Instalación de clúster de Elasticsearch-6.2.4 y autenticación de contraseña de X-pack de clúster abierto

Uno, instale elasticsearch por paquete rpm

El medio ambiente es:

 [root@sdk-25 run]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)
关闭selinx,

下面是安装和启动命令
[root@local-216 soft]# rpm -ivh elasticsearch-6.2.4.rpm 
warning: elasticsearch-6.2.4.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing...                          ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
   1:elasticsearch-0:6.2.4-1          ################################# [100%]

El siguiente es el comando systemctl start es:

NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

En segundo lugar, utilice el paquete binario elasticsearch-6.2.4.tar.gz para descomprimir e instalar directamente

Realice la siguiente optimización de parámetros en el sistema del servidor de elasticsearch con anticipación, para que pueda evitar muchos errores durante el proceso de inicio después de instalar es

Optimización del entorno del sistema del servidor ES:

 最少使用swap内存交换分区，
 关于优化，可以参考
 https://www.jianshu.com/p/7c163d7e9ecb

[root@sdk-25 ~]# tail -2 /etc/sysctl.conf 
vm.swappiness=1  ##禁止用交换内存
vm.max_map_count=262144   ##设置虚拟内存

 [root@sdk-25 ~]# cat /etc/security/limits.conf 
##文件句柄数
* soft nofile 131072
* hard nofile 131072

##进程线程数
* soft nproc 131072
* hard nproc 131072

##内存锁定交换
* soft memlock unlimited
* hard memlock unlimited

Descripción del entorno del sistema de instalación:

[root @ sdk-25 run] # cat / etc / redhat-
release Versión de CentOS Linux 7.6.1810 (Core)

Los pasos de instalación específicos son los siguientes:

Instale el entorno jdk1.8 por adelantado:
[root @ sdk-25 config] # source / etc / profile
export JAVA_HOME = / usr / local / jdk
export PATH = $ JAVA_HOME / bin: $ PATH

Centos7.6. Instalación de paquete binario de instancia única ES:
Descargue el paquete de instalación binaria elasticsearch-6.2.4.tar.gz:
wget -P / data / soft https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2. 4.tar.gz

La siguiente preparación es iniciar tres instancias de elasticsearch en una sola máquina:


cd /data/soft;tar xf elasticsearch-6.2.4.tar.gz -C /usr/local/;cp -rp elasticsearch-6.2.4 elasticsearch01;cp -rp elasticsearch-6.2.4 elasticsearch02;cp -rp elasticsearch-6.2.4 elasticsearch03;
useradd  elasticsearch;passwd elasticsearch 
 mkdir /data/elasticsearch{01,02,03}/{data,logs,run} -p
 cd /data
 chown -R elasticsearch.elasticsearch elasticsearch0*

2.1, inicie la primera instancia única elasticsearch01

El archivo de configuración de elasticsearch01 de instancia única es el siguiente:

 [root@sdk-25 config]# cat /usr/local/elasticsearch01/config/elasticsearch.yml
node.name: node25
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
path.data: /data/elasticsearch01/data
path.logs: /data/elasticsearch01/logs
#
bootstrap.memory_lock: true
#
network.host: 127.0.0.1
#network.host: 192.168.1.25
#
http.port: 9200
transport.tcp.port: 9300
##下面是es7版本的参数
#discovery.seed_hosts: ["192.168.1.25:9300"]
#cluster.initial_master_nodes: ["192.168.1.25:9300"]

Sugerencia: Anteriormente, elasticsearch se instaló en el paquete rpm en la máquina centos7.6, por lo que habrá un script de inicio systemctl o servicio elasticsearch01 start / status / restart /

[root@sdk-25 ~]# cp /usr/lib/systemd/system/elasticsearch.service /usr/lib/systemd/system/elasticsearch01.service
[root@sdk-25 ~]# systemctl enable elasticsearch01.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch01.service to /usr/lib/systemd/system/elasticsearch01.service.

