为什么我的 Elastic Enterprise 搜索配置不起作用?
Why doesn't my Elastic Enterprise search configuration work?
我正在尝试设置 Elastic Enterprise Search 的部署,因为它作为标准许可的一部分是免费的。在我的生活中,我无法获得查看我们的 Elasticsearch 集群的服务,我也想不通为什么。
我有一个如下所示的配置文件:
elasticsearch.ssl.enabled: true
elasticsearch.ssl.verify: false
ent_search.auth.source: standard
secret_management.encryption_keys: [secret]
allow_es_settings_modification: true
elasticsearch.host: https://monitoring.internal
elasticsearch.username: elastic
elasticsearch.password: secret
当我单独尝试使用 curl 从我尝试 运行 服务的服务器访问资源时,它工作正常:
$ curl --user elastic:secret https://monitoring.internal -k
{
"name" : "monitoring-es-client-0",
"cluster_name" : "monitoring",
"cluster_uuid" : "XXX",
"version" : {
"number" : "7.9.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667",
"build_date" : "2020-08-11T21:36:48.204330Z",
"build_snapshot" : false,
"lucene_version" : "8.6.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
但是当我尝试 运行 Enterprise Search 服务时,它无法完全启动并显示无用的错误消息:
[2020-09-16T20:25:21.546+00:00][42859][2002][app-server][INFO]: Failed to connect to Elasticsearch backend. Make sure it is running.
而且诊断报告功能也没什么用:
$ sudo bin/enterprise-search --diagnostic-report
Found java executable in PATH
Java version detected: 11.0.8 (major version: 11)
Enterprise Search is starting...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/enterprise-search/lib/war/lib/jruby-core-9.2.9.0-complete.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2020-09-16T20:29:50.258+00:00][43020][2002][script][INFO]: Enterprise Search version=7.9.1, JRuby version=9.2.9.0, Ruby version=2.5.7, Rails version=4.2.11.3
[2020-09-16T20:29:51.158+00:00][43020][2002][script][INFO]: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[2020-09-16T20:29:51.160+00:00][43020][2002][script][ERROR]:
--------------------------------------------------------------------------------
Error: Enterprise Search is unable to connect to Elasticsearch. Ensure a healthy Elasticsearch cluster is running at https://monitoring.internal for user elastic.
--------------------------------------------------------------------------------
我的配置文件哪里做错了?
看起来像一个 n/w 问题,另外我想强调的是 你的服务在本地 运行 很好,如 curl 命令所示,但它可能没有暴露在外面本地主机,因此您的企业搜索无法连接它,您可以尝试将以下配置添加到您的 ES 并重新启动它吗?
network.host:0.0.0.0 这会将它绑定到所有 n/w 接口,详细说明可以在 official docs
上找到
我遇到了同样的错误。通过在
config/enterprise-search.yml 文件.
我有一个 PKCS12 信任库并使用以下命令提取我需要的文件:
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.crt -nokeys
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.key -nodes -nocerts
openssl pkcs12 -in elasticsearch-certificates.p12 -cacerts -nokeys -out ca.crt
我还对这些文件使用了 chown enterprise-search:enterprise-search。
elasticsearch.ssl.enabled: true
elasticsearch.ssl.certificate: "/usr/share/enterprise-search/outfile.crt"
elasticsearch.ssl.certificate_authority: "/usr/share/enterprise-search/ca.crt"
elasticsearch.ssl.key: "/usr/share/enterprise-search/outfile.key"
elasticsearch.ssl.key_passphrase: [key password]
elasticsearch.ssl.verify: false
您还需要 SSL 证书才能加载企业搜索网站
ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "/home/<user>/http.p12"
ent_search.ssl.keystore.password: [password]
我在 docker 容器中使用 enterprise-search+ES 7.10.0 运行 遇到了同样的问题。 非常好,让我完成了大部分工作,但是生成的 outfile.key 在启动时一直呕吐:
enterprisesearch_1 | LoadError: load error: /usr/share/enterprise-search/lib/war/config/application -- java.lang.ClassCastException: org.bouncycastle.asn1.DLApplicationSpecific cannot be cast to org.bouncycastle.asn1.ASN1Sequence
解决方案是,在生成我的 outfile.key 时,将“包属性”内容从 .key 文件中删除。所以代替原来的命令:
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.key -nodes -nocerts
我这样做了(我的 p12 文件有一个密码,需要“-passin pass:my_password”部分):
