我正在运行一个3节点的Elastic Search 8.9集群,每个集群都在一个单独的虚拟机上,有一个Kibana示例,所有这些都在Centos 7.9上。由于无法将应用程序连接到集群,我决定禁用xpack和ssl安全性。因此,在取出所有安全功能后,我对其中一个节点的配置如下所示:
cluster.name: application
node.name: node_1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.74
http.port: 9200
cluster.initial_master_nodes: ["elastic_master"]
http.host: 0.0.0.0
我尝试再次启动节点,但它失败了,并在日志中显示以下错误:
[2023-08-27T05:44:51,048][ERROR][o.e.b.Elasticsearch ] [node_1] fatal exception while booting Elasticsearch
org.elasticsearch.ElasticsearchSecurityException: invalid configuration for xpack.security.transport.ssl - [xpack.security.transport.ssl.enabled] is not set, but the following settings have been configured in elasticsearch.yml : [xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]
at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:650) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:624) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:159) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:495) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:324) ~[?:?]
at org.elasticsearch.node.Node.lambda$new$16(Node.java:733) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.plugins.PluginsService.lambda$flatMap$1(PluginsService.java:261) ~[elasticsearch-8.9.0.jar:?]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?]
at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?]
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?]
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?]
at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?]
at org.elasticsearch.node.Node.<init>(Node.java:748) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.node.Node.<init>(Node.java:334) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:72) ~[elasticsearch-8.9.0.jar:?]
我试过运行unset ES_JAVA_OPTS
。我已经停止了所有其他节点以及Kibana。我已经检查了环境变量中与弹性相关的任何内容。
每次执行systemctl start elasticsearch
时,它都会失败,并在日志中显示相同的错误。
有没有一种方法可以禁用xpack安全和ssl,而不必重做整个集群?
1条答案
按热度按时间a64a0gku1#
...但是elasticsearch.yml中已经配置了以下设置:[xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]
这意味着Elasticsearch密钥库仍然包含SSL配置的安全密码。您可以使用以下命令删除它们:
此外,您应该在配置中显式禁用安全性: