5","speaker":"BERNARDO","text_entry":"He."} {"index":{"_index":"hamlet","_id":5}} {"line_number":"6","speaker":"FRANCISCO","text_entry":"You come most carefully upon your hour."} {"index":{"_index":"hamlet","_id":6}} {"line_number":"7","speaker":"BERNARDO","text_entry":"Tis now struck twelve; get thee to bed, Francisco."} {"index":{"_index":"hamlet","_id":7}} {"line_number":"8","speaker":"FRANCISCO","text_entry":"For this relief much thanks: tis bitter cold,"} {"index":{"_index":"hamlet","_id":8}} {"line_number":"9","speaker":"FRANCISCO","text_entry":"And I am sick at heart."} {"index":{"_index":"hamlet","_id":9}} {"line_number":"10","speaker":"BERNARDO","text_entry":"Have you had quiet guard?"} # Create the security role `francisco_role` in the native realm, so # that: # (i) the role has "monitor" privileges on the cluster, # (ii) the role has all privileges on the `hamlet` index # Create the user `francisco` with password "francisco-password" # Assign the role `francisco_role` to the `francisco` user # Login using the `francisco` user credentials, and run queries on # `hamlet` to verify that the role privileges were correctly set

在kibana中操作，記得給role增加kiana的權限

# Create the security role `bernardo_role` in the native realm, so # that: # (i) the role has "monitor" privileges on the cluster, # (ii) the role has read-only privileges on the `hamlet` index, # (iii) the role can see only those documents having "BERNARDO" as a `speaker`, # (iv) the role can see only the `text_entry` field# Create the user`bernardo` with password "bernardo-password" # Assign the role `bernardo_role` to the `bernardo` user # Login using the `bernardo` user credentials, and run queries on # `hamlet` to verify that the role privileges were correctly set

因為3和4是收費項目，所以下面的語句會報錯

POST _security/role/bernardo_role {"cluster":["monitor"],"indices": [{"names": ["hamlet"],"privileges": ["read"],"field_security": {"grant":["text_entry"]},"query": "{{\"match\": {\"speaker\": \"BERNARDO\"}}}"}] } GET _license返回 {"license" : {"status" : "active","uid" : "a0d31e24-327f-411f-9922-793319744ad5","type" : "basic","issue_date" : "2020-12-02T09:05:48.200Z","issue_date_in_millis" : 1606899948200,"max_nodes" : 1000,"issued_to" : "eoc-01-cluster","issuer" : "elasticsearch","start_date_in_millis" : -1} }POST /_license/start_trial?acknowledge=true

注意, 做完了都檢查一下權限是否正常

總結

以上是生活随笔為你收集整理的02.德国博士练习_01_cluster_install的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： 01. elasticsearch ce
下一篇： 03.德国博士练习_02_admin_c