为什么telegraf在使用用户身份验证的SSL连接时记录来自elasticsearch的401响应？

qcuzuvrc 于 2023-04-20 发布在 ElasticSearch

关注(0)|答案(1)|浏览(204)

我正在为telegraf（版本1.25.0）配置elasticsearch输入，遇到了telegraf持续记录的问题

[inputs.elasticsearch] Error in plugin: elasticsearch: API responded with status-code 401, expected 200

elasticsearch输入插件的配置如下所示：

# Read stats from one or more Elasticsearch servers or clusters
[[inputs.elasticsearch]]
  ## specify a list of one or more Elasticsearch servers
  # you can add username and password to your url to use basic authentication:
  # servers = ["http://user:pass@localhost:9200"]
  servers = ["https://elastic.server:9200"]

  ## Timeout for HTTP requests to the elastic search server(s)
  http_timeout = "5s"

  ## When local is true (the default), the node will read only its own stats.
  ## Set local to false when you want to read the node stats from all nodes
  ## of the cluster.
  local = false

  ## Set cluster_health to true when you want to also obtain cluster health stats
  cluster_health = true

  ## Adjust cluster_health_level when you want to also obtain detailed health stats
  ## The options are
  ##  - indices (default)
  ##  - cluster
  # cluster_health_level = "indices"

  ## Set cluster_stats to true when you want to also obtain cluster stats from the
  ## Master node.
  cluster_stats = true

  ## node_stats is a list of sub-stats that you want to have gathered. Valid options
  ## are "indices", "os", "process", "jvm", "thread_pool", "fs", "transport", "http",
  ## "breaker". Per default, all stats are gathered.
  # node_stats = ["jvm", "http"]

  ## Optional TLS Config
  tls_ca = "/etc/telegraf/ca.crt"
  tls_cert = "/etc/telegraf/clientcert.crt"
  tls_key = "/etc/telegraf/clientcert.key"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false

  username = "telegraf_user"
  password = "telegraf_user_password"

我还尝试将用户/密码信息放在服务器设置中配置的URL中。
我已经验证了我可以使用提供者用户信息和证书（通过curl）手动连接到elasticsearch。
有没有什么方法可以让我深入了解telegraf到底在做什么调用，这样我就可以更好地调试它？

编辑更多信息：

我尝试的curl命令是：

curl --cacert /etc/telegraf/ca.crt --cert /etc/telegraf/clientcert.crt --key /etc/telegraf/clientcert.key https://telegraf_user:telefraf_user_password@elkdevn1.dev.oati.local:9200/_nodes/_local/name

我得到的回应是：

{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elkcluster","nodes":{"nodeitentifier":{"name":"elastic.server","transport_address":"10.100.2.128:9300","host":"10.100.2.128","ip":"10.100.2.128","version":"7.16.2","build_flavor":"default","build_type":"rpm","build_hash":"2b937c44140b6559905130a8650c64dbd0879cfb","roles":["data","ingest","master"],"attributes":{"xpack.installed":"true","transform.node":"false"}}}}

elasticsearch

来源：https://stackoverflow.com/questions/76037259/why-is-telegraf-logging-a-401-response-from-elasticsearch-when-using-a-user-auth