El archivo de configuración del script de inicio elasticsearch01 archivo de configuración elasticsearch es el siguiente:

[root@sdk-25 run]# cat /usr/lib/systemd/system/elasticsearch01.service
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
RuntimeDirectory=elasticsearch
Environment=ES_HOME=/usr/local/elasticsearch01
Environment=ES_PATH_CONF=/usr/local/elasticsearch01/config
Environment=PID_DIR=/data/elasticsearch01/run
EnvironmentFile=-/etc/sysconfig/elasticsearch01

WorkingDirectory=/usr/local/elasticsearch01

User=elasticsearch
Group=elasticsearch

ExecStart=/usr/local/elasticsearch01/bin/elasticsearch  -p ${PID_DIR}/elasticsearch.pid --quiet

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Specifies the maximum number of processes
LimitNPROC=4096

# Specifies the maximum size of virtual memory
LimitAS=infinity

# Specifies the maximum file size
LimitFSIZE=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM

# Send the signal only to the JVM rather than its control group
KillMode=process

# Java process is never killed
SendSIGKILL=no

# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

# Built for distribution-6.2.4 (distribution)

El archivo de configuración de la variable de entorno elasticsearch01 es el siguiente:

[root@sdk-25 local]# cp /etc/sysconfig/elasticsearch /etc/sysconfig/elasticsearch01
 [root@sdk-25 run]# cat /etc/sysconfig/elasticsearch01
################################
#Elasticsearch
################################
#Elasticsearch home directory
ES_HOME=/usr/local/elasticsearch01
#Elasticsearch Java path
JAVA_HOME=/usr/local/jdk
 Elasticsearch configuration directory
ES_PATH_CONF=/usr/local/elasticsearch01/config
#Elasticsearch PID directory
PID_DIR=/data/elasticsearch01/run
#Additional Java OPTS
#ES_JAVA_OPTS=

#Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true

################################
#Elasticsearch service
################################
#SysV init.d
#The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5

################################
#System properties
################################
#Specifies the maximum file descriptor number that can be opened by this process
#When using Systemd, this setting is ignored and the LimitNOFILE defined in
#/usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65536
#The maximum number of bytes of memory that may be locked into RAM
#Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
#in elasticsearch.yml.
#When using systemd, LimitMEMLOCK must be set in a unit file such as
#/etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited

#Maximum number of VMA (Virtual Memory Areas) a process can own
#When using Systemd, this setting is ignored and the 'vm.max_map_count'
#property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
#MAX_MAP_COUNT=262144

[root@sdk-25 run]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: active (running) since 五 2020-07-24 23:44:12 CST; 3min 32s ago
     Docs: http://www.elastic.co
 Main PID: 18141 (java)
   CGroup: /system.slice/elasticsearch.service
           └─18141 /usr/local/jdk/bin/java -Xms4g -Xmx4g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava....

7月 24 23:44:12 sdk-25 systemd[1]: Started Elasticsearch.

[root@sdk-25 local]# ss -lntup|grep java
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9200                 :::*                   users:(("java",pid=7245,fd=750))
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9300                 :::*                   users:(("java",pid=7245,fd=556))
[root@sdk-25 local]# service elasticsearch01 stop
Redirecting to /bin/systemctl stop elasticsearch01.service

[root@sdk-25 local]# service elasticsearch01 start
Redirecting to /bin/systemctl start elasticsearch01.service

[root@sdk-25 local]# ss -lntup|grep java
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9200                 :::*                   users:(("java",pid=8591,fd=750))
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9300                 :::*                   users:(("java",pid=8591,fd=556))

[root@sdk-25 local]# service elasticsearch01 status
Redirecting to /bin/systemctl status elasticsearch01.service
● elasticsearch01.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch01.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2020-07-26 12:03:03 CST; 54s ago
     Docs: http://www.elastic.co
 Main PID: 7245 (java)
   CGroup: /system.slice/elasticsearch01.service
           ├─7245 /usr/local/jdk/bin/java -Xms4g -Xmx4g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.a...
           └─7409 /usr/local/elasticsearch01/plugins/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

7月 26 12:03:03 sdk-25 systemd[1]: Started Elasticsearch.

2.2, inicie la segunda instancia única elasticsearch02

El proceso de operación es el mismo que el de la primera instancia única elasticsearch01

El contenido del archivo de configuración elasticsearch02 de instancia única es el siguiente:


[root@sdk-25 local]# cat /usr/local/elasticsearch02/config/elasticsearch.yml
node.name: node25-1

#Add custom attributes to the node:
#node.attr.rack: r1
path.data: /data/elasticsearch02/data
path.logs: /data/elasticsearch02/logs
bootstrap.memory_lock: true
network.host: 127.0.0.1
#network.host: 192.168.1.25
http.port: 9201
transport.tcp.port: 9301
##下面是es7版本的参数
#discovery.seed_hosts: ["192.168.1.25:9300"]
#cluster.initial_master_nodes: ["192.168.1.25:9300"]

Prepare el archivo de configuración para el inicio de systemctl y el archivo de variable de entorno para el inicio:

[root@sdk-25 local]# cat /usr/lib/systemd/system/elasticsearch02.service
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
RuntimeDirectory=elasticsearch
Environment=ES_HOME=/usr/local/elasticsearch02
Environment=ES_PATH_CONF=/usr/local/elasticsearch02/config
Environment=PID_DIR=/data/elasticsearch02/run
EnvironmentFile=-/etc/sysconfig/elasticsearch02

WorkingDirectory=/usr/local/elasticsearch02

User=elasticsearch
Group=elasticsearch

ExecStart=/usr/local/elasticsearch02/bin/elasticsearch  -p ${PID_DIR}/elasticsearch.pid --quiet

#StandardOutput is configured to redirect to journalctl since
#some error messages may be logged in standard output before
#elasticsearch logging system is initialized. Elasticsearch
#stores its logs in /var/log/elasticsearch and does not use
#journalctl by default. If you also want to enable journalctl
#logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit

#Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

#Specifies the maximum number of processes
LimitNPROC=4096

#Specifies the maximum size of virtual memory
LimitAS=infinity

#Specifies the maximum file size
LimitFSIZE=infinity

#Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

#SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM

#Send the signal only to the JVM rather than its control group
KillMode=process

#Java process is never killed
SendSIGKILL=no
#When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target
#Built for distribution-6.2.4 (distribution)

[root@sdk-25 local]# cat /etc/sysconfig/elasticsearch02 
################################
#Elasticsearch
################################

#Elasticsearch home directory
ES_HOME=/usr/local/elasticsearch02

#Elasticsearch Java path
JAVA_HOME=/usr/local/jdk

#Elasticsearch configuration directory
ES_PATH_CONF=/usr/local/elasticsearch02/config

#Elasticsearch PID directory
PID_DIR=/data/elasticsearch02/run

#Additional Java OPTS
#ES_JAVA_OPTS=

#Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true

################################
#Elasticsearch service
################################

#SysV init.d

#The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5

################################
#System properties
################################

#Specifies the maximum file descriptor number that can be opened by this process
#When using Systemd, this setting is ignored and the LimitNOFILE defined in
#/usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65536

#The maximum number of bytes of memory that may be locked into RAM
#Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
#in elasticsearch.yml.
#When using systemd, LimitMEMLOCK must be set in a unit file such as
#/etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited

#Maximum number of VMA (Virtual Memory Areas) a process can own
#When using Systemd, this setting is ignored and the 'vm.max_map_count'
#property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
#MAX_MAP_COUNT=262144

Los comandos de inicio de es relacionados con Systemctl son los siguientes:


保证es开机自启动:
[root@sdk-25 system]# systemctl enable elasticsearch02.service
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch02.service to /usr/lib/systemd/system/elasticsearch02.service.

[root@sdk-25 local]# service elasticsearch02 status/stop/restart
[root@sdk-25 local]# systemctl status elasticsearch02.service 
● elasticsearch02.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch02.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since 日 2020-07-26 12:21:49 CST; 6s ago
     Docs: http://www.elastic.co
  Process: 4255 ExecStart=/usr/local/elasticsearch02/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=143)
 Main PID: 4255 (code=exited, status=143)

7月 25 00:02:22 sdk-25 systemd[1]: Started Elasticsearch.
7月 26 12:21:49 sdk-25 systemd[1]: Stopping Elasticsearch...
7月 26 12:21:49 sdk-25 systemd[1]: Stopped Elasticsearch.

[root@sdk-25 local]# service elasticsearch02 start
Redirecting to /bin/systemctl start elasticsearch02.service
[root@sdk-25 local]# ss -lntup|egrep "9201|9301"
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9201                 :::*                   users:(("java",pid=11387,fd=685))
tcp    LISTEN     0      128    ::ffff:127.0.0.1:9301                 :::*                   users:(("java",pid=11387,fd=491))

[root@sdk-25 system]# curl http://127.0.0.1:9201
{
  "name" : "node25-1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "6qPnIoTCRn2fACH4CENyPA",
  "version" : {
    "number" : "6.2.4",
    "build_hash" : "ccec39f",
    "build_date" : "2018-04-12T20:37:28.497551Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

2.3 Iniciar la tercera instancia única elasticsearch03

Los pasos de la operación son los mismos que los del método anterior, por lo que no lo describiré demasiado aquí.

