连接Pod logstash和elasticsearch时出错

o7jaxewo  于 12个月前  发布在  Logstash
关注(0)|答案(1)|浏览(230)

几天来,我一直在kubernetes中连接logstash和elastic之间遇到这个问题,我使用minikube。这些是logstash pod中的日志:
[2023 - 11 - 20T10:16:01,269][WARN][logstash. licensechecker. licensereader]尝试恢复与死ES示例的连接,但遇到错误{:url =>"http://elasticsearch:9200/",:exception => LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError,:message =>" Elasticsearch Unreachable:[http://elasticsearch:9200/][Manticore::ClientProtocolException] elasticsearch:9200 failed to respond "}
[2023 - 11 - 20T10:16:01,303][ERROR][logstash. licensechecker. licensereader]无法从许可证服务器检索许可证信息{:message =>"No Available connections "}
[2023 - 11 - 20T10:16:05,280][WARN][logstash. outputs. elasticsearch][main]尝试恢复到死ES示例的连接,但遇到错误{:url =>"https://elastic:xxxxxx@elasticsearch:9200/",:exception => LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,:message =>" Got response code '401' contacting Elasticsearch at URL 'https://elasticsearch:9200/'"}
来自Elastic:
{"@timestamp ":" 2023 - 11 - 20T10:11:36.006Z "," log. level ":" INFO "," message ":" JVM arguments [-Xshare:auto,-Des. networkaddress. cache. ttl = 60,-Des. networkaddress. cache. negative. ttl = 10,-Djava. security. manager = allow,-XX:+ AlwaysPreTouch,-Xss1m,-Djava. awt. headless = true,-Dfile. encoding = UTF-8,-Djna. nosys = true,-XX:-OmitStackTraceInFastThrow,-XX:+ ShowCodeDetailsInExceptionMessages,-Dio. netty. noUnsafe = true,-Dio. netty. noKeySetOptimization = true,-Dio. netty. recycler. maxCapacityPerThread = 0,-Dlog4j.shutdownHookEnabled = false,-Dlog4j2.disable.jmx = true,-Dlog4j2.formatMsgNoLookups = true,-Djava. locale. providers = SPI,COMPAT,--add-opens = java. base/www.example.com = ALL-UNNAMED,-XX:java.ioG1ReservePercent = 15,-Des. path. home =/usr/share/elasticsearch,-Des. path. conf =/usr/share/elasticsearch/config,-Des. distribution. flavor = default,-Des. distribution. type = docker,- Des. bundled_jdk = true]"," ecs. version ":" 1.2.0 "," www.example.com ":" ES_ECS "," event. dataset ":" elasticsearch. server "," www.example.com ":" main "," log. logger ":"org. elasticsearch. node. Node","www.example.com":"elasticsearch-57dc5fc6f7 - 42zzd","www.example.com":"docker-cluster "}{"@timestamp":" 2023 - 11 - 20T10:16:31.425Z "," log. level ":" WARN "," message ":"在https通道上收到纯文本http通信,正在关闭连接Netty4HttpChannel {localAddress =/10.244.0.15:9200,remoteAddress =/10.244.0.16:47910}"," ecs. version":" 1.2.0"," www.example.com":" ES_ECS"," event. dataset":" elasticsearch. server"," www.example.com":" elasticsearch [elasticsearch-57dc5fc6f7 - 42zzd][transfer_worker][T#1]"," log. logger":" org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport"," elasticsearch. cluster. uuid":"f_RDyR5xRwyVLO9IugQkZw","www.example.com":"ZUGoJReVReixqtOnRe6LOg","www.example.com":"elasticsearch-57dc5fc6f7 - 42zzd","www.example.com":"docker-cluster "}
{"@timestamp ":" 2023 - 11 - 20T10:16:36.319Z "," log. level ":" INFO "," message ":"[elastic]的身份验证已由realm [reserved]终止-无法验证用户[elastic]"," ecs. version ":"1.2.0","www.example.com":"ES_ECS","event. dataset":"elasticsearch. server","www.example.com":" elasticsearch [elasticsearch-57dc5fc6f7 - 42zzd][system_critical_read][T#1]"," log. logger ":"org. elasticsearch. xpack. security. authc. RealmsAuthenticator","elasticsearch. cluster. uuid":" f_RDyR5xRwyVLO9IugQkZw"," www.example.com":" ZUGoJReVReixqtOnRe6LOg"," www.example.com":" elasticsearch-57dc5fc6f7 - 42zzd"," www.example.com":" docker-cluster "}
这是我的配置:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: elasticsearch
  namespace: logging
spec:
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0
        ports:
        - containerPort: 9200      

---
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: logging
spec:
  ports:
    - port: 9200
      protocol: TCP
      targetPort: 9200
  selector:
    app: elasticsearch

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: logstash-config
  namespace: logging
data:
  logstash.conf: |
    input {
      beats {
        port => 5044
      }
    }

    output {
      elasticsearch {
        hosts => [ "https://elasticsearch:9200" ]
        ssl => true
        ssl_certificate_verification => false
        user => "elastic"
        password => "mypass"
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: logstash
  namespace: logging
spec:
  selector:
    matchLabels:
      app: logstash
  template:
    metadata:
      labels:
        app: logstash
    spec:
      containers:
        - name: logstash
          image: docker.elastic.co/logstash/logstash:8.8.0
          ports:
            - containerPort: 5044
          volumeMounts:
            - name: pipeline-volume
              mountPath: /usr/share/logstash/pipeline/logstash.conf
              subPath: logstash.conf

      volumes:
        - name: pipeline-volume
          configMap:
            name: logstash-config
---
apiVersion: v1
kind: Service
metadata:
  name: logstash
  namespace: logging
spec:
  ports:
    - port: 5044
      protocol: TCP
      targetPort: 5044
  selector:
    app: logstash

字符串
要获取弹性密码,我遵循以下步骤:

oc exec -it elasticsearch-57dc5fc6f7-42zzd -- bash

elasticsearch@elasticsearch-57dc5fc6f7-42zzd:~$ bin/elasticsearch-reset-password -u elastic -a

WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]

WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]

This tool will reset the password of the [elastic] user to an autogenerated value.

The password will be printed in the console.

Please confirm that you would like to continue [y/N] y

Password for the [elastic] user successfully reset.

New value: mypass


有人能帮帮我吗
我不知道怎么解决

uhry853o

uhry853o1#

根据您提供的日志,似乎有两个主要问题:

  1. Logstash尝试使用HTTP连接到Elasticsearch,但Elasticsearch需要HTTPS连接。这由日志消息“在https通道上接收到明文http流量,关闭连接”指示。(我假设它是logstash)
    1.用户'elastic'的身份验证失败。这由日志消息“[elastic]的身份验证已被域[reserved]终止-未能对用户[elastic]进行身份验证"指示。
    要解决此问题,请首先使用ssh进入logstash pod并运行以下命令:
curl -ks "https://elasticsearch:9200" -u elastic:mypass

字符串
注意:ssl_certificate_verification不推荐使用ssl_verification_mode。

相关问题