- 112、pandas 数据类型转换_pandas 转换数据类型
- 230岁从事软件测试,目前已失业4个月,下一步究竟该怎么走?_38岁测试员失业怎么办
- 3软件测试常见面试问题_软件测试转正会议问题
- 4最后防线:三款开源HIDS应用对比评估_有哪些主流hids产品
- 5python超神之路:Python3 列表list合并的4种方法
- 6一文掌握:数据湖是什么?可不是数据仓库
- 7怎样一键搭建telegram电报专用MTProto代理服务器?
- 8编码方式部分信息整合:Unicode、UCS-2/4、UTF-8/16/32、GB2312、GBK_字符集ucs-2
- 9设计高并发系统:从理论到实践
- 10【WPF】获取下拉列表(ComboBox)的选项(ComboBoxItem)的内容_wpf combox获取下拉选择值
elasticSearch(三)window报错:org.elasticsearch.ElasticsearchSecurityException:_failed to load ssl configuration [xpack.security.t
赞
踩
【问题】启动elasticSearch报错:
org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either
查看日志如下提示:
【报错解析】:
xpack.security.transport.ssl的SSL配置无效——服务器SSL配置需要密钥和证书,但这些还没有配置;
【解决方案】:
生成ssl的p12证书(要设置证书密码):
创建CA证书
bin/elasticsearch-certutil ca
生成节点使用的证书
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
./bin/elasticsearch-certutil cert
–ca elastic-stack-ca.p12
–dns localhost
–ip 127.0.0.1,::1
–out config/certs/node-1.p12
–ca为CA证书路径名称
-dns为节点DNS
–ip为节点ip
–out为生成节点证书的路径和名称等,输出文件是PKCS#12密钥库,其中包括节点证书,节点密钥和CA证书
或者使用命令 bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 效果跟上面这个一样,生成一个p12结尾的证书
提取出pem证书
// elastic-certificates.p12为上一步节点证书
openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -out elastic-ca.pem
openssl安装:
下载并安装perl,地址(http://www.activestate.com/activeperl/downloads/) ,进入perl安装目录的eg文件夹,执行“perl example.pl”若显示“Hello from ActivePerl!”,则说明Perl安装成功。
http://slproweb.com/products/Win32OpenSSL.html
可以参考:https://blog.csdn.net/houjixin/article/details/25806151
elasticsearch各节点为xpack.security.transport添加密码
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
创建用户密码(默认要为6个用户创建密码):
bin/elasticsearch-setup-passwords interactive
elasticsearch.yml配置文件内容
#集群名字,目前是单节点
cluster.name: “test”
#节点名
node.name: “es_test”
#配置可进行数据交互的ip
network.host: 0.0.0.0
#允许http跨域访问,es_head插件必须开启
http.cors.enabled: true
http.cors.allow-origin: “*”
#数据存储路径
path.data: /usr/share/elasticsearch/dat
#日志存储路径
path.logs: /usr/share/elasticsearch/logs
#不锁定jvm内存
bootstrap.memory_lock: false
#备份库
path.repo: [“/usr/share/elasticsearch/data/backup”]
#主节点
cluster.initial_master_nodes: [“es_test”]
#es_head连接时读取用户名密码
http.cors.allow-headers:
Authorization,X-Requested-With,Content-Length,Content-Type
#开启密码认证
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path:【es的安装路径】/config/XXX/elastic-certificates.p12
Linux:----------> /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path:【es的安装路径】/config/XXX/elastic-certificates.p12
Linux:----------> /usr/share/elasticsearch/config/certs/elastic-certificates.p12
【Windows】问题:
failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore)
&&
rm]
[2022-11-07T14:09:56,518][ERROR][o.e.b.Elasticsearch ] [LAPTOP-U6I6PKVV] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot specify both [certificate] and [keystore.path]
设置文件路径的,只配置这两个:
xpack.security.transport.ssl.keystore.path:
xpack.security.transport.ssl.truststore.path:
- 1
- 2
文件路径window环境下路径问题:默认是从D盘开始的,一定要设定在有效的elasticSearch文件安装的目录下的config文件夹下,才会识别成功:
例如:
xpack.security.transport.ssl.keystore.path: /AA/BB/CC/ElasticSearch/config/XX.p12
# 识别的路径为:
D:\AA\BB\CC\ElasticSearch\config\XX.p12
- 1
- 2
- 3
【Linux问题】:
【报错】:ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file
【解决方法】:
配置elastic-certificates.p12的文件权限即可
chmod 777 elastic-certificates.p12
【Kibana连接ES集群】
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_password"
- 1
- 2
请求地址说明:
设置账号密码后:
浏览器访问:
9200 ,有弹窗,可以直接输入账号密码
post访问:
http://elastic登入名:elastic密码@localhost:9200
es-head访问地址:
连接不带账号密码的地址:
http://localhost:9200/
连接带账号密码的地址:
http://127.0.0.1:9100/?auth_user=elastic登入名&auth_password=elastic密码
参考链接:
https://www.cnblogs.com/hahaha111122222/p/12053605.html
https://zhuanlan.zhihu.com/p/386532618
https://www.cnblogs.com/genqkun/p/15440025.html
https://www.cnblogs.com/dengbangpang/p/12953845.html
