极客观点
项目管理
HarmonyOS
es 配置文件部分如下
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 08-06-2023 05:49:38
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["dev01"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------使用 官方的命令生成 token
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node在新的节点安装并按照提示使用生成的 token 加入
[root@dev02 ~]# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token eyJ2ZXIiOiI4LjguMCIsImFkciI6WyIxNzIuMTcuMC4xOjkyMDAiXSwiZmdyIjoiMWNhYTZhZDFlNDRiNTc1NjQwZjBkZGQzMTA3MjY4ZDNmN2NkMWU4M2ZiZWI3MzNlZDg1Zjk1ZjRlYWJlY2RiMyIsImtleSI6IjF3bFFtb2dCZ0o1TldtVkNjSG5HOjJ5cXl5RUt5UVl1R2JKZXZ6SnV2MWcifQ==
warning: ignoring JAVA_HOME=/root/env/zulu8.70.0.23; using bundled JDK
This node will be reconfigured to join an existing cluster, using the enrollment token that you provided.
This operation will overwrite the existing configuration. Specifically:
- Security auto configuration will be removed from elasticsearch.yml
- The [certs] config directory will be removed
- Security auto configuration related secure settings will be removed from the elasticsearch.keystore
Do you want to continue with the reconfiguration process [y/N]y
Unable to communicate with the node on https://172.17.0.1:9200/_security/enroll/node. Error was Connection refused
ERROR: Aborting enrolling to cluster. Could not communicate with the node on any of the addresses from the enrollment token. All of [172.17.0.1:9200] were attempted.
[root@dev02 ~]# 这里的地址是 172.17.0.1:9200 是错误的,以下是 第一个节点的 ip 地址信息
[root@dev01 elasticsearch]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:68ff:fed3:2864 prefixlen 64 scopeid 0x20<link>
ether 02:42:68:d3:28:64 txqueuelen 0 (Ethernet)
RX packets 42898 bytes 32258634 (30.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61595 bytes 9578680 (9.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.220 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fef1:ce7c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:ce:7c txqueuelen 1000 (Ethernet)
RX packets 10941141 bytes 5562339556 (5.1 GiB)
RX errors 0 dropped 294 overruns 0 frame 0
TX packets 2141017 bytes 223001264 (212.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11693530 bytes 1546289852 (1.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11693530 bytes 1546289852 (1.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
不知道为什么 生成的 token 使用的是 docker0 的地址 不是我的 ens192 的地址。
尝试修改配置文件中的 transport.host 和 network.host 都无法改变 token 的地址。
感谢大佬的回答
1.临时禁用 Docker 网络接口,然后再生成 enrollment token。:
`
sudo ip link set docker0 down
`
然后再生成 enrollment token。完成后,重新启用 Docker 网络接口:
`
sudo ip link set docker0 up
`
在 Elasticsearch 的配置文件:
然后重启 Elasticsearch 并再次生成 enrollment token。