setup-passwords 命令因连接失败而失败
编辑setup-passwords 命令因连接失败而失败
编辑elasticsearch-setup-passwords 命令 通过发送用户管理 API 请求来设置内置用户的密码。如果您的集群对 HTTP (REST) 接口使用 SSL/TLS,该命令会尝试使用 HTTPS 协议建立连接。如果连接尝试失败,该命令将失败。
症状
-
Elasticsearch 正在运行 HTTPS,但该命令无法检测到它,并返回以下错误
Cannot connect to elasticsearch node. java.net.SocketException: Unexpected end of file from server ... ERROR: Failed to connect to elasticsearch at http://127.0.0.1:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?
-
已配置 SSL/TLS,但无法建立信任。该命令返回以下错误
SSL connection to https://127.0.0.1:9200/_security/_authenticate?pretty failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Please check the elasticsearch SSL settings under xpack.security.http.ssl. ... ERROR: Failed to establish SSL connection to elasticsearch at https://127.0.0.1:9200/_security/_authenticate?pretty.
-
该命令失败,因为主机名验证失败,导致以下错误
SSL connection to https://idp.localhost.test:9200/_security/_authenticate?pretty failed: java.security.cert.CertificateException: No subject alternative DNS name matching elasticsearch.example.com found. Please check the elasticsearch SSL settings under xpack.security.http.ssl. ... ERROR: Failed to establish SSL connection to elasticsearch at https://elasticsearch.example.com:9200/_security/_authenticate?pretty.
解决方案
- 如果您的集群对 HTTP 接口使用 TLS/SSL,但
elasticsearch-setup-passwords命令尝试建立不安全的连接,请使用--url命令选项来显式指定 HTTPS URL。或者,将xpack.security.http.ssl.enabled设置为true。 - 如果该命令不信任 Elasticsearch 服务器,请验证您是否配置了
xpack.security.http.ssl.certificate_authorities设置或xpack.security.http.ssl.truststore.path设置。 - 如果主机名验证失败,您可以通过将
xpack.security.http.ssl.verification_mode设置为certificate来禁用此验证。
有关这些设置的更多信息,请参阅 安全设置。