我正在运行一个 3 节点 Elastic Search 8.9 集群,每个集群都在一个单独的虚拟机上,并带有一个 Kibana 实例,所有这些集群都在 Centos 7.9 上。由于无法将应用程序连接到集群,我决定禁用 xpack 和 ssl 安全性。因此,在删除所有安全功能后,我对其中一个节点的配置如下所示:
cluster.name: application
node.name: node_1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.74
http.port: 9200
cluster.initial_master_nodes: ["elastic_master"]
http.host: 0.0.0.0
我尝试再次启动节点,但失败并在日志中显示以下错误:
[2023-08-27T05:44:51,048][ERROR][o.e.b.Elasticsearch ] [node_1] fatal exception while booting Elasticsearch
org.elasticsearch.ElasticsearchSecurityException: invalid configuration for xpack.security.transport.ssl - [xpack.security.transport.ssl.enabled] is not set, but the following settings have been configured in elasticsearch.yml : [xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]
at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:650) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:624) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:159) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:495) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:324) ~[?:?]
at org.elasticsearch.node.Node.lambda$new$16(Node.java:733) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.plugins.PluginsService.lambda$flatMap$1(PluginsService.java:261) ~[elasticsearch-8.9.0.jar:?]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?]
at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?]
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?]
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?]
at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?]
at org.elasticsearch.node.Node.<init>(Node.java:748) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.node.Node.<init>(Node.java:334) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:72) ~[elasticsearch-8.9.0.jar:?]
我尝试过跑步
unset ES_JAVA_OPTS
。我已经停止了所有其他节点以及 Kibana。我已经检查了环境变量中是否有任何与弹性相关的内容。
每次我执行
systemctl start elasticsearch
时,它都会失败,并在日志中出现相同的错误。
有没有办法禁用 xpack 安全性和 ssl 而无需重做整个集群?
...但在elasticsearch.yml中配置了以下设置:[xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]
这意味着 Elasticsearch 密钥库仍然包含 SSL 配置的安全密码。您可以使用以下命令删除它们:
bin/elasticsearch-keystore remove xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore remove xpack.security.transport.ssl.truststore.secure_password
您还应该在配置中明确禁用安全性:
xpack.security.enabled: false