docker ELK 堆栈的 Search-guard 插件在连接到 elasticsearch 集群时出现问题
Search-guard plugin of docker ELK stack troubles while connecting to elasticsearch cluster
几分钟前,我克隆了 search guard branch from here,并且我完全按照 README 所说的去做。
在 docker-compose up -d 之后,所有服务都在工作,但 elasticsearch_1 每隔几秒记录一个错误:
elasticsearch_1 | [2018-09-14T08:59:49,614][ERROR][c.f.s.a.BackendRegistry ] Not yet initialized (you may need to run sgadmin)
之后我运行docker-compose exec -T elasticsearch bin/init_sg.sh,输出:
Search Guard Admin v6
Will connect to localhost:9300 ... done
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/usr/share/elasticsearch/plugins/search-guard-6/netty-common-4.1.16.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Elasticsearch Version: 6.3.2
Search Guard Version: 6.3.2-23.0
Connected as CN=kirk,OU=client,O=client,L=Test,C=DE
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
ERR: Timed out while waiting for a green or yellow cluster state.
* Try running sgadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
* Make also sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in elasticsearch.yml
* If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)
* Add --accept-red-cluster to allow sgadmin to operate on a red cluster.
我猜想 sgadmin 无法连接到 elasticsearch 集群,但我按照 README 所说的做了一切。
任何关于如何解决这个问题的建议?
感谢您的回答。
我已经解决了这个问题。您的产品运行良好。我在索引 win Kibana 时遇到错误,它使 elasticsearch cluster 状态为红色 - 从不为黄色。
如果您想将 sgadmin 连接到 elasticsearch cluster 而无需等待黄色状态,请使用行:--accept-red-cluster in init_sg.sh脚本:
#!/bin/sh
plugins/search-guard-6/tools/sgadmin.sh \
-cd config/sg/ \
-ts config/sg/truststore.jks \
-ks config/sg/kirk-keystore.jks \
-nhnv \
-icl \
--accept-red-cluster
然后一切正常,Kibana 会告诉你为什么你有 RED 状态 - 在我的例子中是 kibana 索引问题。
几分钟前,我克隆了 search guard branch from here,并且我完全按照 README 所说的去做。
在 docker-compose up -d 之后,所有服务都在工作,但 elasticsearch_1 每隔几秒记录一个错误:
elasticsearch_1 | [2018-09-14T08:59:49,614][ERROR][c.f.s.a.BackendRegistry ] Not yet initialized (you may need to run sgadmin)
之后我运行docker-compose exec -T elasticsearch bin/init_sg.sh,输出:
Search Guard Admin v6
Will connect to localhost:9300 ... done
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/usr/share/elasticsearch/plugins/search-guard-6/netty-common-4.1.16.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Elasticsearch Version: 6.3.2
Search Guard Version: 6.3.2-23.0
Connected as CN=kirk,OU=client,O=client,L=Test,C=DE
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
ERR: Timed out while waiting for a green or yellow cluster state.
* Try running sgadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
* Make also sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in elasticsearch.yml
* If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)
* Add --accept-red-cluster to allow sgadmin to operate on a red cluster.
我猜想 sgadmin 无法连接到 elasticsearch 集群,但我按照 README 所说的做了一切。
任何关于如何解决这个问题的建议? 感谢您的回答。
我已经解决了这个问题。您的产品运行良好。我在索引 win Kibana 时遇到错误,它使 elasticsearch cluster 状态为红色 - 从不为黄色。
如果您想将 sgadmin 连接到 elasticsearch cluster 而无需等待黄色状态,请使用行:--accept-red-cluster in init_sg.sh脚本:
#!/bin/sh
plugins/search-guard-6/tools/sgadmin.sh \
-cd config/sg/ \
-ts config/sg/truststore.jks \
-ks config/sg/kirk-keystore.jks \
-nhnv \
-icl \
--accept-red-cluster
然后一切正常,Kibana 会告诉你为什么你有 RED 状态 - 在我的例子中是 kibana 索引问题。