ELK docker elasticsearch7 设置xpack账号密码
之前写过一篇 设置的,感觉不大对。ELK elasticsearch7 设置账号、权限
还是重新配置一下。
准备资料:elasticsearch7.1.1、kibana7.1.1镜像文件。
在docker下成功安装集群。注意的是,所有的需要安装es相关的ELK版本都要一致,甚至es的插件版本也都是要一致
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.89.132/third/logstash 7.1.1 b0cb1543380d 12 months ago 847MB logstash 7.1.1 b0cb1543380d 12 months ago 847MB kibana 7.1.1 67f17df6ca3e 12 months ago 746MB elasticsearch 7.1.1 b0e9f9f047e6 12 months ago 894MB 192.168.89.132/third/filebeat 7.1.1 0bd69a03e199 12 months ago 288MB store/elastic/filebeat 7.1.1 0bd69a03e199 12 months ago 288MB
我这集群3台服务器:
创建相应目录:
mkdir -p /home/soft/elasticsearch/config
mkdir -p /home/soft/elasticsearch/data/data04
mkdir -p /home/soft/elasticsearch/data/data05
mkdir -p /home/soft/elasticsearch/data/data06
mkdir -p /home/soft/elasticsearch/logs/logs04
mkdir -p /home/soft/elasticsearch/logs/logs05
mkdir -p /home/soft/elasticsearch/logs/logs06
配置脚本:
// es04.yml 文件
cluster.name: esinner
node.name: es04
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.14
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
// es05.yml 文件
cluster.name: esinner
node.name: es05
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.15
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
// es06.yml 文件
cluster.name: esinner
node.name: es06
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.16
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
启动脚本:其中的esnetwork 是我创建的es专属网络,其中的IP地址172.20.0.xxx也是依赖这里网络来的。
查看网络列表
docker network ls
进入网络查看绑定情况
docker network inspect esnetwork
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-d --net esnetwork --ip 172.19.0.14 -p 9204:9200 -p 9304:9300 \
-v /home/soft/ES/config/es04.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /home/soft/ES/plugins/plugins04:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data04:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs04:/usr/share/elasticsearch/logs \
--name es04 elasticsearch:7.1.1
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-d --net esnetwork --ip 172.19.0.15 -p 9205:9200 -p 9305:9300 \
-v /home/soft/ES/config/es05.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /home/soft/ES/plugins/plugins05:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data05:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs05:/usr/share/elasticsearch/logs \
--name es05 elasticsearch:7.1.1
docker run --restart=always -m 1000m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-d --net esnetwork --ip 172.19.0.16 -p 9206:9200 -p 9306:9300 \
-v /home/soft/ES/config/es06.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /home/soft/ES/plugins/plugins06:/usr/share/elasticsearch/plugins \
-v /home/soft/ES/data/data06:/usr/share/elasticsearch/data \
-v /home/soft/ES/logs/logs06:/usr/share/elasticsearch/logs \
--name es06 elasticsearch:7.1.1
查看网络情况esnetwork
[root@localhost ~]# docker network inspect esnetwork [ { "Name": "esnetwork", "Id": "643e80b22b68ed051bdee83d4625e9a590be3ccf3acdbe0c2373bd409cf00d43", "Created": "2020-01-23T00:40:33.225834796+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.19.0.0/16", "Gateway": "172.19.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "6cab717babe9b95283dc8f55d95d5a9b7e69bffc5e882ef04bf3af81838627ac": { "Name": "es06", "EndpointID": "8082b5283bc60533b4203146d5bb58526063c8925b9b97f7e6be86607fc3d1d1", "MacAddress": "02:42:ac:13:00:10", "IPv4Address": "172.19.0.16/16", "IPv6Address": "" }, "706ba84e67af5d9c57994dd5eaecd60298b03bd7ded81d386a75d4087e2c1536": { "Name": "es04", "EndpointID": "bb59f666c86c1ee7d691fc6f2d0039df98e0b5954625edd92e40613e93ad2804", "MacAddress": "02:42:ac:13:00:0e", "IPv4Address": "172.19.0.14/16", "IPv6Address": "" }, "93ec974957d277a140b4a344db7c67fe37b3df17b3155039ed7f08ab850d889e": { "Name": "es05", "EndpointID": "7a898a6a0e469445cb22efc82416d7ceaf4417ab82199b8db76ccaa957422c4d", "MacAddress": "02:42:ac:13:00:0f", "IPv4Address": "172.19.0.15/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]
启动后通过IP:PORT可以查看到当前单台情况
{ "name" : "es04", "cluster_name" : "mses-cluster", "cluster_uuid" : "_na_", "version" : { "number" : "7.1.1", "build_flavor" : "default", "build_type" : "docker", "build_hash" : "7a013de", "build_date" : "2019-05-23T14:04:00.380842Z", "build_snapshot" : false, "lucene_version" : "8.0.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
通过IP:PORT/_cat/nodes?pretty 可以当前集群情况
172.19.0.16 26 93 50 1.40 3.47 4.23 mdi - es06 172.19.0.14 33 93 54 1.40 3.47 4.23 mdi * es04 172.19.0.15 17 93 54 1.40 3.47 4.23 mdi - es05
以上说明能正常访问。
下面是重点============配置xpack,es的账号密码
停掉服务。
docker stop es04 es05 es06
删除data数据
rm -rf data/data4*/*
修改es00.yml配置,重新启动。
末尾增加
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch]# vi config/es00.yml cluster.name: mses-cluster node.name: es00 node.master: true node.data: true bootstrap.memory_lock: false bootstrap.system_call_filter: false network.host: 172.20.0.10 http.port: 9200 transport.tcp.port: 9300 http.cors.enabled: true http.cors.allow-origin: "*" discovery.seed_hosts: ["172.20.0.10:9300","172.20.0.11:9300"] cluster.initial_master_nodes: ["es00","es01"] discovery.zen.minimum_master_nodes: 2 http.cors.allow-headers: Authorization xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
重启
docker restart es00
查看启动日志
docker logs -f --tail=10 es00
看到启动完成后,访问ip:端口,会弹出登录对话窗口
进入容器,
docker exec -it es00 /bin/bash
keystore文件,默认会创建在config目录下生成elasticsearch.keystore文件
bin/elasticsearch-keystore create
执行过程:
[root@ee7fae207374 elasticsearch]# bin/elasticsearch-keystore create
Created elasticsearch keystore in /usr/share/elasticsearch/config
[root@ee7fae207374 elasticsearch]# ls config/
elasticsearch.keystore elasticsearch.yml jvm.options log4j2.properties role_mapping.yml roles.yml users users_roles
设置默认用户的密码,我这直接使用默认用户名作为密码
bin/elasticsearch-setup-passwords interactive
正常情况得到结果:说明设置正常,我这里所有的用户密码都是设置为:elastic
[root@21650b6ea0f2 elasticsearch]# bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
错误1:可能是之前已设置过用户密码,若忘记了,没关系。
Possible causes include: * The password for the 'elastic' user has already been changed on this cluster * Your elasticsearch node is running against a different keystore * This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore
解决A:很纠结的不一定成功。也成功做。
关闭ElasticSearch的xpack安全验证(即修改/docker/elasticsearch/config/elasticsearch.yml 中的xpack.security.enabled和xpack.security.transport.ssl.enabled为false); 重启ElasticSearch服务 重启好后用以下命令删除索引 .secutity-6 curl -XDELETE http://localhost:9204/.secutity-6 1
or
curl -XDELETE http://127.0.0.1:9200/.secutity-6
删除好后再重新按照上面设置密码的操作打开xpack验证重启ElasticSearch服务进入容器内部进行密码设置
解决B:不管他,接着走下面的步骤,最后,再来解决这个用户无法创建的问题,就当做忘记密码。
解决办法:创建一个新的临时用户,然后赋予这个用户超级管理员角色。
再退出外面,用这个用户修改密码。
docker exec -it es10 bash ./bin/elasticsearch-users useradd tempchen -r superuser curl -XPUT -u tempchen:tempchen http://127.0.0.1:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d ' { "password": "elastic" }'
执行过程:
// 进入容器 [root@izm5ej4bsah4npfgi5wl3vz ~]# docker exec -it es10 bash // 创建用户 [root@467d3709b7db elasticsearch]# ./bin/elasticsearch-users useradd tempchen -r superuser Enter new password: Retype new password: // 退出容器 [root@467d3709b7db elasticsearch] exit // 根据IP修改密码 [root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]# curl -XPUT -u tempchen:tempchen http://172.21.0.10:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d ' > { > "password": "elastic" > }' {} // 此时修改密码成功,密码为elastic [root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]#
错误2:
Unexpected response code [503] from calling PUT http://172.20.0.10:9200/_security/user/apm_system/_password?pretty Cause: Cluster state has not been recovered yet, cannot write to the security index
解决:
配置master节点先修改为1个
cluster.initial_master_nodes: ["es04"]
在页面登录输入任何账号都能登录正常,看到信息。
生成配置ca证书:这里可输入密码,也可直接回车不输密码,我这里密码:不输入,
bin/elasticsearch-certutil ca
证书生成位置是当前位置,会生成一个证书名字:elastic-stack-ca.p12
当然也可以用 out指定生成证书位置。例如下,但我不用
bin/elasticsearch-certutil ca -out config/elastic-ca.p12 -pass ""
[root@ee7fae207374 elasticsearch]# bin/elasticsearch-certutil ca WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/elasticsearch/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun() WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release This tool assists you in the generation of X.509 certificates and certificate signing requests for use with SSL/TLS in the Elastic stack. The 'ca' mode generates a new 'certificate authority' This will create a new X.509 certificate and private key that can be used to sign certificate when running in 'cert' mode. Use the 'ca-dn' option if you wish to configure the 'distinguished name' of the certificate authority By default the 'ca' mode produces a single PKCS#12 output file which holds: * The CA certificate * The CA's private key If you elect to generate PEM format certificates (the -pem option), then the output will be a zip file containing individual files for the CA certificate and private key Please enter the desired output file [elastic-stack-ca.p12]: Enter password for elastic-stack-ca.p12 : [root@ee7fae207374 elasticsearch]# ls 123456 LICENSE.txt NOTICE.txt README.textile bin config data elastic-stack-ca.p12 jdk lib logs modules plugins
生成私钥证书
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
会提示输入密码,这里我直接回车,无密码。
查看当前目录,即可看到:elastic-certificates.p12 这个就是我们的私钥了,所有节点,统一要将这证书放置到指定位置即可各个节点互通交互了。
[root@21650b6ea0f2 elasticsearch]# ls LICENSE.txt NOTICE.txt README.textile bin config data elastic-certificates.p12 elastic-stack-ca.p12 jdk lib logs modules plugins
只需要使用由同一CA签名的证书,即可自动允许该节点加入集群。
将证书复制到宿主机
宿主机目录我这里是/home/soft/ES/config
docker cp 复制
es04 是运行的容器名称
/usr/share/elasticsearch/elastic-certificates.p12 要复制的容器内的文件具体路径
/home/soft/ES/config 物理机路径
# docker cp es04:/usr/share/elasticsearch/elastic-certificates.p12 /home/soft/ES/config
将证书复制到所有需要集群的es节点
docker cp /home/soft/ES/config/elastic-certificates.p12 es04:/usr/share/elasticsearch/config/ docker cp /home/soft/ES/config/elastic-certificates.p12 es05:/usr/share/elasticsearch/config/ docker cp /home/soft/ES/config/elastic-certificates.p12 es06:/usr/share/elasticsearch/config/
修改所有需要集群的节点
主要是增加这几行配置
xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
// es04.yml 文件 cluster.name: esinner node.name: es04 node.master: true node.data: true bootstrap.memory_lock: false bootstrap.system_call_filter: false network.host: 172.19.0.14 http.port: 9200 transport.tcp.port: 9300 http.cors.enabled: true http.cors.allow-origin: "*" discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"] cluster.initial_master_nodes: ["es04","es05","es06"] discovery.zen.minimum_master_nodes: 2 http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 // es05.yml 文件 cluster.name: esinner node.name: es05 node.master: true node.data: true bootstrap.memory_lock: false bootstrap.system_call_filter: false network.host: 172.19.0.15 http.port: 9200 transport.tcp.port: 9300 http.cors.enabled: true http.cors.allow-origin: "*" discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"] cluster.initial_master_nodes: ["es04","es05","es06"] discovery.zen.minimum_master_nodes: 2 http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 // es06.yml 文件 cluster.name: esinner node.name: es06 node.master: true node.data: true bootstrap.memory_lock: false bootstrap.system_call_filter: false network.host: 172.19.0.16 http.port: 9200 transport.tcp.port: 9300 http.cors.enabled: true http.cors.allow-origin: "*" discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"] cluster.initial_master_nodes: ["es04","es05","es06"] discovery.zen.minimum_master_nodes: 2 http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
重启所有节点
完整报错:
{"type": "server", "timestamp": "2020-05-27T15:21:10,235+0000", "level": "WARN", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "esinner", "node.name": "es05", "message": "uncaught exception in thread [main]" ,
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]",
"Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: java.lang.reflect.InvocationTargetException",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory",
"at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:61) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elastic-certificates.p12",
"at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]",
"at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[?:?]",
"at java.nio.file.Files.newByteChannel(Files.java:373) ~[?:?]",
"at java.nio.file.Files.newByteChannel(Files.java:424) ~[?:?]",
"at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]",
"at java.nio.file.Files.newInputStream(Files.java:158) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:87) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:58) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more"] }
分析:有用的几句
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]", "Caused by: java.lang.reflect.InvocationTargetException", "Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory", "Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elastic-certificates.p12",
----------访问权限异常,说明docker容器运行elastic的用户权限访问我们复制容器内的文件异常【elastic-certificates.p12】
解决:趁着容器运行时,赶快到容器内给文件访问权限,赋权限后重启,启动正常
# docker exec -it es04 /bin/bash # chmod 777 config/*
# docker exec -it es05 /bin/bash # chmod 777 config/*
# docker exec -it es06 /bin/bash
# chmod 777 config/*
测试查看结果
输入ip加端口访问后,弹出窗口,输入之前设置的账号密码后,可以看到我们想要看的结果。测试成功。
输入elastic/elastic 就是之前输入的用户名密码
配置kibana访问。之前系统预设的用户,如下,密码都是相同的elastic
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
配置kibana.yml
增加用户名,密码等信息。
server.name: kibana server.host: "0" elasticsearch.hosts: [ "http://192.168.89.138:9204","http://192.168.89.138:9205", "http://192.168.89.138:9206" ] elasticsearch.username: "elastic" elasticsearch.password: "elastic" server.port: 5601 elasticsearch.requestTimeout: 90000
重启服务
新服务
docker run --restart=always -m 1000m \ -d --name kibana -p 5601:5601 \ -v /home/soft/ELK/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \ kibana:7.1.1
或重启已有服务
docker restart kibana
查看结果。。。可以在管理界面看到。用户。角色管理菜单了
输入密码kibana/elastic
返回:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
那就换超级用户elastic,登录成功。