3. Instale el complemento IK, el complemento pinyin y el complemento x-pack en la instancia uno de elasticsearch01

La versión de estos complementos debe ser estrictamente consistente con la versión de la instancia elasticsearch01, de lo contrario habrá un error (incompatible).
Instale el complemento IK y el complemento pinyin y descárguelo directamente desde github, descomprímalo a / usr / local / elasticsearch01 / plugins, y asegúrese de prestar atención al complemento. El permiso debe ser elasticsearch; de lo contrario, el reinicio de es fallará cuando caduque. Al mismo tiempo, después de instalar el complemento, reinicie el servicio es

[root@sdk-25 plugins]# pwd
/usr/local/elasticsearch01/plugins
[root@sdk-25 plugins]# ls
ik  pinyin  x-pack
[root@sdk-25 plugins]# ll
总用量 0
drwxrwxrwx  3 elasticsearch elasticsearch 213 5月   6 2018 ik
drwxrwxrwx  2 elasticsearch elasticsearch 113 5月   6 2018 pinyin
drwxr-xr-x 11 elasticsearch elasticsearch 244 7月  25 12:07 x-pack

La siguiente es una introducción detallada a la instalación y aplicación simple del complemento x-pack:

Instale el
documento de referencia del complemento x-pack :
https://www.jianshu.com/p/802c5d803a95

Ver complementos instalados:

[root@sdk-25 vhost]# /usr/local/elasticsearch01/bin/elasticsearch-plugin  list
ik
pinyi

Registre el complemento x-pack, dos métodos de instalación:

Método de instalación en línea: (g doméstico, basado en el entorno de red, muy lento, la instalación básica no es posible)

下面是在国外的服务器进行现在安装的，非常的快
[root@192-200-102-74 plugins]# /usr/share/elasticsearch/bin/elasticsearch-plugin install x-pack 
-> Downloading x-pack from elastic
[=================================================] 100%?? 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: plugin forks a native controller        @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.

Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-core,x-pack-deprecation,x-pack-graph,x-pack-logstash,x-pack-ml,x-pack-monitoring,x-pack-security,x-pack-upgrade,x-pack-watcher
[root@192-200-102-74 plugins]# echo $?
0

La segunda es la instalación sin conexión: se recomienda que los servidores domésticos se instalen sin conexión:

** Descargue la versión del complemento x-pack correspondiente por adelantado.
Utilicé el paquete binario elasticsearch.6.2.4.tar.gz para instalar en línea, así que tengo que descargar la
dirección de descarga oficial del paquete x-pack.2.6.4.zip versión sin conexión correspondiente , por supuesto, tengo que descargar
https: //artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.4.zip

Después de descargarlo, cárguelo en el servidor ECS de
Alibaba en Hong Kong du -sh x-pack-6.2.4.zip
296M x-pack-6.2.4.zip

Empuje desde el servidor es de HK al OSS de Ali, y luego descargue a través del nombre de dominio CDN de Ali:


[root@hk-cj01 ~]# /usr/local/sbin/ossutil64 --config-file=/data/soft/ossconfig cp x-pack-6.2.4.zip oss://lanhu-static/zy01baodown/ --update 
Succeed: Total num: 1, size: 309,419,696. OK num: 1(upload 1 files).                                        
79.701253(s) elapsed

wget https://va1.j7lf.cn/zy01baodown/x-pack-6.2.4.zip

[root@sdk-25 vhost]# /usr/local/elasticsearch01/bin/elasticsearch-plugin install file:///data/soft/x-pack-6.2.4.zip 
-> Downloading file:///data/soft/x-pack-6.2.4.zip
[=================================================] 100%   
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: plugin forks a native controller        @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.

Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-core,x-pack-deprecation,x-pack-graph,x-pack-logstash,x-pack-ml,x-pack-monitoring,x-pack-security,x-pack-upgrade,x-pack-watcher

Determine si el complemento se instaló correctamente:

[root@sdk-25 vhost]# /usr/local/elasticsearch01/bin/elasticsearch-plugin list
ik
pinyin
x-pack
    x-pack-core
    x-pack-deprecation
    x-pack-graph
    x-pack-logstash
    x-pack-ml
    x-pack-monitoring
    x-pack-security
    x-pack-upgrade
    x-pack-watcher

Desinstalar el complemento x-pack

bin/elasticsearch-plugin remove x-pack

La contraseña predeterminada generada por es es la siguiente:

 /usr/local/elasticsearch01/bin/x-pack/setup-passwords auto

[root@sdk-25 vhost]# /usr/local/elasticsearch01/bin/x-pack/setup-passwords auto 

Unexpected response code [404] from calling GET http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
Possible causes include:
 * The relative path of the URL is incorrect. Is there a proxy in-between?
 * The protocol (http/https) does not match the port.
 * Is this really an Elasticsearch server?

ERROR: Uknown error

报错，因为安装完插件需要重启下es,

[root@sdk-25 vhost]# systemctl restart elasticsearch.service
**重启完接着报错：**
[root@sdk-25 vhost]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 六 2020-07-25 12:27:59 CST; 7s ago
     Docs: http://www.elastic.co
  Process: 32419 ExecStart=/usr/local/elasticsearch01/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
 Main PID: 32419 (code=exited, status=1/FAILURE)

7月 25 12:27:57 sdk-25 systemd[1]: Started Elasticsearch.
7月 25 12:27:59 sdk-25 elasticsearch[32419]: Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /usr/local/elastic...rch.keystore
7月 25 12:27:59 sdk-25 systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
7月 25 12:27:59 sdk-25 systemd[1]: Unit elasticsearch.service entered failed state.
7月 25 12:27:59 sdk-25 systemd[1]: elasticsearch.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Verifique los permisos del complemento en la instalación y descubra que es causado por permisos incorrectos

[root@sdk-25 plugins]# ll
总用量 0
drwxrwxrwx  3 root root 213 5月   6 2018 ik
drwxrwxrwx  2 root root 113 5月   6 2018 pinyin
drwxr-xr-x 11 root root 244 7月  25 12:07 x-pack

Autorizar elasticsearch:

[root@sdk-25 elasticsearch01]# chown -R elasticsearch.elasticsearch *
启动成功：
[root@sdk-25 elasticsearch01]# systemctl status  elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: active (running) since 六 2020-07-25 12:33:11 CST; 43min ago
     Docs: http://www.elastic.co
 Main PID: 1266 (java)
   CGroup: /system.slice/elasticsearch.service
           ├─1266 /usr/local/jdk/bin/java -Xms4g -Xmx4g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.a...
           └─1431 /usr/local/elasticsearch01/plugins/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

7月 25 12:33:11 sdk-25 systemd[1]: Started Elasticsearch.

La contraseña predeterminada generada por es es la siguiente:

/usr/local/elasticsearch01/bin/x-pack/setup-passwords auto 
[root@sdk-25 elasticsearch01]# /usr/local/elasticsearch01/bin/x-pack/setup-passwords auto 
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y

Changed password for user kibana
PASSWORD kibana = FvdqDOUkXvEijZKjfB8p

Changed password for user logstash_system
PASSWORD logstash_system = VUFZn9iL4AEJrH3Owkdq

Changed password for user elastic
PASSWORD elastic = 5BheRCDLKSvT1ZP1zhHf
[root@sdk-25 elasticsearch01]# curl http://127.0.0.1:9200 
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@sdk-25 elasticsearch01]#

Acceso por cuenta y contraseña:

[root@sdk-25 elasticsearch01]# curl --user elastic:5BheRCDLKSvT1ZP1zhHf http://127.0.0.1:9200
{
  "name" : "node25",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "YSRMrxOBTZW7hicZqZ-Dhg",
  "version" : {
    "number" : "6.2.4",
    "build_hash" : "ccec39f",
    "build_date" : "2018-04-12T20:37:28.497551Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

Olvidé la contraseña de ES para recuperar el método:

https://www.cnblogs.com/mere/p/12165637.html

Utilice el comando ES_HOME / bin / x-pack / users para crear un superadministrador basado en la autenticación de precio de venta local:

[root@sdk-25 config]# /usr/local/elasticsearch01/bin/x-pack/users useradd my_admin -p 5BheRCDLK12389Sv -r superuser
[root@sdk-25 config]#

Restablezca la contraseña del superadministrador elástico a través de la api:

curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'{"password" : "5BheRCDLK12389Sv"}'

[root@sdk-25 config]# curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'{"password" : "5BheRCDLK12389Sv"}'
Enter host password for user 'my_admin': 5BheRCDLK12389Sv
{ }
[2020-07-25T14:19:50,117][INFO ][o.e.x.s.a.f.FileUserPasswdStore] [node25] users file [/usr/local/elasticsearch01/config/x-pack/users] changed. updating users... )
[2020-07-25T14:19:50,124][INFO ][o.e.x.s.a.f.FileUserRolesStore] [node25] users roles file [/usr/local/elasticsearch01/config/x-pack/users_roles] changed. updating users roles...

Error al iniciar sesión con la contraseña original:

[root@sdk-25 ~]# curl --user elastic:5BheRCDLKSvT1ZP1zhHf http://127.0.0.1:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@sdk-25 ~]# 

[2020-07-25T14:23:51,638][INFO ][o.e.x.s.a.AuthenticationService] [node25] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

El uso de la nueva contraseña es exitoso:


[root@sdk-25 ~]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9200
{
  "name" : "node25",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "YSRMrxOBTZW7hicZqZ-Dhg",
  "version" : {
    "number" : "6.2.4",
    "build_hash" : "ccec39f",
    "build_date" : "2018-04-12T20:37:28.497551Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

Verifique que la contraseña se haya restablecido correctamente:

curl -u elastic 'http://127.0.0.1:9200/_xpack/security/_authenticate?pretty'

[root@sdk-25 ~]# curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'
Enter host password for user 'elastic':  5BheRCDLK12389Sv
{
  "username" : "elastic",
  "roles" : [
    "superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true
}

Operación CURL de ElasticSearch:
https://blog.csdn.net/diyiday/article/details/83927744

 [root@local-216 ~]# /usr/share/elasticsearch/bin/x-pack/users useradd my_admin -p admin123987 -r superuser

Materiales de referencia de aprendizaje de ES:
https://www.cnblogs.com/leeSmall/p/9189078.html

4. Instale 3 instancias de ES en un solo servidor y configure un clúster de ES basado en la autenticación de contraseña X-pack

El contenido del archivo de configuración es el siguiente:


[root@sdk-25 logs]# cat /usr/local/elasticsearch01/config/elasticsearch.yml
cluster.name: escluster
node.name: es1
node.master: true
node.data: true
path.data: /data/elasticsearch01/data
path.logs: /data/elasticsearch01/logs
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
http.port: 9200
transport.tcp.port: 9300
network.host: 127.0.0.1
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9301","127.0.0.1:9302"]

[root@sdk-25 logs]# cat /usr/local/elasticsearch02/config/elasticsearch.yml
cluster.name: escluster
node.name: es2
node.master: true
node.data: true
path.data: /data/elasticsearch02/data
path.logs: /data/elasticsearch02/logs
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
http.port: 9201
transport.tcp.port: 9301
network.host: 127.0.0.1
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9302"]

[root@sdk-25 logs]# cat /usr/local/elasticsearch03/config/elasticsearch.yml
cluster.name: escluster
node.name: es3
node.master: true
node.data: true
path.data: /data/elasticsearch03/data
path.logs: /data/elasticsearch03/logs
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
http.port: 9202
transport.tcp.port: 9302
network.host: 127.0.0.1
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301"]

Se inician las tres instancias de ES y el complemento de autenticación de contraseña de x-pack no debe instalarse por adelantado para las tres instancias. Las tres instancias se identificarán y agregarán automáticamente al clúster.

La forma correcta de establecer una contraseña para el clúster ES es:
no instale el complemento x-pack para establecer la contraseña en las tres primeras instancias. En su lugar, configure las tres instancias primero, inícielas todas e instale el complemento x-pack desde la instancia del nodo maestro para establecer la contraseña.
Luego, los otros nodos también instalan el complemento x-pack y luego reinician las otras 2 instancias de ES, pero las otras 2 instancias de ES no necesitan establecer una contraseña

El siguiente es el estado del clúster cuando el complemento de contraseña de x-pack no está instalado en las tres instancias de ES:

[root@sdk-25 plugins]# curl  http://127.0.0.1:9200/_cat/nodes
127.0.0.1 28 32 0 0.06 0.09 0.12 mdi - es3
127.0.0.1 42 32 0 0.06 0.09 0.12 mdi * es1
127.0.0.1 44 32 0 0.06 0.09 0.12 mdi - es2
[root@sdk-25 plugins]# curl  http://127.0.0.1:9201/_cat/nodes
127.0.0.1 42 32 0 0.00 0.04 0.10 mdi * es1
127.0.0.1 44 32 0 0.00 0.04 0.10 mdi - es2
127.0.0.1 28 32 0 0.00 0.04 0.10 mdi - es3
[root@sdk-25 plugins]# curl  http://127.0.0.1:9202/_cat/nodes
127.0.0.1 28 32 0 0.00 0.04 0.10 mdi - es3
127.0.0.1 42 32 0 0.00 0.04 0.10 mdi * es1
127.0.0.1 44 32 0 0.00 0.04 0.10 mdi - es2

El nodo principal es ES1:

