setup-passwords 命令因连接失败而失败
编辑setup-passwords 命令因连接失败而失败编辑
The elasticsearch-setup-passwords 命令 通过发送用户管理 API 请求来设置内置用户的密码。如果您的集群使用 SSL/TLS 用于 HTTP(REST)接口,则该命令尝试建立与 HTTPS 协议的连接。如果连接尝试失败,则该命令将失败。
症状
-
Elasticsearch 正在运行 HTTPS,但该命令无法检测到它并返回以下错误
Cannot connect to elasticsearch node. java.net.SocketException: Unexpected end of file from server ... ERROR: Failed to connect to elasticsearch at http://127.0.0.1:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?
-
SSL/TLS 已配置,但无法建立信任。该命令返回以下错误
SSL connection to https://127.0.0.1:9200/_security/_authenticate?pretty failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Please check the elasticsearch SSL settings under xpack.security.http.ssl. ... ERROR: Failed to establish SSL connection to elasticsearch at https://127.0.0.1:9200/_security/_authenticate?pretty.
-
该命令失败是因为主机名验证失败,这会导致以下错误
SSL connection to https://idp.localhost.test:9200/_security/_authenticate?pretty failed: java.security.cert.CertificateException: No subject alternative DNS name matching elasticsearch.example.com found. Please check the elasticsearch SSL settings under xpack.security.http.ssl. ... ERROR: Failed to establish SSL connection to elasticsearch at https://elasticsearch.example.com:9200/_security/_authenticate?pretty.
解决方案
- 如果您的集群使用 TLS/SSL 用于 HTTP 接口,但
elasticsearch-setup-passwords命令尝试建立非安全连接,请使用--url命令选项显式指定 HTTPS URL。或者,将xpack.security.http.ssl.enabled设置设置为true。 - 如果该命令不信任 Elasticsearch 服务器,请验证您是否已配置
xpack.security.http.ssl.certificate_authorities设置或xpack.security.http.ssl.truststore.path设置。 - 如果主机名验证失败,您可以通过将
xpack.security.http.ssl.verification_mode设置为certificate来禁用此验证。
有关这些设置的更多信息,请参见 安全设置.