devbox
凡人多烦事01
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

第四节 ElasticSearch设置访问密码_exception caught on transport layer [netty4tcpchan

作者:凡人多烦事01 | 2024-04-20 13:42:43

exception caught on transport layer [netty4tcpchannel{localaddress=0.0.0.0/0

为了数据安全,ES肯定是要设置访问密码的

1、设置访问密码

  • 修改ES的配置文件config/elasticsearch.yml,添加如下信息:

  1. xpack.security.enabled: true
  2. xpack.security.transport.ssl.enabled: true

  • 启动ES服务

  • 修改密码,执行如下指令:

[els@localhost elasticsearch-7.8.1]$ ./bin/elasticsearch-setup-passwords interactive
  • 执行之后,需要设置一系列的密码,一个个的设置完成,重启ES即可。

2、遇到的错误

  • ssl错误:
  1. [2020-09-05T08:50:48,116][WARN ][o.e.t.TcpTransport       ] [node-1] exception caught on transport layer [Netty4TcpChannel{localAddress=/[0:0:0:0:0:0:0:1]:7300, remoteAddress=/[0:0:0:0:0:0:0:1]:53662}], closing connection
  2. io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme
  3. 	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]
  4. 	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]
  5. 	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  6. 	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  7. 	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  8. 	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  9. 	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  10. 	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  11. 	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  12. 	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  13. 	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  14. 	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:615) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  15. 	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:578) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  16. 	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
  17. 	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.49.Final.jar:4.1.49.Final]
  18. 	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.49.Final.jar:4.1.49.Final]
  19. 	at java.lang.Thread.run(Thread.java:832) [?:?]
  20. Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme
  21. 	at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
  22. 	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
  23. 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
  24. 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:268) ~[?:?]
  25. 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:259) ~[?:?]
  26. 	at sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:955) ~[?:?]
  27. 	at sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:944) ~[?:?]
  28. 	at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) ~[?:?]
  29. 	at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1252) ~[?:?]
  30. 	at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1188) ~[?:?]
  31. 	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851) ~[?:?]
  32. 	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812) ~[?:?]
  33. 	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
  34. 	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445) ~[?:?]
  35. 	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]
  36. 	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1247) ~[?:?]
  37. 	at java.security.AccessController.doPrivileged(AccessController.java:691) ~[?:?]
  38. 	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1192) ~[?:?]
  39. 	at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1542) ~[netty-handler-4.1.49.Final.jar:4.1.49.Final]
  40. 	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1556) ~[netty-handler-4.1.49.Final.jar:4.1.49.Final]
  41. 	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1440) ~[netty-handler-4.1.49.Final.jar:4.1.49.Final]
  42. 	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1267) ~[netty-handler-4.1.49.Final.jar:4.1.49.Final]
  43. 	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1314) ~[netty-handler-4.1.49.Final.jar:4.1.49.Final]
  44. 	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]
  45. 	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]
  46. 	... 16 more

按照如下步骤操作:

第一步,在ES跟目录生成CA证书,需要输入名称和密码,可以直接回车不输入:

bin/elasticsearch-certutil ca

第二步,使用第一步生成的证书,产生p12密钥,需要输入密码的时候可以直接回车不输入:

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

第三步,这时候根目录下目录结构如下:

第四步,在config目录下,新建文件夹certs。

第五步,将elastic-certificates.p12文件,复制到config/certs文件夹下。

第六步,修改配置文件config/elasticsearch.yml,改成如下所示:

  1. xpack.security.enabled: true
  2. xpack.security.transport.ssl.enabled: true
  3. xpack.license.self_generated.type: basic
  4. xpack.security.transport.ssl.verification_mode: certificate
  5. xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
  6. xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

重启ES,错误消失。

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/凡人多烦事01/article/detail/457579
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号