0

我正在尝试为elasticsearch/kibana 配置 xpack,我已经激活了elasticsearch 的试用许可证,为 kibana/elasticsearch 配置了 xpack,并且我还生成了ca.crt、node1-elk.crt、node1-elk.key 和还有 kibana.key , kibana.crt ,如果我使用 kibana 用户和密码以及 ca.crt 对弹性搜索进行 curl 测试,它就像一个魅力,如果我试图从 GUI 访问 kibana 说“服务器尚未准备好”,日志显示“无法验证第一个证书”:

{"type":"log","@timestamp":"2021-11-16T04:41:09-05:00","tags":["error","savedobjects-service"],"pid":13250,"message":"Unable to retrieve version information from Elasticsearch nodes. unable to verify the first certificate"}

我的配置:

kibana.yml

server.name: "my-kibana"
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://0.0.0.0:9200"]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana"

弹性搜索.yml

node.name: node1
network.host: 0.0.0.0
discovery.seed_hosts: [ "0.0.0.0" ]
cluster.initial_master_nodes: ["node1"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/certs/node1.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/node1.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/node1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/node1.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]

卷曲测试:

[root@localhost kibana]#  curl -XGET https://0.0.0.0:9200/_cat/nodes?v -u kibana_system:kibana  --cacert /etc/elasticsearch/certs/ca.crt
ip              heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
192.168.100.102           23          97   3    0.00    0.02     0.08 cdfhilmrstw *      node1

我不知道在这里做什么更多:

[root@localhost kibana]#  curl -XGET https://0.0.0.0:9200/_license -u kibana_system:kibana  --cacert /etc/elasticsearch/certs/ca.crt
{
  "license" : {
    "status" : "active",
    "uid" : "872f0ad0-723e-43c8-b346-f43e2707d3de",
    "type" : "trial",
    "issue_date" : "2021-11-08T18:26:15.422Z",
    "issue_date_in_millis" : 1636395975422,
    "expiry_date" : "2021-12-08T18:26:15.422Z",
    "expiry_date_in_millis" : 1638987975422,
    "max_nodes" : 1000,
    "issued_to" : "elasticsearch",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

谢谢您的帮助

4

0 回答 0