堆棧內存溢出
  簡體   English   中英

具有 xpack 安全性的 Elasticsearch 失敗

[英]Elasticsearch with xpack security fails

 原文  2020-08-04 07:13:25       elasticsearch/ elasticsearch-x-pack

問題描述

我正在嘗試使用 docker 設置一個簡單的 ELK 堆棧。 當我禁用 xpack 安全性時,它開始正常,我可以訪問 Kibana 界面。 如果啟用了 xpack 安全性,我會從 Kibana 界面收到“Kibana 服務器尚未准備好”錯誤。 這個錯誤很可能是由這個 Elasticsearch 錯誤引起的:

{"type": "server", "timestamp": "2020-08-03T15:35:10,134Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "elastic-cluster", "node.name": "elasticsearch", "message": "Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.monitoring-es-7-2020.08.03][0]]]).", "cluster.uuid": "Vdk1-_4sSvuqlEspQcF-6A", "node.id": "PZMUpi_JSJS6IZ7tv6H22g"  }
{"type": "server", "timestamp": "2020-08-03T15:35:10,560Z", "level": "ERROR", "component": "o.e.x.s.a.e.NativeUsersStore", "cluster.name": "elastic-cluster", "node.name": "elasticsearch", "message": "security index is unavailable. short circuiting retrieval of user [elasticadmin]", "cluster.uuid": "Vdk1-_4sSvuqlEspQcF-6A", "node.id": "PZMUpi_JSJS6IZ7tv6H22g"  }

這是我的 elasticsearch.yml:

cluster.name: elastic-cluster
node.name:    elasticsearch
network.host: 0.0.0.0
transport.host: 0.0.0.0

## Cluster Settings
discovery.seed_hosts: elasticsearch
cluster.initial_master_nodes: elasticsearch

## License
xpack.license.self_generated.type: basic

# Security
xpack.security.enabled: true

## - ssl
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elasticsearch.key
xpack.security.transport.ssl.certificate: certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt

## - http
#xpack.security.http.ssl.enabled: true
#xpack.security.http.ssl.key: certs/elasticsearch.key
#xpack.security.http.ssl.certificate: certs/elasticsearch.crt
#xpack.security.http.ssl.certificate_authorities: certs/ca.crt
#xpack.security.http.ssl.client_authentication: optional

# Monitoring
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true

這是來自 Kibana 的錯誤日志:

{"type":"log","@timestamp":"2020-08-03T15:42:22Z","tags":["warning","plugins","licensing"],"pid":6,"
message":"License information could not be obtained from Elasticsearch due to [security_exception] unable to authenticate user [elasticadmin] for REST request [/_xpack], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/_xpack\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [elasticadmin] for REST request [/_xpack]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [elasticadmin] for REST request [/_xpack]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"} error"}

基本 curl 請求:

curl -H "Authorization: Basic ZWxhc3RpY2FkbWluOjEyMzQ1Njc4OQ==" -XGET "http://localhost:9200/_cat/nodes?v&pretty"
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elasticadmin] for REST request [/_cat/nodes?v&pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elasticadmin] for REST request [/_cat/nodes?v&pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

另一個身份驗證請求:

docker@docker:~$ curl -H "Authorization: Basic ZWxhc3RpY2FkbWluOjEyMzQ1Njc4OQ" -XGET "http://localhost:9200/_security/_authenticate"
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elasticadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elasticadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

Docker-Compose:

secrets:
  elasticsearch.keystore:
    file: ${ELK_DATA}/secrets/keystore/elasticsearch.keystore
  elastic.ca:
    file: ${ELK_DATA}/secrets/certs/ca/ca.crt
  elasticsearch.certificate:
    file: ${ELK_DATA}/secrets/certs/elasticsearch/elasticsearch.crt
  elasticsearch.key:
    file: ${ELK_DATA}/secrets/certs/elasticsearch/elasticsearch.key
  kibana.certificate:
    file: ${ELK_DATA}/secrets/certs/kibana/kibana.crt
  kibana.key:
    file: ${ELK_DATA}/secrets/certs/kibana/kibana.key

services:

####################################################################
############################# ELK ##################################
####################################################################

  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
    restart: unless-stopped
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTIC_CLUSTER_NAME: ${ELASTIC_CLUSTER_NAME}
      ELASTIC_NODE_NAME: ${ELASTIC_NODE_NAME}
      ELASTIC_INIT_MASTER_NODE: ${ELASTIC_INIT_MASTER_NODE}
      ELASTIC_DISCOVERY_SEEDS: ${ELASTIC_DISCOVERY_SEEDS}
      ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP} -Des.enforce.bootstrap.checks=true
      bootstrap.memory_lock: "true"
    volumes:
      - ${ELK_DATA}/elasticsearch/data:/usr/share/elasticsearch/data
      - ${ELK_DATA}/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ${ELK_DATA}/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties
    secrets:
      - source: elasticsearch.keystore
        target: /usr/share/elasticsearch/config/elasticsearch.keystore
      - source: elastic.ca
        target: /usr/share/elasticsearch/config/certs/ca.crt
      - source: elasticsearch.certificate
        target: /usr/share/elasticsearch/config/certs/elasticsearch.crt
      - source: elasticsearch.key
        target: /usr/share/elasticsearch/config/certs/elasticsearch.key
    ports:
      - 9200:9200
      - 9300:9300
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 200000
        hard: 200000
    networks:
      - traefik_proxy
      
  logstash:
    container_name: logstash
    image: docker.elastic.co/logstash/logstash:${ELK_VERSION}
    restart: unless-stopped
    volumes:
      - ${ELK_DATA}/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
      - ${ELK_DATA}/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml
      - ${ELK_DATA}/logstash/pipeline:/usr/share/logstash/pipeline
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTICSEARCH_HOST_PORT: ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
      LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}"
    ports:
      - 5044:5044
      - 9600:9600
    networks:
      - traefik_proxy

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:${ELK_VERSION}
    restart: unless-stopped
    volumes:
      - ${ELK_DATA}/kibana/config:/usr/share/kibana/config
    environment:
      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      ELASTICSEARCH_HOST_PORT: ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
    secrets:
      - source: elastic.ca
        target: /certs/ca.crt
      - source: kibana.certificate
        target: /certs/kibana.crt
      - source: kibana.key
        target: /certs/kibana.key
    ports:
      - 5601:5601
    networks:
      - traefik_proxy

我應該從哪里開始尋找這個問題的根源?

謝謝你的幫助!

3 個解決方案

解決方案1
 0  2020-08-04 07:32:55

當您啟用 x-pack 時,elasticsearch 正在啟動,但您的 kibana 似乎沒有獲得身份驗證。請參閱下面的錯誤消息部分來解釋這一點。

elasticadmin 用戶未通過身份驗證

請查看此用戶並查看您在訪問 elasticsearch 時是否通過了更正身份驗證。 您需要在基本身份驗證機制下傳遞用戶名和密碼。

解決方案2
 0  2021-02-08 15:42:35

我有同樣的問題,但我解決了它:

1 步

您可以將 docker 配置為

kibana:    
build: kibana    
container_name: kibana       
ports:
  - 5601:5601
volumes:
  - ./kibana/kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
  backend:
    aliases:
      - "kibana"

2 步

我的kibana文件是:

...
elasticsearch.username: "kibana"
elasticsearch.password: "mypwd"
...

我的 Dockerfile 是:

FROM docker.elastic.co/kibana/kibana:7.10.2 
COPY kibana.yml /usr/share/kibana/kibana.yml
USER root
RUN chown root:kibana /usr/share/kibana/config/kibana.yml
USER kibana

解決方案3
 0  2021-04-20 12:09:18

當 ElasticSearch 的數據文件夾被刪除並隨后從頭開始重新初始化時,我遇到了這個問題。 關鍵是內置用戶沒有初始化。

一旦我初始化內置用戶,錯誤就消失了,系統再次運行。

bin/elasticsearch-setup-passwords interactive|auto [-u "https://<host_name>:9200"]

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Elasticsearch 中的安全設置,xpack 顯示不一致的行為 ElasticSearch xpack.security.enabled: true 啟動錯誤 Elasticsearch Xpack.security.audit.outputs:7.x 中的 [index, logfile]? 在 elasticsearch 中啟用 xpack.security 后無法驗證用戶 [elastic] 由於xpack安全錯誤,Kibana Docker映像無法啟動 如何在 k8s 上的 elasticsearch 部署中從 helm char 禁用 xpack.security.enabled 如何通過xpack創建Elasticsearch Watcher 使用XPack設置ElasticSearch和Kibana圖像 elasticsearch xpack-無法更改默認密碼 在Open Distro For Elasticsearch上啟用xpack功能
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM