将 Elasticsearch 2.1.1 升级到 2.2.0 - 缺少身份验证令牌?
Upgrading Elasticsearch 2.1.1 to 2.2.0 - missing authentication token?
我决定尝试将当前集群从 ES2.1.1 升级到 ES2.2.0。
一对镜子。集群在 AWS 中 运行,所以我使用 cloud-aws 插件进行通信。
我成功升级了第一个节点,它已经成为master状态,但是我在升级第二个节点时遇到了一个奇怪的communication/authentication问题。
我注意了指南here,但我似乎仍然遇到了一个奇怪的问题。
来自第二个节点上的主集群日志:
[2016-02-03 12:29:41,241][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:42,455][DEBUG][action.admin.cluster.health] [Sharon Ventura] no known master node, scheduling a retry
[2016-02-03 12:29:44,255][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:47,269][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:49,472][DEBUG][action.admin.cluster.state] [Sharon Ventura] timed out while retrying [cluster:monitor/state] after failure (timeout [30s])
[2016-02-03 12:29:49,473][INFO ][rest.suppressed ] /_cluster/settings Params: {}
MasterNotDiscoveredException[null]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.onTimeout(TransportMasterNodeAction.java:205)
at org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:239)
at org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:794)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2016-02-03 12:29:50,283][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
我的 elasticsearch.yml 文件:
cluster.name: cluster01
http.cors.enabled: true
network.host: 0.0.0.0
discovery.type: ec2
discovery.ec2.tag.project_code_info: "cluster01"
cloud.aws.region: eu-central-1
我可以在日志中看到它已检测到第一个节点:[Space Phantom][10.60.164.147:9300]
它在没有任何干预的情况下检测到它,但它显然无法进行身份验证。
我怀疑这可能与 Shield 插件有关,该插件也已安装,但正确且相同的权限设置与之前相同。其他都没有改变。
我在 shield 中使用用户名和密码,没有配置 SSL。
有人可以帮忙吗?
按照@user3458016 的要求,我设法弄明白了。
我设法解决了这个问题,方法是(在所有节点上)重置所有设置和配置,删除插件 license、shield,删除所有用户并像以前一样重新添加所有用户。这些配置一开始是相同的,所以这很奇怪。
首先,停止所有节点上的elasticsearch。
如果 运行 在本地停止 kibana。
如果您有任何自定义角色,请检查 /etc/elasticsearch/shield/roles.yml 中的配置
如果可能,从单个记录的配置中刷新它。
删除插件:
/usr/share/elasticsearch/bin/plugin remove elasticsearch/license/latest
/usr/share/elasticsearch/bin/plugin remove elasticsearch/shield/latest
删除用户:
/usr/share/elasticsearch/bin/shield/esusers userdel admin
/usr/share/elasticsearch/bin/shield/esusers userdel logstash
重新添加插件:
/usr/share/elasticsearch/bin/plugin install elasticsearch/license/latest -b
/usr/share/elasticsearch/bin/plugin install elasticsearch/shield/latest -b
重新添加用户:
/usr/share/elasticsearch/bin/shield/esusers useradd admin -p adminuserpw -r admin
/usr/share/elasticsearch/bin/shield/esusers useradd logstash -p logstashuserpw -r logstash
如果您有任何自定义角色,请仔细检查 /etc/elasticsearch/shield/roles.yml 中的配置,以确认配置没有被修改或覆盖。
在第一个节点上启动elasticsearch。
如果 运行 在本地启动 kibana。
检查索引是否正确出现并验证主节点状态。
在所有其他节点上执行上述所有步骤。
在其余节点上启动弹性搜索,一次一个。
在启动下一个节点之前验证健康的集群复制。
我希望有人觉得这有用。
我决定尝试将当前集群从 ES2.1.1 升级到 ES2.2.0。
一对镜子。集群在 AWS 中 运行,所以我使用 cloud-aws 插件进行通信。
我成功升级了第一个节点,它已经成为master状态,但是我在升级第二个节点时遇到了一个奇怪的communication/authentication问题。
我注意了指南here,但我似乎仍然遇到了一个奇怪的问题。
来自第二个节点上的主集群日志:
[2016-02-03 12:29:41,241][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:42,455][DEBUG][action.admin.cluster.health] [Sharon Ventura] no known master node, scheduling a retry
[2016-02-03 12:29:44,255][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:47,269][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
[2016-02-03 12:29:49,472][DEBUG][action.admin.cluster.state] [Sharon Ventura] timed out while retrying [cluster:monitor/state] after failure (timeout [30s])
[2016-02-03 12:29:49,473][INFO ][rest.suppressed ] /_cluster/settings Params: {}
MasterNotDiscoveredException[null]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.onTimeout(TransportMasterNodeAction.java:205)
at org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:239)
at org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:794)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2016-02-03 12:29:50,283][INFO ][discovery.ec2 ] [Sharon Ventura] failed to send join request to master [{Space Phantom}{NzN7b7ZHT8uPu6oXJAORMg}{10.60.164.147}{10.60.164.147:9300}], reason [RemoteTransportException[[Space Phantom][10.60.164.147:9300][internal:discovery/zen/join]]; nested: IllegalStateException[failure when sending a validation request to node]; nested: RemoteTransportException[[Sharon Ventura][10.60.163.74:9300][internal:discovery/zen/join/validate]]; nested: ElasticsearchSecurityException[missing authentication token for action [internal:discovery/zen/join/validate]]; ]
我的 elasticsearch.yml 文件:
cluster.name: cluster01
http.cors.enabled: true
network.host: 0.0.0.0
discovery.type: ec2
discovery.ec2.tag.project_code_info: "cluster01"
cloud.aws.region: eu-central-1
我可以在日志中看到它已检测到第一个节点:[Space Phantom][10.60.164.147:9300]
它在没有任何干预的情况下检测到它,但它显然无法进行身份验证。
我怀疑这可能与 Shield 插件有关,该插件也已安装,但正确且相同的权限设置与之前相同。其他都没有改变。
我在 shield 中使用用户名和密码,没有配置 SSL。
有人可以帮忙吗?
按照@user3458016 的要求,我设法弄明白了。
我设法解决了这个问题,方法是(在所有节点上)重置所有设置和配置,删除插件 license、shield,删除所有用户并像以前一样重新添加所有用户。这些配置一开始是相同的,所以这很奇怪。
首先,停止所有节点上的elasticsearch。 如果 运行 在本地停止 kibana。
如果您有任何自定义角色,请检查 /etc/elasticsearch/shield/roles.yml 中的配置
如果可能,从单个记录的配置中刷新它。
删除插件:
/usr/share/elasticsearch/bin/plugin remove elasticsearch/license/latest
/usr/share/elasticsearch/bin/plugin remove elasticsearch/shield/latest
删除用户:
/usr/share/elasticsearch/bin/shield/esusers userdel admin
/usr/share/elasticsearch/bin/shield/esusers userdel logstash
重新添加插件:
/usr/share/elasticsearch/bin/plugin install elasticsearch/license/latest -b
/usr/share/elasticsearch/bin/plugin install elasticsearch/shield/latest -b
重新添加用户:
/usr/share/elasticsearch/bin/shield/esusers useradd admin -p adminuserpw -r admin
/usr/share/elasticsearch/bin/shield/esusers useradd logstash -p logstashuserpw -r logstash
如果您有任何自定义角色,请仔细检查 /etc/elasticsearch/shield/roles.yml 中的配置,以确认配置没有被修改或覆盖。
在第一个节点上启动elasticsearch。 如果 运行 在本地启动 kibana。
检查索引是否正确出现并验证主节点状态。
在所有其他节点上执行上述所有步骤。
在其余节点上启动弹性搜索,一次一个。 在启动下一个节点之前验证健康的集群复制。
我希望有人觉得这有用。