0

我是 Opendistro for Elasticsearch 的新手。对这个新的开源尝试感到兴奋,但我无法设置单节点集群。在遵循https://opendistro.github.io/for-elasticsearch-docs/之后,我正在使用所有默认设置,但是我无法设置一个

我的 elasticsearch.yml 如下:

cluster.name: my-application
node.name: elk1
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.1
http.port: 9200
discovery.zen.minimum_master_nodes: 1
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: true
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test,C=DE
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
discovery.type: single-node
node.max_local_storage_nodes: 1

我的 kibana.yml 如下所示。我将 *.pem 文件从 /etc/elasticsearch/ 复制到 /etc/kibana/

server.port: 5601
server.host: delk1
elasticsearch.hosts: ["https://elk1:9200"]
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]

server.ssl.enabled: true
server.ssl.key: /etc/kibana/esnode-key.pem
server.ssl.certificate: /etc/kibana/esnode.pem

Elasticsearch 中的错误如下:

[2020-03-09T18:57:08,052][INFO ][c.a.o.s.c.ConfigurationRepository] [elk1] Background init thread started. Install default config?: true
[2020-03-09T18:57:08,074][INFO ][c.a.o.s.c.ConfigurationRepository] [elk1] Will create .opendistro_security index so we can apply default config
[2020-03-09T18:57:08,208][INFO ][o.e.g.GatewayService     ] [elk1] recovered [2] indices into cluster_state
[2020-03-09T18:57:09,416][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:09,460][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for internalusers while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,461][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for actiongroups while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,461][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for config while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,461][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for roles while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,461][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for rolesmapping while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,462][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for tenants while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:09,483][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:09,595][INFO ][o.e.c.r.a.AllocationService] [elk1] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[security-auditlog-2020.03.09][0]]]).
[2020-03-09T18:57:11,990][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:14,499][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:17,006][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:17,411][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for internalusers while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:17,412][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for actiongroups while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:17,412][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for config while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:17,412][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for roles while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:17,412][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for rolesmapping while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:17,412][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for tenants while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:19,512][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:22,021][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:24,533][ERROR][c.a.o.s.a.BackendRegistry] [elk1] Not yet initialized (you may need to run securityadmin)
[2020-03-09T18:57:25,413][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for internalusers while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:25,413][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for actiongroups while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:25,413][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for config while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:25,413][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for roles while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:25,414][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for rolesmapping while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)
[2020-03-09T18:57:25,414][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [elk1] No data for tenants while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS]  (index=.opendistro_security and type=null)

Kibana.yml 中的错误

{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"state_session_storage_redirect","version":"kibana","description":"When using the state:storeInSessionStorage setting with the short-urls, we need some way to get the full URL's hashed states into sessionStorage, this app will grab the URL from the injected state and and put the URL hashed states into sessionStorage before redirecting the user."},"message":"Initializing plugin state_session_storage_redirect@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"status_page","version":"kibana"},"message":"Initializing plugin status_page@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"tile_map","version":"kibana"},"message":"Initializing plugin tile_map@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:tile_map@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"author":"Rashid Khan <rashid@elastic.co>","name":"timelion","version":"kibana"},"message":"Initializing plugin timelion@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:timelion@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"ui_metric","version":"kibana"},"message":"Initializing plugin ui_metric@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:ui_metric@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"markdown_vis","version":"kibana"},"message":"Initializing plugin markdown_vis@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:markdown_vis@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"metric_vis","version":"kibana"},"message":"Initializing plugin metric_vis@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:metric_vis@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"table_vis","version":"kibana"},"message":"Initializing plugin table_vis@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:table_vis@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"name":"tagcloud","version":"kibana"},"message":"Initializing plugin tagcloud@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:tagcloud@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugins","debug"],"pid":16997,"plugin":{"author":"Yuri Astrakhan<yuri@elastic.co>","name":"vega","version":"kibana"},"message":"Initializing plugin vega@kibana"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:vega@7.4.2","info"],"pid":16997,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["plugin","debug"],"pid":16997,"message":"Checking Elasticsearch version"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["error","elasticsearch","admin"],"pid":16997,"message":"Request error, retrying\nGET https://elk1:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => unable to verify the first certificate"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["server","uuid","uuid"],"pid":16997,"message":"Resuming persistent Kibana instance UUID: 329fdcc3-8105-489d-be69-c4e6397cb9a6"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"Unable to revive connection: https://elk1:9200/"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["status","plugin:elasticsearch@7.4.2","error"],"pid":16997,"state":"red","message":"Status changed from yellow to red - No Living connections","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2020-03-09T19:09:47Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"No living connections"}
{"type":"log","@timestamp":"2020-03-09T19:09:50Z","tags":["plugin","debug"],"pid":16997,"message":"Checking Elasticsearch version"}
{"type":"log","@timestamp":"2020-03-09T19:09:50Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"Unable to revive connection: https://elk1:9200/"}
{"type":"log","@timestamp":"2020-03-09T19:09:50Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"No living connections"}
{"type":"log","@timestamp":"2020-03-09T19:09:52Z","tags":["plugin","debug"],"pid":16997,"message":"Checking Elasticsearch version"}

....

{"type":"log","@timestamp":"2020-03-09T19:12:03Z","tags":["plugin","debug"],"pid":16997,"message":"Checking Elasticsearch version"}
{"type":"log","@timestamp":"2020-03-09T19:12:03Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"Unable to revive connection: https://elk1:9200/"}
{"type":"log","@timestamp":"2020-03-09T19:12:03Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"No living connections"}
{"type":"log","@timestamp":"2020-03-09T19:12:06Z","tags":["plugin","debug"],"pid":16997,"message":"Checking Elasticsearch version"}
{"type":"log","@timestamp":"2020-03-09T19:12:06Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"Unable to revive connection: https://elk1:9200/"}
{"type":"log","@timestamp":"2020-03-09T19:12:06Z","tags":["warning","elasticsearch","admin"],"pid":16997,"message":"No living connections"}


不知道我哪里错了。任何带有示例的指针都会有所帮助。提前致谢

4

1 回答 1

1

在日志消息中,您有: Not yet initialized (you may need to run securityadmin)

在这种情况下,您应该键入如下内容:

/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh \
   -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ \
   -icl -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem  \
   -cert /etc/elasticsearch/certs/admin.pem  \
   -key /etc/elasticsearch/certs/admin-key.pem \
   -h localhost

更多信息: https ://opendistro.github.io/for-elasticsearch-docs/old/0.9.0/docs/security/generate-certificates/#run-securityadminsh

于 2020-08-07T14:40:08.887 回答