文章目录
【问题】启动elasticSearch报错:生成ssl的p12证书(要设置证书密码):创建用户密码(默认要为6个用户创建密码):elasticsearch.yml配置文件内容【Windows】问题:【Linux问题】:
【Kibana连接ES集群】请求地址说明:浏览器访问:post访问:es-head访问地址:连接不带账号密码的地址:连接带账号密码的地址:
【问题】启动elasticSearch报错:
org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either 查看日志如下提示: 【报错解析】: xpack.security.transport.ssl的SSL配置无效——服务器SSL配置需要密钥和证书,但这些还没有配置;
【解决方案】:
elasticsearch配置用户名密码访问的配置
生成ssl的p12证书(要设置证书密码):
创建CA证书 bin/elasticsearch-certutil ca
生成节点使用的证书 bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
./bin/elasticsearch-certutil cert –ca elastic-stack-ca.p12 –dns localhost –ip 127.0.0.1,::1 –out config/certs/node-1.p12
–ca为CA证书路径名称 -dns为节点DNS –ip为节点ip –out为生成节点证书的路径和名称等,输出文件是PKCS#12密钥库,其中包括节点证书,节点密钥和CA证书 或者使用命令 bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 效果跟上面这个一样,生成一个p12结尾的证书
提取出pem证书 // elastic-certificates.p12为上一步节点证书 openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -out elastic-ca.pem
openssl安装: 下载并安装perl,地址(http://www.activestate.com/activeperl/downloads/) ,进入perl安装目录的eg文件夹,执行“perl example.pl”若显示“Hello from ActivePerl!”,则说明Perl安装成功。 http://slproweb.com/products/Win32OpenSSL.html 可以参考:https://blog.csdn.net/houjixin/article/details/25806151
elasticsearch各节点为xpack.security.transport添加密码 bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
创建用户密码(默认要为6个用户创建密码):
bin/elasticsearch-setup-passwords interactive
elasticsearch.yml配置文件内容
#集群名字,目前是单节点 cluster.name: “test” #节点名 node.name: “es_test” #配置可进行数据交互的ip network.host: 0.0.0.0 #允许http跨域访问,es_head插件必须开启 http.cors.enabled: true http.cors.allow-origin: “*” #数据存储路径 path.data: /usr/share/elasticsearch/dat #日志存储路径 path.logs: /usr/share/elasticsearch/logs #不锁定jvm内存 bootstrap.memory_lock: false #备份库 path.repo: [“/usr/share/elasticsearch/data/backup”] #主节点 cluster.initial_master_nodes: [“es_test”] #es_head连接时读取用户名密码 http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type #开启密码认证 xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path:【es的安装路径】/config/XXX/elastic-certificates.p12 Linux:----------> /usr/share/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path:【es的安装路径】/config/XXX/elastic-certificates.p12 Linux:----------> /usr/share/elasticsearch/config/certs/elastic-certificates.p12
【Windows】问题:
failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) && rm] [2022-11-07T14:09:56,518][ERROR][o.e.b.Elasticsearch ] [LAPTOP-U6I6PKVV] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot specify both [certificate] and [keystore.path] 设置文件路径的,只配置这两个:
xpack.security.transport.ssl.keystore.path:
xpack.security.transport.ssl.truststore.path:
文件路径window环境下路径问题:默认是从D盘开始的,一定要设定在有效的elasticSearch文件安装的目录下的config文件夹下,才会识别成功: 例如:
xpack.security.transport.ssl.keystore.path: /AA/BB/CC/ElasticSearch/config/XX.p12
# 识别的路径为:
D:\AA\BB\CC\ElasticSearch\config\XX.p12
【Linux问题】:
【报错】:ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file
【解决方法】:
配置elastic-certificates.p12的文件权限即可 chmod 777 elastic-certificates.p12
【Kibana连接ES集群】
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_password"
请求地址说明:
设置账号密码后:
浏览器访问:
9200 ,有弹窗,可以直接输入账号密码
post访问:
http://elastic登入名:elastic密码@localhost:9200
es-head访问地址:
连接不带账号密码的地址:
http://localhost:9200/
连接带账号密码的地址:
http://127.0.0.1:9100/?auth_user=elastic登入名&auth_password=elastic密码
参考链接: https://www.cnblogs.com/hahaha111122222/p/12053605.html https://zhuanlan.zhihu.com/p/386532618 https://www.cnblogs.com/genqkun/p/15440025.html https://www.cnblogs.com/dengbangpang/p/12953845.html
推荐文章
发表评论