我已经在我的弹性搜索主节点上安装了OpenDistro以获取警报。RPM用于安装插件。成功安装插件 ES 后重新启动,但显示以下错误。
日志
3/13/2019 1:05:55 PM[2019-03-13T12:05:55,977][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [elastic-master-a1] uncaught exception in thread [main]
3/13/2019 1:05:55 PMorg.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PMCaused by: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:607) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM ... 6 more
3/13/2019 1:05:55 PMCaused by: java.lang.reflect.InvocationTargetException
3/13/2019 1:05:55 PM at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
3/13/2019 1:05:55 PM at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
3/13/2019 1:05:55 PM at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
3/13/2019 1:05:55 PM at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:598) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM ... 6 more
3/13/2019 1:05:55 PMCaused by: org.elasticsearch.ElasticsearchException: opendistro_security.ssl.transport.keystore_filepath or opendistro_security.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.
3/13/2019 1:05:55 PM at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:363) ~[?:?]
3/13/2019 1:05:55 PM at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:164) ~[?:?]
3/13/2019 1:05:55 PM at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:206) ~[?:?]
3/13/2019 1:05:55 PM at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:222) ~[?:?]
3/13/2019 1:05:55 PM at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
3/13/2019 1:05:55 PM at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
3/13/2019 1:05:55 PM at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
3/13/2019 1:05:55 PM at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:598) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM ... 6 more
显然它是由于opendistro_security.ssl.transport.keystore_filepath
或未opendistro_security.ssl.transport.pemkey_filepath
设置而引起的。但是我已经检查了elasticsearch的配置文件config/elasticsearch.yml
,它显示了以下内容(可以看出opendistro_security.ssl.transport.pemkey_filepath
)已设置。
弹性搜索.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########