带有xpack安全性的ElasticSearch失败

eimct9ow  于 2022-11-02  发布在  ElasticSearch
关注(0)|答案(3)|浏览(282)

我正在尝试使用Docker建立一个简单的ELK堆栈。当我禁用xpack安全性时,它启动正常,我可以访问Kibana界面。如果启用xpack安全性,我会从Kibana界面收到一个“Kibana服务器尚未就绪”的错误。这个错误很可能是由以下Elasticsearch错误引起的:

{"type": "server", "timestamp": "2020-08-03T15:35:10,134Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "elastic-cluster", "node.name": "elasticsearch", "message": "Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.monitoring-es-7-2020.08.03][0]]]).", "cluster.uuid": "Vdk1-_4sSvuqlEspQcF-6A", "node.id": "PZMUpi_JSJS6IZ7tv6H22g"  }
{"type": "server", "timestamp": "2020-08-03T15:35:10,560Z", "level": "ERROR", "component": "o.e.x.s.a.e.NativeUsersStore", "cluster.name": "elastic-cluster", "node.name": "elasticsearch", "message": "security index is unavailable. short circuiting retrieval of user [elasticadmin]", "cluster.uuid": "Vdk1-_4sSvuqlEspQcF-6A", "node.id": "PZMUpi_JSJS6IZ7tv6H22g"  }

这是我的ElasticSearch。yml:

cluster.name: elastic-cluster
node.name:    elasticsearch
network.host: 0.0.0.0
transport.host: 0.0.0.0

## Cluster Settings

discovery.seed_hosts: elasticsearch
cluster.initial_master_nodes: elasticsearch

## License

xpack.license.self_generated.type: basic

# Security

xpack.security.enabled: true

## - ssl

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elasticsearch.key
xpack.security.transport.ssl.certificate: certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt

## - http

# xpack.security.http.ssl.enabled: true

# xpack.security.http.ssl.key: certs/elasticsearch.key

# xpack.security.http.ssl.certificate: certs/elasticsearch.crt

# xpack.security.http.ssl.certificate_authorities: certs/ca.crt

# xpack.security.http.ssl.client_authentication: optional

# Monitoring

xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true

这是Kibana的错误日志:

{"type":"log","@timestamp":"2020-08-03T15:42:22Z","tags":["warning","plugins","licensing"],"pid":6,"
message":"License information could not be obtained from Elasticsearch due to [security_exception] unable to authenticate user [elasticadmin] for REST request [/_xpack], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/_xpack\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [elasticadmin] for REST request [/_xpack]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [elasticadmin] for REST request [/_xpack]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"} error"}

基本 curl 要求:

curl -H "Authorization: Basic ZWxhc3RpY2FkbWluOjEyMzQ1Njc4OQ==" -XGET "http://localhost:9200/_cat/nodes?v&pretty"
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elasticadmin] for REST request [/_cat/nodes?v&pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elasticadmin] for REST request [/_cat/nodes?v&pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

另一个身份验证请求:

docker@docker:~$ curl -H "Authorization: Basic ZWxhc3RpY2FkbWluOjEyMzQ1Njc4OQ" -XGET "http://localhost:9200/_security/_authenticate"
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elasticadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elasticadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

坞站-撰写:

secrets:
  elasticsearch.keystore:
    file: ${ELK_DATA}/secrets/keystore/elasticsearch.keystore
  elastic.ca:
    file: ${ELK_DATA}/secrets/certs/ca/ca.crt
  elasticsearch.certificate:
    file: ${ELK_DATA}/secrets/certs/elasticsearch/elasticsearch.crt
  elasticsearch.key:
    file: ${ELK_DATA}/secrets/certs/elasticsearch/elasticsearch.key
  kibana.certificate:
    file: ${ELK_DATA}/secrets/certs/kibana/kibana.crt
  kibana.key:
    file: ${ELK_DATA}/secrets/certs/kibana/kibana.key

services:

