环境信息:

系统 elasticsearch
centos7.9 7.1.1

集群信息:

服务 ip地址
es1 192.168.1.200
es2 192.168.1.201
es3 192.168.1.202

问题经过:

配置文件elasticsearch.yml新增x-pack功能

xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

启动服务:

 ../bin/elasticsearch

配置x-pack生成p12格式证书

bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""

交互式设置密码

bin/elasticsearch-setup-passwords interactive

下面是报错信息:

Unexpected response code [503] from calling PUT http://192.168.1.200:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the security index

Possible next steps:
* Try running this tool again.
* Try running with the --verbose parameter for additional messages.
* Check the elasticsearch logs for additional error details.
* Use the change password API manually. 

ERROR: Failed to set password for user [apm_system].

Elasticsearch 设置X-pack时,报错ERROR: Failed to set password for user [apm_system].解决方法_文件权限
这个问题我在网上试了很多种办法都不行,有说下配置文件elasticsearch.yml添加禁用参数的,那些禁用参数只是禁用监控,图形化什么的,跟设置kibana、apm_system没有关系啊,失败了。还有说必须配置kibana的,要不然就是会报ERROR: Failed to set password for user [apm_system].,这跟kibana哪有一毛儿钱关系~

其实仔细看下报错,大概就知道了。

Unexpected response code [503] from calling PUT http://192.168.1.200:9200/_security/user/apm_system/_password?pretty

报的503错误码,503大部分代表没权限的意思

解决方法:

服务必须是运行状态!!!

1、文件权限问题。检查证书文件普通用户是否有权限读取

可重新使用chown ... -R 命令递归授权给运行es的普通用户,以防是root用户生成的证书文件,没权限读取。

[elastic@localhost config]$ ll
total 64
-rw------- 1 elastic elastic  3443 Jul 13 03:09 elastic-certificates.p12

注:elastic是我的运行es服务的普通用户

2、集群未全部启动。需要把配置文件中的节点全部启动。
3、证书不一致。最有可能出现的问题就是证书不一致了。

比如在es1上生成了p12格式的证书,不能再去其他节点上生成证书了,需要把证书拷贝过去。

scp /opt/elasticsearch/config/elastic-certificates.p12 root@192.168.1.201:/opt/elasticsearch/config/elastic-certificates.p12

scp /opt/elasticsearch/config/elastic-certificates.p12 root@192.168.1.202:/opt/elasticsearch/config/elastic-certificates.p12

拷贝完成后,重启服务即可
我这里3个节点,3个节点证书必须一样。

登录验证
浏览器打开:192.168.1.200:9200/_cat/nodes查看集群信息
Elasticsearch 设置X-pack时,报错ERROR: Failed to set password for user [apm_system].解决方法_普通用户_02