自动生成和配置ES的安全证书

系统工具安装

    1.下载离线的rpm包

        yum -y install yum-utils
        yumdownloader expect    把rpm包下载到本地
        yumdownloader tcl

       自动生成和配置ES的安全证书

       自动生成和配置ES的安全证书

   2.下载源码包需要首先编译安装 如果没有gcc的话就会编译失败.如果是下载的rpm包则不会出现依赖问题

        自动生成和配置ES的安全证书

     3.rpm包自动包含了软件包所有的依赖的其它包

启动ES设置读取证书文件权限

 自动生成和配置ES的安全证书

 自动生成和配置ES的安全证书

 使用不同的jdk需要设置到对应的策略文件

自动创建证书

function create_certs()
{
  
 expect <<EOF
   spawn ${ES_INSTALL_DIR}/bin/elasticsearch-certutil cert --ip ${IP} --pem
   expect {
             #"Please enter the desired output file [certificate-bundle.zip]" { send "\n"}
             "Please enter the desired output file" { send "\n"}
          }
   expect eof
EOF
  echo "证书生成完毕${ES_INSTALL_DIR}/certificate-bundle.zip"
  rm -fr ${ES_INSTALL_DIR}/ca
  rm -fr ${ES_INSTALL_DIR}/instance
  unzip ${ES_INSTALL_DIR}/certificate-bundle.zip -d ${ES_INSTALL_DIR}
  #unzip ${ES_INSTALL_DIR}/certificate-bundle.zip
  chown -R ${ES_USER}:${ES_USER} ${ES_INSTALL_DIR}
}


function modify_elastichyml()
{
  
  ymlpath=${ES_INSTALL_DIR}/config
  cp ../../etc/elasticsearch/elasticsearch.yml ${ymlpath}/
  #cp  ../../etc/elasticsearch/elasticsearch.yml  ${ymlpath}/elasticsearch.yml
  sed -i "s#__ip__#${IP}#g" ${ymlpath}/elasticsearch.yml
  sed -i "s#__es_install_dir__#${ES_INSTALL_DIR}#g" ${ymlpath}/elasticsearch.yml

  javafile=${ES_INSTALL_DIR}/jdk/conf/security/java.policy
  javafile2=${INSTALL_DIR}/jdk/jre/lib/security/java.policy
  
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/ca/ca.crt\", \"read,write\";" ${javafile}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/ca\", \"read,write\";" ${javafile}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance/instance.key\", \"read,write\";" ${javafile}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance/instance.crt\", \"read,write\";" ${javafile}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance\", \"read,write\";" ${javafile}   

  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/ca/ca.crt\", \"read,write\";" ${javafile2}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/ca\", \"read,write\";" ${javafile2}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance/instance.key\", \"read,write\";" ${javafile2}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance/instance.crt\", \"read,write\";" ${javafile2}
  sed -i "/permission java.util.PropertyPermission \"java.vm.name\", \"read\";/a permission java.io.FilePermission  \"${ES_INSTALL_DIR}/instance\", \"read,write\";" ${javafile2}

  sed -i "/# End of file/i * soft nofile 65536" /etc/security/limits.conf
  sed -i "/# End of file/i * hard nofile 65536" /etc/security/limits.conf
  sysctl -w vm.max_map_count=262144
}
创建证书

相关文章:

  • 2021-11-23
  • 2021-06-23
  • 2021-11-29
  • 2022-12-23
  • 2021-11-28
  • 2021-10-08
  • 2021-07-24
  • 2021-10-28
猜你喜欢
  • 2021-08-11
  • 2021-11-23
  • 2021-05-10
  • 2021-09-16
  • 2022-12-23
  • 2022-02-20
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode