Elastic with Kibana on docker 让 Kibana 服务器还没有准备好

【问题标题】:Elastic with Kibana on docker gives Kibana server is not ready yetElastic with Kibana on docker 让 Kibana 服务器还没有准备好
【发布时间】:2020-06-04 11:14:43
【问题描述】:

我有 Elastic 和 Kibana,但上周它突然停止工作,出现错误 Kibana server is not ready yet。我在谷歌上看到了很多关于这个问题的帖子。尝试了这一切,完全没有运气。 我可以在 kibana 日志中看到以下错误:

License information could not be obtained from Elasticsearch due to Error: Error: certificate has expired error"}
{"type":"log","@timestamp":"2020-05-31T13:45:24Z","tags":["info","monitoring","kibana-monitoring"],"pid":6,"message":"Monitoring status upload endpoint is not enabled in Elasticsearch:Monitoring stats collection is stopped"}
{"type":"log","@timestamp":"2020-05-31T13:45:54Z","tags":["error","elasticsearch","data"],"pid":6,"message":"Request error, retrying\nGET https://el.mydomain.io:9200/_xpack => certificate has expired"}

我检查了证书。它没有过期。它将于明年二月到期。 知道发生了什么吗?

更新 #1:添加了 docker-compose.yml

version: '2.2'

services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION}
    container_name: el.mydomain.io
    environment:
      - node.name=el.mydomain.io
      - discovery.type=single-node       
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"      
      - xpack.license.self_generated.type=trial # <1>
      - xpack.security.enabled=true      
      - xpack.security.http.ssl.enabled=true # <2>
      - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
      - xpack.security.transport.ssl.enabled=true # <3>
      - xpack.security.transport.ssl.verification_mode=certificate # <4>
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes: 
      - data01:/usr/share/elasticsearch/data
      - /home/user11/SSL-Certs/:$CERTS_DIR
    ports:
      - 9200:9200
    networks:
      - elastic

    healthcheck:
      test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://el.mydomain.io:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
      interval: 30s
      timeout: 10s
      retries: 5

  kib01:
    image: docker.elastic.co/kibana/kibana:${VERSION}
    container_name: kib.mydomain.io
    depends_on: {"es01": {"condition": "service_healthy"}}
    ports:
      - 443:5601    
    environment:
      SERVERNAME: kib.mydomain.io
      SERVER.HOST: kib.mydomain.io
      ELASTICSEARCH_URL: https://el.mydomain.io:9200
      ELASTICSEARCH_HOSTS: https://el.mydomain.io:9200
      ELASTICSEARCH_USERNAME: kibana
      ELASTICSEARCH_PASSWORD: Mypassword
      ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: $CERTS_DIR/ca/ca.crt
      SERVER_SSL_ENABLED: "true"
      SERVER_SSL_KEY: $CERTS_DIR/kib01/kib01.key
      SERVER_SSL_CERTIFICATE: $CERTS_DIR/kib01/kib01.crt
    volumes: 
      - /home/user11/SSL-Certs/:$CERTS_DIR
    networks:
      - elastic    
volumes:
  data01:
    driver: local
    #certs:
    #driver: local

networks: 
  elastic:
    driver: bridge

更新 #2: 证书输出:

C:\Temp>openssl verify -CAfile ca.crt es01.crt
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
error 10 at 3 depth lookup: certificate has expired
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 10 at 2 depth lookup: certificate has expired
error es01.crt: verification failed

C:\Temp>openssl verify -CAfile ca.crt kib01.crt
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
error 10 at 3 depth lookup: certificate has expired
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 10 at 2 depth lookup: certificate has expired
error kib01.crt: verification failed

C:\Temp>openssl x509 -noout -in es01.crt -dates
notBefore=Jan  2 00:00:00 2020 GMT
notAfter=Jan  1 23:59:59 2021 GMT

C:\Temp>openssl x509 -noout -in kib01.crt -dates
notBefore=Jan  2 00:00:00 2020 GMT
notAfter=Jan  1 23:59:59 2021 GMT

C:\Temp>openssl x509 -noout -in ca.crt -dates
notBefore=Nov  2 00:00:00 2018 GMT
notAfter=Dec 31 23:59:59 2030 GMT

【问题讨论】:

    标签: docker elasticsearch kibana


    【解决方案1】:

    这不是许可证问题,但您的 SSL 证书已过期。错误消息状态

    请求错误,正在重试\nGET https://el.mydomain.io:9200/_xpack => 证书已过期

    所以你只需要renew your certificate

    【讨论】:

    • 我刚从托管 elastic 和 kibana 的机器上下载。证书将于 2021 年 2 月 1 日到期。即使我用 chrome 访问 el.mydomain.com 我也可以看到证书是有效的
    • 我们说的是ES节点证书吧?不是主机、www 或任何证书,对吗?你能分享你的 elasticsearch.yml 和 kibana.yml 配置文件吗?
    • 谢谢!运行openssl verify -CAfile ca.crt es01.crtopenssl verify -CAfile ca.crt kib01.crt 会得到什么?
    • 你能用正确格式的输出更新你的问题吗?
    • 已更新如果我在 Windows 资源管理器中双击 es01.crt,它会显示 Valid from: 02/01/2020 to 02/01/2021
    【解决方案2】:

    查看您的错误消息的这一部分

    {"type":"log","@timestamp":"2020-05-31T13:45:54Z","tags":["error","elasticsearch","data"],"pid":6,"message":"Request error, retrying\nGET https://el.mydomain.io:9200/_xpack => certificate has expired"}

    您的 x-pack 许可证似乎已过期,这可能是导致问题的原因,您能否解决此问题或删除 x-pack 并重试。

    【讨论】:

    • 证书已过期,与license不同
    • 我刚从托管 elastic 和 kibana 的机器上下载。证书将于 2021 年 2 月 1 日到期。即使我用 chrome 访问 el.mydomain.com 我也可以看到证书是有效的
    • 我们说的是ES节点证书吧?不是主机或 www 证书
    • @Val 抱歉,我对此不太了解,只是将其视为错误并认为将其指出为潜在原因,您认为这会阻止 b.w kibana 和 es 的连接吗?跨度>
    • 我只是在回答 pantonis 的评论。他的ES节点证书已经过期,需要生成一个新的
    猜你喜欢
    • 2020-01-20
    • 2021-02-23
    • 2020-04-27
    • 2021-08-16
    • 2021-09-15
    • 2015-05-29
    • 2019-07-01
    • 2020-09-22
    • 2020-04-30
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode