我在 Kubernetes 上运行 Elasticsearch V6.3.2 集群,并且我已经安装了repository-s3
插件。我已将我的 AWS 访问密钥和秘密密钥添加到elasticsearch.keystore
.
我正在尝试使用以下方式注册我的快照存储库:
curl -X PUT -H "Content-Type: application/json" -d '{ "type": "s3", "settings": { "bucket": "efk-snapshots-k8s" } }' "localhost:9200/_snapshot/snap123"
上述请求失败:
{
"error":{
"root_cause":[
{
"type":"amazon_s3_exception",
"reason":"amazon_s3_exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: 962AE79FCC57FA8E; S3 Extended Request ID: kyx9TnYewW8NUk35CsJRLy7SF7iCsg515zhXtOMjz4EdsxGUBJYaqHgs/e2SZCatEWQHwLFd39k=)"
}
],
"type":"blob_store_exception",
"reason":"Failed to check if blob [master.dat-temp] exists",
"caused_by":{
"type":"amazon_s3_exception",
"reason":"amazon_s3_exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: 962AE79FCC57FA8E; S3 Extended Request ID: kyx9TnYewW8NUk35CsJRLy7SF7iCsg515zhXtOMjz4EdsxGUBJYaqHgs/e2SZCatEWQHwLFd39k=)"
}
},
"status":500
}
我已经使用 IAM 策略授予了适当的权限,即使到目前为止我尝试为其提供完整的 S3 访问权限,但仍然没有运气。这里出了什么问题?
-编辑:
这是我的elasticsearch.yml
thread_pool.bulk.queue_size: 2000
thread_pool.index.size: 2
thread_pool.index.queue_size: 2000
network.host: 0.0.0.0
cluster:
name: ${CLUSTER_NAME}
node:
master: ${NODE_MASTER}
data: ${NODE_DATA}
name: ${NODE_NAME}
ingest: ${NODE_INGEST}
max_local_storage_nodes: ${MAX_LOCAL_STORAGE_NODES}
processors: ${PROCESSORS:1}
path:
data: /data/data
logs: /data/log
repo: ${REPO_LOCATIONS}
bootstrap:
memory_lock: ${MEMORY_LOCK}
http:
enabled: ${HTTP_ENABLE}
compression: true
cors:
enabled: ${HTTP_CORS_ENABLE}
allow-origin: ${HTTP_CORS_ALLOW_ORIGIN}
discovery:
zen:
ping.unicast.hosts: ${DISCOVERY_SERVICE}
minimum_master_nodes: ${NUMBER_OF_MASTERS}