在 kibana 上安装防护罩会出现 PEM 错误
Install shield on kibana gives PEM error
我正在为 ES/Kibana/Logstash 使用 sebp/elk docker,而且一切都很正常。
现在我想尝试在所有组件上安装 shield,除 kibana 外一切正常。
root@2f6452f2e11e:/opt/kibana# bin/kibana plugin --install kibana/shield/latest
Installing shield
Attempting to transfer from https://download.elastic.co/kibana/shield/shield-latest.tar.gz
Transferring 5887233 bytes....................
Transfer complete
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "error:0906A068:PEM routines:PEM_do_header:bad password read"
我按照此处的说明进行操作:https://www.elastic.co/guide/en/shield/current/kibana.html
它说关于配置 server.ssl.* 我在使用 openssl 创建这些属性后所做的。我想错误与证书有关,但我不确定该怎么做。我尝试安装证书、注册和其他东西,但我可能做错了什么。
在那之后,当 Kibana 尝试启动时它就失败了(来自 kibana4.log):
["error","elasticsearch"],"pid":211,"message":"Request error, retrying -- connect ECONNREFUSED"}
["warning","elasticsearch"],"pid":211,"message":"Unable to revive connection: http://localhost:9200/"}
["warning","elasticsearch"],"pid":211,"message":"No living connections"}
["status","plugin:elasticsearch","error"],"pid":211,"name":"plugin:elasticsearch","state":"red","message": "Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.","prevState":"green","prevMsg":"Kibana index ready"}
来自 elasticsearch 日志:
[2016-03-13 11:35:42,843][INFO ][rest.suppressed ] / Params: {}
ElasticsearchSecurityException[missing authentication token for REST request [/]]
at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:65)
at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:102)
at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)
任何类型的指导都将不胜感激。
在 kibana.yml 中注释掉 server.key & server.crt 然后尝试安装。
问题是证书中的 .key 文件没有正确创建。
之后:
1. openssl genrsa -des3 -out [domain].key 1024
2. openssl req -new -key [domain].key -out [domain].csr
3. openssl x509 -req -days 365 -in [domain].csr -signkey [domain].key -out [domain].crt
这也是 .key 文件有效所必需的:
openssl rsa -in [domain].key -out [domain].key
我正在为 ES/Kibana/Logstash 使用 sebp/elk docker,而且一切都很正常。
现在我想尝试在所有组件上安装 shield,除 kibana 外一切正常。
root@2f6452f2e11e:/opt/kibana# bin/kibana plugin --install kibana/shield/latest
Installing shield
Attempting to transfer from https://download.elastic.co/kibana/shield/shield-latest.tar.gz
Transferring 5887233 bytes....................
Transfer complete
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "error:0906A068:PEM routines:PEM_do_header:bad password read"
我按照此处的说明进行操作:https://www.elastic.co/guide/en/shield/current/kibana.html 它说关于配置 server.ssl.* 我在使用 openssl 创建这些属性后所做的。我想错误与证书有关,但我不确定该怎么做。我尝试安装证书、注册和其他东西,但我可能做错了什么。
在那之后,当 Kibana 尝试启动时它就失败了(来自 kibana4.log):
["error","elasticsearch"],"pid":211,"message":"Request error, retrying -- connect ECONNREFUSED"}
["warning","elasticsearch"],"pid":211,"message":"Unable to revive connection: http://localhost:9200/"}
["warning","elasticsearch"],"pid":211,"message":"No living connections"}
["status","plugin:elasticsearch","error"],"pid":211,"name":"plugin:elasticsearch","state":"red","message": "Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.","prevState":"green","prevMsg":"Kibana index ready"}
来自 elasticsearch 日志:
[2016-03-13 11:35:42,843][INFO ][rest.suppressed ] / Params: {}
ElasticsearchSecurityException[missing authentication token for REST request [/]]
at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:65)
at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:102)
at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)
任何类型的指导都将不胜感激。
在 kibana.yml 中注释掉 server.key & server.crt 然后尝试安装。
问题是证书中的 .key 文件没有正确创建。
之后:
1. openssl genrsa -des3 -out [domain].key 1024
2. openssl req -new -key [domain].key -out [domain].csr
3. openssl x509 -req -days 365 -in [domain].csr -signkey [domain].key -out [domain].crt
这也是 .key 文件有效所必需的:
openssl rsa -in [domain].key -out [domain].key