elasticsearch配置xpack集群间加密认证时报错:

这篇具有很好参考价值的文章主要介绍了elasticsearch配置xpack集群间加密认证时报错:。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

通过证书配置集群间节点通信认证:

bin/elasticsearch -E node.name=node1 -E cluster.name=geektime -E path.data=node1_data -E http.port=9200 -E xpack.security.enabled=true -E xpack.security.transport.ssl.enabled=true -E xpack.security.transport.ssl.verification_mode=certificate -E xpack.security.transport.ssl.keystore.path=certs/elastic-certificates.p12 -E xpack.security.transport.ssl.truststore.path=/user/share/elasticsearch/certs/elastic-certificates.p12

报错信息:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/usr/share/elasticsearch/certs" "read")
	at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
	at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
	at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:747)
	at java.base/sun.nio.fs.UnixPath.checkRead(UnixPath.java:810)
	at java.base/sun.nio.fs.UnixFileSystemProvider.exists(UnixFileSystemProvider.java:532)
	at java.base/java.nio.file.Files.exists(Files.java:2514)
	at org.elasticsearch.watcher.FileWatcher$FileObserver.init(FileWatcher.java:147)
	at org.elasticsearch.watcher.FileWatcher$FileObserver.access$000(FileWatcher.java:65)
	at org.elasticsearch.watcher.FileWatcher.doInit(FileWatcher.java:55)
	at org.elasticsearch.watcher.AbstractResourceWatcher.init(AbstractResourceWatcher.java:25)
	at org.elasticsearch.watcher.ResourceWatcherService.add(ResourceWatcherService.java:118)
	at org.elasticsearch.xpack.core.ssl.SSLConfigurationReloader.startWatching(SSLConfigurationReloader.java:103)
	at org.elasticsearch.xpack.core.ssl.SSLConfigurationReloader.<init>(SSLConfigurationReloader.java:47)
	at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:453)
	at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:298)
	at org.elasticsearch.node.Node.lambda$new$18(Node.java:605)
	at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
	at org.elasticsearch.node.Node.<init>(Node.java:609)
	at org.elasticsearch.node.Node.<init>(Node.java:278)
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217)
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217)
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397)
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)

各种尝试:授权文件777、把文件放在config/certs下、放在/opt/elaticsearch/certs下,都想不通,然后猜测可能是路径问题,于是不写绝对路径,指定相对路径,看看es从那个目录下获取,改了之后包如下错误,发现是从/etc/elasticsearch/certs下读取:

Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - truststore file [/etc/elasticsearch/certs/elastic-certificates.p12] does not exist
	at org.elasticsearch.xpack.core.ssl.TrustConfig.missingTrustConfigFile(TrustConfig.java:114) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:69) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439) ~[?:?]
	at java.util.HashMap.computeIfAbsent(HashMap.java:1224) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
	at java.util.HashMap.forEach(HashMap.java:1425) ~[?:?]
	at java.util.Collections$UnmodifiableMap.forEach(Collections.java:1521) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:526) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:144) ~[?:?]
	at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:454) ~[?:?]
	at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:298) ~[?:?]
	at org.elasticsearch.node.Node.lambda$new$18(Node.java:605) ~[elasticsearch-7.13.0.jar:7.13.0]
	at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625) ~[?:?]
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) ~[?:?]
	at org.elasticsearch.node.Node.<init>(Node.java:609) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.node.Node.<init>(Node.java:278) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.13.0.jar:7.13.0]
	... 6 more
Caused by: java.nio.file.NoSuchFileException: /etc/elasticsearch/certs/elastic-certificates.p12
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:92) ~[?:?]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
	at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[?:?]
	at java.nio.file.Files.newByteChannel(Files.java:375) ~[?:?]
	at java.nio.file.Files.newByteChannel(Files.java:426) ~[?:?]
	at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]
	at java.nio.file.Files.newInputStream(Files.java:160) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:96) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:66) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439) ~[?:?]
	at java.util.HashMap.computeIfAbsent(HashMap.java:1224) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
	at java.util.HashMap.forEach(HashMap.java:1425) ~[?:?]
	at java.util.Collections$UnmodifiableMap.forEach(Collections.java:1521) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:526) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:144) ~[?:?]
	at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:454) ~[?:?]
	at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:298) ~[?:?]
	at org.elasticsearch.node.Node.lambda$new$18(Node.java:605) ~[elasticsearch-7.13.0.jar:7.13.0]
	at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625) ~[?:?]
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) ~[?:?]
	at org.elasticsearch.node.Node.<init>(Node.java:609) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.node.Node.<init>(Node.java:278) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397) ~[elasticsearch-7.13.0.jar:7.13.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.13.0.jar:7.13.0]
	... 6 more
uncaught exception in thread [main]
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - truststore file [/etc/elasticsearch/certs/elastic-certificates.p12] does not exist]; nested: NoSuchFileException[/etc/elasticsearch/certs/elastic-certificates.p12];
Likely root cause: java.nio.file.NoSuchFileException: /etc/elasticsearch/certs/elastic-certificates.p12
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:426)
	at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
	at java.base/java.nio.file.Files.newInputStream(Files.java:160)
	at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:96)
	at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:66)
	at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439)
	at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1224)
	at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528)
	at java.base/java.util.HashMap.forEach(HashMap.java:1425)
	at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1521)
	at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:526)
	at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:144)
	at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:454)
	at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:298)
	at org.elasticsearch.node.Node.lambda$new$18(Node.java:605)
	at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
	at org.elasticsearch.node.Node.<init>(Node.java:609)
	at org.elasticsearch.node.Node.<init>(Node.java:278)
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217)
	<<<truncated>>>

把证书复制到/etc/elasticsearch/certs下,重新启动,成功。文章来源地址https://www.toymoban.com/news/detail-538126.html

到了这里,关于elasticsearch配置xpack集群间加密认证时报错:的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]

    [ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [master] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[parseAlgParameters failed: O

    2024年02月12日
    浏览(36)
  • 8.1.0版本ELK搭建,开启xpack认证机制

    ip 部署服务 192.168.0.121 kibana,elasticsearch 192.168.0.83 elasticsearch,logstash 192.168.0.84 elasticsearch,logstash,httpd,filebeat grafana - mysql - 下载elasticsearch-8-1-0 https://www.elastic.co/cn/downloads/past-releases#elasticsearch https://www.elastic.co/cn/downloads/past-releases/elasticsearch-8-1-0 https://artifacts.elastic.co/downloads/elast

    2024年02月06日
    浏览(33)
  • Spring Security 6.1.2 认证 配置

    我实现了UserDetailsService (loadUserByUsername通过用户名查用户) 以及UserDetailsPasswordService(updatePassword)更改密码

    2024年02月14日
    浏览(42)
  • 权限管理详解:认证、授权及Spring Security配置解析

    深入探讨权限管理的重要性与实现方式,包括认证、授权概念,基于角色和资源的访问控制方案,以及Spring Security框架的概述和快速入门指南。

    2023年04月10日
    浏览(41)
  • Docker安装Elasticsearch并启动密码xpack功能

    由于项目中需要用到es存储geo信息,所以就在测试机器上使用docker快速搭建了一台单节点的es。 选择这个版本的原因,看官网上介绍此版本比较稳定,其次是es的依赖发生了变化,和es8版本依赖是一样的,具体依赖下面会有介绍。 上面的命令可以解释一下: 可以添加下面这些

    2023年04月09日
    浏览(38)
  • 单机多节点 elasticsearch 集群安全认证

    es 版本:7.6.2 部署环境:CentOS Linux release 7.6.1810 (Core) cd 到 es 的安装目录,并执行下面的命令来生成 ca 证书: 碰到第一个直接回车,不用管。 碰到第二个输入密码,例如 123456。 完成后会在当前目录生成一个文件: elastic-stack-ca.p12 需要输入密码时就直接输入刚才的密码,需

    2024年02月09日
    浏览(42)
  • elasticsearch7.7集群部署以及密码认证

    1.1 elasticsearch 部署 1.1.1 安装jdk 略 1.1.2 安装准备 1、安装用户用elastic用户 2、创建相关目录及授权 [root@es-node1 ~]# chown -R elastic: elastic/data [root@es-node1 ~]# chmod -R 775 /data 3、root用户编辑 /etc/security/limits.conf,追加以下内容; soft nofile 65536 hard nofile 65536 soft nproc 2048 hard nproc 4096 4、

    2024年02月03日
    浏览(53)
  • elasticSearch+kibana+logstash+filebeat集群改成https认证

    ps:主节点操作 切换用户:su es 进入目录:cd /home/es/elasticsearch-7.6.2 创建文件:vi instances.yml 生成证书:/home/es/elasticsearch-7.6.2/bin/elasticsearch-certutil cert ca --pem --in instances.yml --out certs.zip 解压得到各个证书:unzip certs.zip ps:三个节点 切换用户:su es 将解压得到的三个文件夹文件

    2024年02月09日
    浏览(42)
  • [zookeeper] SASL(Simple Authentication and Security Layer) 用户名密码认证配置

             使用zookeeper zkCli.sh 连接 zookeeper服务时,默认裸连,晓得ip与端口之后即可连接zookeeper服务,本文使用SASL 用户名密码配置服务端与客户端,在zkCli连接前,服务端配置xxxjaas.conf保存用户名密码,客户端(也就是zkCli或者各种语言的sdk)连接时同样也需要xxxjaas.conf文件

    2024年02月10日
    浏览(38)
  • 达梦数据库配置SSL认证加密

    OS Version:Kylin Linux Advanced Server release V10 (SP1) /(Tercel)-x86_64-Build19/20210319 DB Version:DM V8 1-2-18-21.06.24-142387-10013-ENT Pack4 OpenSSL:OpenSSL 1.1.1f JAVA:openjdk version “1.8.0_242” 64bit 参考手册:《DM8_DISQL使用手册》《DM8安全管理》《DM8程序员手册》 DM8 产品手册 | 达梦技术社区 1、配置ope

    2023年04月08日
    浏览(50)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包