1

在尝试执行时

./sgadmin.sh -ts truststore.jks -tspass 90f3cbdb3eabe04f815b -ks CN=sgadmin-keystore.jks -kspass a65d2a4fa62d7ed7a4d5 -h host -p 9200 -nhnv -cn eslcl1 -cd ../sgconfig/

我收到以下错误:

由于以下原因无法检索集群状态:所有配置的节点都不可用:[{#transport#-1}{6PPXnCNqTt-W5g-0fmeZuQ}{host}{host:9200}]。这不是错误,会继续尝试

错误:

WARNING: JAVA_HOME not set, will use /usr/bin/java
Search Guard Admin v5
WARNING: Seems you want connect to the a HTTP port.
     sgadmin connect through the transport port which is normally 9300.
Will connect to host:9200 ... done

### LICENSE NOTICE Search Guard ###

If you use one or more of the following features in production
make sure you have a valid Search Guard license
(See https://floragunn.com/searchguard-validate-license)

* Kibana Multitenancy
* LDAP authentication/authorization
* Active Directory authentication/authorization
* REST Management API
* JSON Web Token (JWT) authentication/authorization
* Kerberos authentication/authorization
* Document- and Fieldlevel Security (DLS/FLS)
* Auditlogging

In case of any doubt mail to <sales@floragunn.com>
###################################
Contacting elasticsearch cluster 'eslcl1' and wait for YELLOW clusterstate     ...
Cannot retrieve cluster state due to: None of the configured nodes are     available: [{#transport#-1}{6PPXnCNqTt-W5g-0fmeZuQ}{host}{host:9200}]. This is not an error, will keep on trying ...
Root cause: NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{6PPXnCNqTt-W5g-0fmeZuQ}{host}{host:9200}]] (org.elasticsearch.client.transport.NoNodeAvailableException/org.elasticsearch.client.transport.NoNodeAvailableException)
* Try running sgadmin.sh with -icl (but no -cl) and -nhnv (If thats works you need to check your clustername as well as hostnames in your SSL certificates)
* Make also sure that your keystore or cert is a client certificate (not a node certificate) and configured properly in elasticsearch.yml
* If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)
* Add --accept-red-cluster to allow sgadmin to operate on a red cluster.

我在 elasticsearch.yml 中的 conf 是

######## Start Search Guard Demo Configuration ########
searchguard.ssl.transport.keystore_filepath: CN=x.x.x.x-keystore.jks
searchguard.ssl.transport.keystore_password: 8a17368ff585a2c3afdc
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: 90f3cbdb3eabe04f815b
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: CN=x.x.x.x-keystore.jks
searchguard.ssl.http.keystore_password: 8a17368ff585a2c3afdc
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: 90f3cbdb3eabe04f815b
searchguard.authcz.admin_dn:
- CN=sgadmin

cluster.name: eslcl1
network.host: x.x.x.x

有没有我可能需要研究的配置?

4

1 回答 1

3

您需要连接到端口 9300(传输协议),而不是通常是 HTTP/S 端口的 9200。在端口 9300 上,elasticsearch 节点通过二进制 TCP 协议相互通信。在端口 9200 上,可以通过 HTTP/S 访问 REST api。

sgadmin 通过二进制 TCP 协议连接到 elasticsearch,所以需要使用 9300 端口。

因此,您会收到此警告

WARNING: Seems you want connect to the a HTTP port.
     sgadmin connect through the transport port which is normally 9300.

所以你的命令应该看起来像

./sgadmin.sh -ts truststore.jks -tspass 90f3cbdb3eabe04f815b -ks CN=sgadmin-keystore.jks -kspass a65d2a4fa62d7ed7a4d5 -h host -p 9300 -nhnv -cn eslcl1 -cd ../sgconfig/ -nhnv

(如果您的证书与您的主机名不匹配,请添加 -nhnv 以禁用主机名验证)

于 2017-11-27T14:28:07.093 回答