[root@sdk-25 plugins]# curl 'http://127.0.0.1:9200/_cat/master?v'
id                     host      ip        node
VojUpPevTV2tH56AwJN03g 127.0.0.1 127.0.0.1 es1

Puede ver que el nodo ES3 es el maestro en el clúster. Instale el complemento x-pack desde la instancia del nodo ES-maestro ES1 para establecer la contraseña para la instancia secundaria. Luego, instale el complemento x-pack para las otras 2 instancias de ES y reinicie los otros 2 servicios de ES.
Pero no es necesario establecer una contraseña para estas 2 instancias ES


[root@sdk-25 bin]# /usr/local/elasticsearch01/bin/elasticsearch-plugin install file:///data/soft/x-pack-6.2.4.zip
-> Downloading file:///data/soft/x-pack-6.2.4.zip
[=================================================] 100%   
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: plugin forks a native controller        @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.

Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-core,x-pack-deprecation,x-pack-graph,x-pack-logstash,x-pack-ml,x-pack-monitoring,x-pack-security,x-pack-upgrade,x-pack-watcher
[root@sdk-25 bin]# 
[root@sdk-25 bin]# cd /usr/local/elasticsearch01/plugins/
[root@sdk-25 plugins]# ll
总用量 0
drwxrwxrwx  3 root root 213 5月   6 2018 ik
drwxrwxrwx  2 root root 113 5月   6 2018 pinyin
drwxr-xr-x 11 root root 244 7月  26 16:15 x-pack
 [root@sdk-25 bin]#cd /usr/local/elasticsearch03
 [root@sdk-25 bin]# chown -R elasticsearch.elasticsearch *
[root@sdk-25 plugins]# ll
总用量 0
drwxrwxrwx  3 elasticsearch elasticsearch 213 5月   6 2018 ik
drwxrwxrwx  2 elasticsearch elasticsearch 113 5月   6 2018 pinyin
drwxr-xr-x 11 elasticsearch elasticsearch 244 7月  26 16:15 x-pack

[root@sdk-25 config]# systemctl restart elasticsearch01
[root@sdk-25 config]#  /usr/local/elasticsearch01/bin/x-pack/users useradd my_admin -p 5BheRCDLK12389Sv -r superuser
[root@sdk-25 config]# curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'{"password" : "5BheRCDLK12389Sv"}'
Enter host password for user 'my_admin':
{ }

Instale el complemento x-pack para las instancias restantes de ES2 ES3, luego autorice elasticsearch.elasticsearch y, finalmente, reinicie las 2 instancias es:

/usr/local/elasticsearch03/bin/elasticsearch-plugin install file:///data/soft/x-pack-6.2.4.zip
/usr/local/elasticsearch02/bin/elasticsearch-plugin install file:///data/soft/x-pack-6.2.4.zip
[root@sdk-25 config]# cd /usr/local/
[root@sdk-25 local]# chown -R elasticsearch.elasticsearch elasticsearch0*

[root@sdk-25 ~]# systemctl restart elasticsearch02; systemctl restart elasticsearch03

En este momento, el estado del clúster solo se puede ver a través del usuario y la contraseña:

[root@sdk-25 local]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9200/_cat/nodes
127.0.0.1 22 32 5 3.07 1.00 0.47 mdi - es2
127.0.0.1 38 32 5 3.07 1.00 0.47 mdi * es1
127.0.0.1 31 32 5 3.07 1.00 0.47 mdi - es3
[root@sdk-25 local]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9201/_cat/nodes
127.0.0.1 38 32 0 2.83 0.98 0.47 mdi * es1
127.0.0.1 22 32 0 2.83 0.98 0.47 mdi - es2
127.0.0.1 31 32 0 2.83 0.98 0.47 mdi - es3
[root@sdk-25 local]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9202/_cat/nodes
127.0.0.1 24 32 1 2.76 1.00 0.48 mdi - es2
127.0.0.1 41 32 1 2.76 1.00 0.48 mdi * es1
127.0.0.1 31 32 1 2.76 1.00 0.48 mdi - es3

Se reporta un error al acceder al nodo sin ingresar la cuenta y contraseña:


[root@sdk-25 local]# curl http://127.0.0.1:9200/_cat/nodes
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/nodes]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/nodes]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@sdk-25 local]#

Cinco, los problemas encontrados durante la implementación del clúster ES

Caso número uno:

[root@sdk-25 plugins]# /usr/local/elasticsearch01/bin/x-pack/setup-passwords auto
Unexpected response code [404] from calling GET http://127.0.0.1:9202/_xpack/security/_authenticate?pretty
Possible causes include:
 * The relative path of the URL is incorrect. Is there a proxy in-between?
 * The protocol (http/https) does not match the port.
 * Is this really an Elasticsearch server?