openssl pkcs12 -in elasticsearch-certificates.p12 -nodes -nocerts -passin pass:my_password | openssl rsa -out outfile.key
就是这样。
我正在尝试设置 Elastic Enterprise Search 的部署,因为它作为标准许可的一部分是免费的。在我的生活中,我无法获得查看我们的 Elasticsearch 集群的服务,我也想不通为什么。
我有一个如下所示的配置文件:
elasticsearch.ssl.enabled: true
elasticsearch.ssl.verify: false
ent_search.auth.source: standard
secret_management.encryption_keys: [secret]
allow_es_settings_modification: true
elasticsearch.host: https://monitoring.internal
elasticsearch.username: elastic
elasticsearch.password: secret
当我单独尝试使用 curl 从我尝试 运行 服务的服务器访问资源时,它工作正常:
$ curl --user elastic:secret https://monitoring.internal -k
{
"name" : "monitoring-es-client-0",
"cluster_name" : "monitoring",
"cluster_uuid" : "XXX",
"version" : {
"number" : "7.9.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667",
"build_date" : "2020-08-11T21:36:48.204330Z",
"build_snapshot" : false,
"lucene_version" : "8.6.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
但是当我尝试 运行 Enterprise Search 服务时,它无法完全启动并显示无用的错误消息:
[2020-09-16T20:25:21.546+00:00][42859][2002][app-server][INFO]: Failed to connect to Elasticsearch backend. Make sure it is running.
而且诊断报告功能也没什么用:
$ sudo bin/enterprise-search --diagnostic-report
Found java executable in PATH
Java version detected: 11.0.8 (major version: 11)
Enterprise Search is starting...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/enterprise-search/lib/war/lib/jruby-core-9.2.9.0-complete.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2020-09-16T20:29:50.258+00:00][43020][2002][script][INFO]: Enterprise Search version=7.9.1, JRuby version=9.2.9.0, Ruby version=2.5.7, Rails version=4.2.11.3
[2020-09-16T20:29:51.158+00:00][43020][2002][script][INFO]: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[2020-09-16T20:29:51.160+00:00][43020][2002][script][ERROR]:
--------------------------------------------------------------------------------
Error: Enterprise Search is unable to connect to Elasticsearch. Ensure a healthy Elasticsearch cluster is running at https://monitoring.internal for user elastic.
--------------------------------------------------------------------------------
我的配置文件哪里做错了?
看起来像一个 n/w 问题,另外我想强调的是 你的服务在本地 运行 很好,如 curl 命令所示,但它可能没有暴露在外面本地主机,因此您的企业搜索无法连接它,您可以尝试将以下配置添加到您的 ES 并重新启动它吗?
network.host:0.0.0.0 这会将它绑定到所有 n/w 接口,详细说明可以在 official docs
我遇到了同样的错误。通过在 config/enterprise-search.yml 文件.
我有一个 PKCS12 信任库并使用以下命令提取我需要的文件:
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.crt -nokeys
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.key -nodes -nocerts
openssl pkcs12 -in elasticsearch-certificates.p12 -cacerts -nokeys -out ca.crt
我还对这些文件使用了 chown enterprise-search:enterprise-search。
elasticsearch.ssl.enabled: true
elasticsearch.ssl.certificate: "/usr/share/enterprise-search/outfile.crt"
elasticsearch.ssl.certificate_authority: "/usr/share/enterprise-search/ca.crt"
elasticsearch.ssl.key: "/usr/share/enterprise-search/outfile.key"
elasticsearch.ssl.key_passphrase: [key password]
elasticsearch.ssl.verify: false
您还需要 SSL 证书才能加载企业搜索网站
ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "/home/<user>/http.p12"
ent_search.ssl.keystore.password: [password]
我在 docker 容器中使用 enterprise-search+ES 7.10.0 运行 遇到了同样的问题。
enterprisesearch_1 | LoadError: load error: /usr/share/enterprise-search/lib/war/config/application -- java.lang.ClassCastException: org.bouncycastle.asn1.DLApplicationSpecific cannot be cast to org.bouncycastle.asn1.ASN1Sequence
解决方案是,在生成我的 outfile.key 时,将“包属性”内容从 .key 文件中删除。所以代替原来的命令:
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.key -nodes -nocerts
我这样做了(我的 p12 文件有一个密码,需要“-passin pass:my_password”部分):
openssl pkcs12 -in elasticsearch-certificates.p12 -nodes -nocerts -passin pass:my_password | openssl rsa -out outfile.key
就是这样。