几天来,我一直在kubernetes中连接logstash和elastic之间遇到这个问题,我使用minikube。这些是logstash pod中的日志:
[2023 - 11 - 20T10:16:01,269][WARN][logstash. licensechecker. licensereader]尝试恢复与死ES示例的连接,但遇到错误{:url =>"http://elasticsearch:9200/",:exception => LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError,:message =>" Elasticsearch Unreachable:[http://elasticsearch:9200/][Manticore::ClientProtocolException] elasticsearch:9200 failed to respond "}
[2023 - 11 - 20T10:16:01,303][ERROR][logstash. licensechecker. licensereader]无法从许可证服务器检索许可证信息{:message =>"No Available connections "}
[2023 - 11 - 20T10:16:05,280][WARN][logstash. outputs. elasticsearch][main]尝试恢复到死ES示例的连接,但遇到错误{:url =>"https://elastic:xxxxxx@elasticsearch:9200/",:exception => LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,:message =>" Got response code '401' contacting Elasticsearch at URL 'https://elasticsearch:9200/'"}
来自Elastic:
{"@timestamp ":" 2023 - 11 - 20T10:11:36.006Z "," log. level ":" INFO "," message ":" JVM arguments [-Xshare:auto,-Des. networkaddress. cache. ttl = 60,-Des. networkaddress. cache. negative. ttl = 10,-Djava. security. manager = allow,-XX:+ AlwaysPreTouch,-Xss1m,-Djava. awt. headless = true,-Dfile. encoding = UTF-8,-Djna. nosys = true,-XX:-OmitStackTraceInFastThrow,-XX:+ ShowCodeDetailsInExceptionMessages,-Dio. netty. noUnsafe = true,-Dio. netty. noKeySetOptimization = true,-Dio. netty. recycler. maxCapacityPerThread = 0,-Dlog4j.shutdownHookEnabled = false,-Dlog4j2.disable.jmx = true,-Dlog4j2.formatMsgNoLookups = true,-Djava. locale. providers = SPI,COMPAT,--add-opens = java. base/www.example.com = ALL-UNNAMED,-XX:java.ioG1ReservePercent = 15,-Des. path. home =/usr/share/elasticsearch,-Des. path. conf =/usr/share/elasticsearch/config,-Des. distribution. flavor = default,-Des. distribution. type = docker,- Des. bundled_jdk = true]"," ecs. version ":" 1.2.0 "," www.example.com ":" ES_ECS "," event. dataset ":" elasticsearch. server "," www.example.com ":" main "," log. logger ":"org. elasticsearch. node. Node","www.example.com":"elasticsearch-57dc5fc6f7 - 42zzd","www.example.com":"docker-cluster "}{"@timestamp":" 2023 - 11 - 20T10:16:31.425Z "," log. level ":" WARN "," message ":"在https通道上收到纯文本http通信,正在关闭连接Netty4HttpChannel {localAddress =/10.244.0.15:9200,remoteAddress =/10.244.0.16:47910}"," ecs. version":" 1.2.0"," www.example.com":" ES_ECS"," event. dataset":" elasticsearch. server"," www.example.com":" elasticsearch [elasticsearch-57dc5fc6f7 - 42zzd][transfer_worker][T#1]"," log. logger":" org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport"," elasticsearch. cluster. uuid":"f_RDyR5xRwyVLO9IugQkZw","www.example.com":"ZUGoJReVReixqtOnRe6LOg","www.example.com":"elasticsearch-57dc5fc6f7 - 42zzd","www.example.com":"docker-cluster "}
{"@timestamp ":" 2023 - 11 - 20T10:16:36.319Z "," log. level ":" INFO "," message ":"[elastic]的身份验证已由realm [reserved]终止-无法验证用户[elastic]"," ecs. version ":"1.2.0","www.example.com":"ES_ECS","event. dataset":"elasticsearch. server","www.example.com":" elasticsearch [elasticsearch-57dc5fc6f7 - 42zzd][system_critical_read][T#1]"," log. logger ":"org. elasticsearch. xpack. security. authc. RealmsAuthenticator","elasticsearch. cluster. uuid":" f_RDyR5xRwyVLO9IugQkZw"," www.example.com":" ZUGoJReVReixqtOnRe6LOg"," www.example.com":" elasticsearch-57dc5fc6f7 - 42zzd"," www.example.com":" docker-cluster "}
这是我的配置:
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
namespace: logging
spec:
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0
ports:
- containerPort: 9200
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: logging
spec:
ports:
- port: 9200
protocol: TCP
targetPort: 9200
selector:
app: elasticsearch
---
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config
namespace: logging
data:
logstash.conf: |
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => [ "https://elasticsearch:9200" ]
ssl => true
ssl_certificate_verification => false
user => "elastic"
password => "mypass"
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: logstash
namespace: logging
spec:
selector:
matchLabels:
app: logstash
template:
metadata:
labels:
app: logstash
spec:
containers:
- name: logstash
image: docker.elastic.co/logstash/logstash:8.8.0
ports:
- containerPort: 5044
volumeMounts:
- name: pipeline-volume
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
volumes:
- name: pipeline-volume
configMap:
name: logstash-config
---
apiVersion: v1
kind: Service
metadata:
name: logstash
namespace: logging
spec:
ports:
- port: 5044
protocol: TCP
targetPort: 5044
selector:
app: logstash字符串
要获取弹性密码,我遵循以下步骤:
oc exec -it elasticsearch-57dc5fc6f7-42zzd -- bash
elasticsearch@elasticsearch-57dc5fc6f7-42zzd:~$ bin/elasticsearch-reset-password -u elastic -a
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N] y
Password for the [elastic] user successfully reset.
New value: mypass型
有人能帮帮我吗
我不知道怎么解决
1条答案
按热度按时间uhry853o1#
根据您提供的日志,似乎有两个主要问题:
1.用户'elastic'的身份验证失败。这由日志消息“[elastic]的身份验证已被域[reserved]终止-未能对用户[elastic]进行身份验证"指示。
要解决此问题,请首先使用ssh进入logstash pod并运行以下命令:
字符串
注意:
ssl_certificate_verification不推荐使用ssl_verification_mode。