Elasticsearch滚动升级,添加X-pack安全验证（6.4.1-6.8.x-7.8.x）

Elasticsearch滚动升级,添加X-pack安全验证（6.4.1-6.8.x-7.8.x）

一．查看官网升级树

Upgrade from	Recommended upgrade path to 7.8.0
7.0–7.7	Rolling upgrade to 7.8.0

6.8	Rolling upgrade to 7.8.0

6.0–6.7	1.	Rolling upgrade to 6.8
2.	Rolling upgrade to 7.8.0

5.6	1.	Rolling upgrade to 6.8
2.	Rolling upgrade to 7.8.0

5.0–5.5	1.	Rolling upgrade to 5.6
2.	Rolling upgrade to 6.8
3.	Rolling upgrade to 7.8.0

二．升级elasticsearch

2.1.先升级slave节点，后升级master

2.2.禁用分片（6.4.1升级到6.8.x）
curl -X PUT http://192.168.50.120:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{"transient": {"cluster.routing.allocation.enable": "none"}}'

systemclt stop elasticsearch
先升级到6.8.x
rpm -Uvh elasticsearch-6.8.10.rpm

启动分片，通过elasticsearch-head查看状态，后启动服务
curl -X PUT http://192.168.50.120:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{"transient": {"cluster.routing.allocation.enable": "all"}}'

2.3.升级到elasticsearch7.8.x

2.3.1.首先去除java环境变量，es7.8自带java环境vim /etc/profile后 ,重启机器
执行上述同样的步骤，禁用分片，停止服务，升级elasticsearch-7.8.10.rpm，启动服务
rpm -Uvh elasticsearch-7.8.10.rpm
2.3.2.升级X-pack安全验证
cd /usr/share/elasticsearch
./bin/elasticsearch-certutil ca直接回车。默认文件会在 ES 根目录产生，名为 elastic-stack-ca.p12。
然后可以将文件 elastic-stack-ca.p12 复制到每个 ES 节点的根目录下。
scp elastic-stack-ca.p12 192.168.50.122:/usr/share/elasticsearch/
scp elastic-stack-ca.p12 192.168.50.121:/usr/share/elasticsearch/）

为集群中的每个节点创建证书和私钥（每个node都要执行以下内容）
生成证书和密钥
./bin/elasticsearch-certutil cert --ca ./elastic-stack-ca.p12 
mv elastic-certificates.p12 /etc/elasticsearch
cd /etc/elasticsearch
chmod 777 elastic-certificates.p12
将生成的文件复制到配置文件目录下,此时需要更改权限chmod 777

修改 ES 配置文件
默认文件： ./config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

设置内置用户密码（统一设置一个）
./bin/elasticsearch-setup-passwords interactive

修改kibana配置文件
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
xpack.security.enabled: true

三．kibana升级

3.1.升级到6.8.10
systemclt stop kibana
rpm -Uvh kibana-6.8.10-x86_64.rpm
启动服务器
3.2.升级到7.8.10（注修改es集群地址）
升级到kibana7.8.10
修改kibana配置文件（指定es集群地址）
需要用：elasticsearch.hosts， 而不是：elasticsearch.url

四．配置logstash /apm文件
logstash配置

input{
    file {
        path=>"/var/log/messages"
        start_position=>"beginning"
    }
}
output {
    elasticsearch {
            hosts => [ "192.168.50.122:9200" ]
            index => "messageslog8623-%{[log_source]}-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "123456"
    }
    stdout { codec => rubydebug}

}

apm配置

######################### APM Server Configuration #########################
output.elasticsearch:
    hosts: ["192.168.50.122:9200"]
    username: "elastic"
    password: "123456"

################################ APM Server ################################

apm-server:
  # Defines the host and port the server is listening on. Use "unix:/path/to.sock" to listen on a unix domain socket.
  host: "0.0.0.0:8200"