ERROR: Uknown error

La razón es que después de instalar el complemento x-pack, elasticsearch.elasticsearch no se vuelve a autorizar y el servicio es se reinicia, se informa del error

Caso 2:

La instancia elasticsearch01 se instala con el complemento x-pack y se establece la contraseña de inicio de sesión de ES. Otras no se instalan. Como resultado, cuando se configura el clúster, la
instancia elasticsearch01 no se puede agregar al clúster. La instancia es1 genera un registro de errores:

[zen-disco-node-failed({es1}{jbc_qu6ZQteoD1uH_o6eEg}{vmt_wvYPQwaHCPnBQOonzw}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=67336515584, 
ml.max_open_jobs=20, ml.enabled=true}), reason(failed to ping, tried [3] times, each with maximum [30s] timeout)[{es1}{jbc_qu6ZQteoD1uH_o6eEg}
{vmt_wvYPQwaHCPnBQOonzw}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=67336515584, ml.max_open_jobs=20, ml.enabled=true} 
failed to ping, tried [3] times, each with maximum [30s] timeout, {es1}{jbc_qu6ZQteoD1uH_o6eEg}{vmt_wvYPQwaHCPnBQOonzw}
{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=67336515584, ml.max_open_jobs=20, ml.enabled=true} failed to ping, tried [3] times, each with maximum [30s] timeout]]])

Ver cada nodo en el clúster solo puede ver la instancia 2 y la instancia 3, pero no la instancia 1:

[root@sdk-25 logs]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9202/_cat/nodes 
127.0.0.1 29 32 0 0.23 0.26 0.19 mdi * es3
127.0.0.1 29 32 1 0.23 0.26 0.19 mdi - es2
[root@sdk-25 logs]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9201/_cat/nodes 
127.0.0.1 29 32 0 0.23 0.26 0.19 mdi * es3
127.0.0.1 29 32 0 0.23 0.26 0.19 mdi - es2
[root@sdk-25 logs]# curl --user elastic:5BheRCDLK12389Sv http://127.0.0.1:9200/_cat/nodes 
127.0.0.1 29 32 0 0.21 0.25 0.19 mdi * es3
127.0.0.1 29 32 0 0.21 0.25 0.19 mdi - es2

El siguiente es el estado del clúster cuando el complemento de contraseña de x-pack no está instalado:


[root@sdk-25 plugins]# curl  http://127.0.0.1:9200/_cat/nodes
127.0.0.1 28 32 0 0.06 0.09 0.12 mdi - es1
127.0.0.1 42 32 0 0.06 0.09 0.12 mdi * es3
127.0.0.1 44 32 0 0.06 0.09 0.12 mdi - es2
[root@sdk-25 plugins]# curl  http://127.0.0.1:9201/_cat/nodes
127.0.0.1 42 32 0 0.00 0.04 0.10 mdi * es3
127.0.0.1 44 32 0 0.00 0.04 0.10 mdi - es2
127.0.0.1 28 32 0 0.00 0.04 0.10 mdi - es1
[root@sdk-25 plugins]# curl  http://127.0.0.1:9202/_cat/nodes
127.0.0.1 28 32 0 0.00 0.04 0.10 mdi - es1
127.0.0.1 42 32 0 0.00 0.04 0.10 mdi * es3
127.0.0.1 44 32 0 0.00 0.04 0.10 mdi - es2

[root@sdk-25 plugins]# curl 'http://127.0.0.1:9200/_cat/master?v'
id                     host      ip        node
VojUpPevTV2tH56AwJN03g 127.0.0.1 127.0.0.1 es3

Puede ver que el nodo ES3 es el maestro en el clúster. Instale el complemento x-pack desde la instancia del nodo ES-maestro para establecer la contraseña para la instancia secundaria. Luego, instale el complemento x-pack para las otras 2 instancias de ES y reinicie los otros 2 servicios de ES.
Pero no es necesario establecer una contraseña para estas 2 instancias ES

No lo entiendo aquí: una vez que se reinicia la instancia de ES, el ES que originalmente era el nodo maser cambiará a otros nodos. ¿Cómo se pueden replicar los datos de contraseña establecidos después de reiniciar en el nodo maestro original en otros nodos? ? ? ?