【Elasticsearch7.11】增加身份认证

es master 节点操作：

cd /u01/isi/application/component/elasticsearch-7.11.1
su isi
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert –ca elastic-stack-ca.p12

生成elastic-certificates.p12文件在此目录下
cp elastic-certificates.p12 config/elastic-certificates.p12

将elastic-certificates.p12文件拷贝至另外2台ES节点上，文件路径/u01/isi/application/component/elasticsearch-7.11.1/config
赋权chmod 644 /u01/isi/application/component/elasticsearch-7.11.1/config

三台节点执行：
cd /u01/isi/application/component/elasticsearch-7.11.1
su isi
./stop.sh

修改配置文件：
vi config/elasticsearch.yml
最下面添加如下内容：

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

启动es：
./start.sh

设置密码，在master节点操作即可：
./bin/elasticsearch-setup-passwords interactive

根据提示输入y ，设置密码即可。需要输入多次。完成后即可