个人中心
gpt4 book ai didi

elasticsearch - 在Elasticsearch中具有两个节点的集群中启用安全性

转载 作者:行者123 更新时间:2023-12-03 01:10:18 27 4
gpt4 key购买 nike

我试图在Elasticsearch节点中启用安全性功能,但是每当我打开“xpack.security.enabled:true”时,我的Elasticsearch根本不会启动。我该如何解决?
这是我在两个Elasticsearch节点上的配置:
节点1:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: "elastic-a"
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: "elastic-master"
node.master: true
node.data: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.143.30
#http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.143.30", "192.168.143.23"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["elastic-master","elastic-slave"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
xpack.security.enabled: true

节点2: 
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: "elastic-a"
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: "elastic-slave"
node.master: true
node.data: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.143.23
#http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.143.30", "192.168.143.23"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["elastic-master","elastic-slave"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
xpack.security.enabled: true

我可以在不设置节点(单节点)的情况下启用安全功能,但是在设置节点后无法使用。
sudo journalctl -f日志: 
Oct 21 12:24:51 elastic-master systemd[1]: Starting Elasticsearch...
Oct 21 12:24:52 elastic-master elasticsearch[18296]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","admin"],"pid":781,"message":"Unable to revive connection: http://192.168.143.30:9200/"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","admin"],"pid":781,"message":"No living connections"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","admin"],"pid":781,"message":"Unable to revive connection: http://192.168.143.30:9200/"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","admin"],"pid":781,"message":"No living connections"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","data"],"pid":781,"message":"Unable to revive connection: http://192.168.143.30:9200/"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","elasticsearch","data"],"pid":781,"message":"No living connections"}
Oct 21 12:24:53 elastic-master kibana[781]: {"type":"log","@timestamp":"2020-10-21T08:54:53Z","tags":["warning","plugins","licensing"],"pid":781,"message":"License information could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections"}
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,557][INFO ][o.e.e.NodeEnvironment    ] [elastic-master] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [32.3gb], net total_space [43.9gb], types [rootfs]
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,561][INFO ][o.e.e.NodeEnvironment    ] [elastic-master] heap size [989.8mb], compressed ordinary object pointers [true]
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,612][INFO ][o.e.n.Node               ] [elastic-master] node name [elastic-master], node ID [1lAXp_eJRL--r0o2Uq4P1Q], cluster name [elastic-a]
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,613][INFO ][o.e.n.Node               ] [elastic-master] version[7.5.0], pid[18296], build[default/rpm/e9ccaed468e2fac2275a3761849cbee64b39519f/2019-11-26T01:06:52.518245Z], OS[Linux/3.10.0-1127.19.1.el7.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/13.0.1/13.0.1+9]
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,613][INFO ][o.e.n.Node               ] [elastic-master] JVM home [/usr/share/elasticsearch/jdk]
Oct 21 12:24:54 elastic-master elasticsearch[18296]: [2020-10-21T12:24:54,613][INFO ][o.e.n.Node               ] [elastic-master] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=COMPAT, -Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.io.tmpdir=/tmp/elasticsearch-1946051170077590643, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
   elastic-master elasticsearch[18296]: [2020-10-21T12:24:55,042][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [elastic-master] uncaught exception in thread [main]
   elastic-master elasticsearch[18296]: org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: ... 6 more
   elastic-master elasticsearch[18296]: Caused by: java.lang.reflect.InvocationTargetException
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: ... 6 more
   elastic-master elasticsearch[18296]: Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:449) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:430) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:121) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:142) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: ... 6 more
   elastic-master elasticsearch[18296]: Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - not permitted to read truststore file [/etc/elasticsearch/certs/elastic-certificates.p12]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.TrustConfig.unreadableTrustConfigFile(TrustConfig.java:121) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:70) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:384) ~[?:?]
   elastic-master elasticsearch[18296]: at java.util.HashMap.computeIfAbsent(HashMap.java:1138) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:446) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:430) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:121) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:142) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: ... 6 more
   elastic-master elasticsearch[18296]: Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/certs/elastic-certificates.p12
   elastic-master elasticsearch[18296]: at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
   elastic-master elasticsearch[18296]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
   elastic-master elasticsearch[18296]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
   elastic-master elasticsearch[18296]: at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[?:?]
   elastic-master elasticsearch[18296]: at java.nio.file.Files.newByteChannel(Files.java:374) ~[?:?]
   elastic-master elasticsearch[18296]: at java.nio.file.Files.newByteChannel(Files.java:425) ~[?:?]
   elastic-master elasticsearch[18296]: at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]
   elastic-master elasticsearch[18296]: at java.nio.file.Files.newInputStream(Files.java:159) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:95) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:65) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:384) ~[?:?]
   elastic-master elasticsearch[18296]: at java.util.HashMap.computeIfAbsent(HashMap.java:1138) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:446) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:430) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:121) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:142) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
   elastic-master elasticsearch[18296]: at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
   elastic-master elasticsearch[18296]: at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.0.jar:7.5.0]
   elastic-master elasticsearch[18296]: ... 6 more
   elastic-master systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
   elastic-master systemd[1]: Failed to start Elasticsearch.
   elastic-master systemd[1]: Unit elasticsearch.service entered failed state.
   elastic-master systemd[1]: elasticsearch.service failed.
   elastic-master polkitd[814]: Unregistered Authentication Agent for unix-process:18290:7813320 (system bus name :1.429, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

最佳答案

如果您启用安全性,则必须强制节点通过SSL相互通信,即您需要将节点配置为encrypt communications between them。因此,您需要执行一些步骤:
步骤1:Generate a node certificate
在此步骤中,有两个选项:
A. 如果您没有任何根证书颁发机构来签名证书,则可以使用bin/elasticsearch-certutil ca创建一个证书颁发机构(按照here解释的步骤进行操作)。您将获得以PKCS#12编码的证书,其中包含根CA证书,节点证书和私钥。
B. 如果您的组织具有根证书颁发机构(Digicert等),则可以create a CSR(证书签名请求)提交到根CA。通常,您将获得以PKCS#7编码的证书。 PS:让我们知道这是否是您要走的路,因为还有更多步骤将其转换为PKCS#12。
请注意,出于测试目的,您绝对可以在两个节点上使用相同的证书,即您不需要为每个节点生成一个证书。
步骤2:Modify your configuration
获得节点证书后(通过选项A或B),可以通过在elasticsearch.yml文件中添加以下内容来修改两个节点上的配置:

# enable security
xpack.security.enabled: true

# make sure the nodes talk in SSL to each other
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/mynode.p12 
xpack.security.transport.ssl.truststore.path: certs/mynode.p12
之后,您可以重新启动群集,因为它们现在可以使用SSL相互通信。

关于elasticsearch - 在Elasticsearch中具有两个节点的集群中启用安全性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64426911/

27 4 0
文章推荐: angularjs - Angular Azure 移动服务客户端 API key 用法
文章推荐: visual-studio - Visual Studio 2015 Enterprise 脱机安装失败
文章推荐: azure - Windows Azure 自定义域映射
文章推荐: openssl - 有人使用 OpenSSL 甚至内部实现了 ElGamal 吗?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com