#################################################################### 

############################# ELK ##################################

#################################################################### 

  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
    restart: unless-stopped
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTIC_CLUSTER_NAME: ${ELASTIC_CLUSTER_NAME}
      ELASTIC_NODE_NAME: ${ELASTIC_NODE_NAME}
      ELASTIC_INIT_MASTER_NODE: ${ELASTIC_INIT_MASTER_NODE}
      ELASTIC_DISCOVERY_SEEDS: ${ELASTIC_DISCOVERY_SEEDS}
      ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP} -Des.enforce.bootstrap.checks=true
      bootstrap.memory_lock: "true"
    volumes:
      - ${ELK_DATA}/elasticsearch/data:/usr/share/elasticsearch/data
      - ${ELK_DATA}/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ${ELK_DATA}/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties
    secrets:
      - source: elasticsearch.keystore
        target: /usr/share/elasticsearch/config/elasticsearch.keystore
      - source: elastic.ca
        target: /usr/share/elasticsearch/config/certs/ca.crt
      - source: elasticsearch.certificate
        target: /usr/share/elasticsearch/config/certs/elasticsearch.crt
      - source: elasticsearch.key
        target: /usr/share/elasticsearch/config/certs/elasticsearch.key
    ports:
      - 9200:9200
      - 9300:9300
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 200000
        hard: 200000
    networks:
      - traefik_proxy

  logstash:
    container_name: logstash
    image: docker.elastic.co/logstash/logstash:${ELK_VERSION}
    restart: unless-stopped
    volumes:
      - ${ELK_DATA}/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
      - ${ELK_DATA}/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml
      - ${ELK_DATA}/logstash/pipeline:/usr/share/logstash/pipeline
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTICSEARCH_HOST_PORT: ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
      LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}"
    ports:
      - 5044:5044
      - 9600:9600
    networks:
      - traefik_proxy

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:${ELK_VERSION}
    restart: unless-stopped
    volumes:
      - ${ELK_DATA}/kibana/config:/usr/share/kibana/config
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTICSEARCH_HOST_PORT: ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
    secrets:
      - source: elastic.ca
        target: /certs/ca.crt
      - source: kibana.certificate
        target: /certs/kibana.crt
      - source: kibana.key
        target: /certs/kibana.key
    ports:
      - 5601:5601
    networks:
      - traefik_proxy

我应该从哪里开始查找此问题的根源?
谢谢你的帮助!

elasticsearch

3条答案

按热度按时间
svgewumm

svgewumm1#

当你启用x-pack,elasticsearch是开始,但它似乎你的kibana是不是得到验证.请看下面的部分你的错误消息,它解释了这一点.

elasticadmin用户未通过身份验证
请查看此用户,并查看您在访问elasticsearch时正在通过正确的身份验证。在基本身份验证机制下,您需要通过用户名和密码。

赞(0)分享  回复(0)举报  2022-11-02
cwxwcias

cwxwcias2#

我遇到了同样的问题,但我解决了它:

1个步骤

您可以将Docker Composer配置为

kibana:    
build: kibana    
container_name: kibana       
ports:
  - 5601:5601
volumes:
  - ./kibana/kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
  backend:
    aliases:
      - "kibana"

2个步骤

我的Kibana文件是:

...
elasticsearch.username: "kibana"
elasticsearch.password: "mypwd"
...

我的Dockerfile是:

FROM docker.elastic.co/kibana/kibana:7.10.2 
COPY kibana.yml /usr/share/kibana/kibana.yml
USER root
RUN chown root:kibana /usr/share/kibana/config/kibana.yml
USER kibana
赞(0)分享  回复(0)举报  2022-11-02
xxhby3vn

xxhby3vn3#

我在删除ElasticSearch的数据文件夹后重新初始化时遇到了这个问题,关键是内置的用户没有初始化。
我一初始化内置用户,错误就消失了,系统又开始工作了。

bin/elasticsearch-setup-passwords interactive|auto [-u "https://<host_name>:9200"]
赞(0)分享  回复(0)举报  2022-11-02
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com