1

ノード間の通信が暗号化された 3 つのノードのクラスターを作成しようとしています。ノードごとに pem 証明書を生成し、シード ホストとクラスターの初期マスターを構成しました。

これはelasticsearch.ymlです:

cluster.name: “test-ansible-elastic-cluster”

network.host: "0.0.0.0""

discovery.zen.minimum_master_nodes: 1

discovery.seed_hosts:
- "hostname1.compute.amazonaws.com::9300"
- "hostname2.compute.amazonaws.com::9300"
- "hostname3.compute.amazonaws.com::9300"

cluster.initial_master_nodes:
- nodo1
- nodo2
- nodo3

opendistro_security.ssl.transport.pemcert_filepath: nodo1.pem
opendistro_security.ssl.transport.pemkey_filepath: nodo1-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: MyRootCA.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false


opendistro_security.disabled: false
opendistro_security.allow_unsafe_democertificates: false

path.logs: /var/log/elasticsearch
path.data: /var/lib/elasticsearch

bootstrap.memory_lock: true
node.name: nodo1

node.master: true

node.data: true

cluster.remote.connect: false

opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: nodo1.pem
opendistro_security.ssl.http.pemkey_filepath: nodo1-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: MyRootCA.pem

opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
  - "CN=admin,OU=ou,O=o,L=l,ST=st,C=c"
opendistro_security.nodes_dn:
    - "CN=nodo1,OU=ou,O=o,L=l,ST=st,C=c"
    - "CN=nodo2,OU=ou,O=o,L=l,ST=st,C=c"
    - "CN=nodo3,OU=ou,O=o,L=l,ST=st,C=c"

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false

opendistro_security.compliance.salt: "******************"

どのノードにも到達できないようです:

[2019-10-24T12:03:36,088][WARN ][o.e.c.c.ClusterFormationFailureHelper] [nodo1] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [nodo1, nodo2, nodo3] to bootstrap a cluster: have discovered []; discovery will continue using [172.31.20.185:9300, 172.31.30.171:9300] from hosts providers and [{nodo1}{37vHomwsS02gMGDg3paNog}{U5VZJsBjQDm_l0Ztzn5-9Q}{172.31.26.127}{172.31.26.127:9300}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
[2019-10-24T12:03:45,024][DEBUG][o.e.a.a.c.h.TransportClusterHealthAction] [nodo1] timed out while retrying [cluster:monitor/health] after failure (timeout [30s])
[2019-10-24T12:03:45,525][DEBUG][o.e.a.a.c.h.TransportClusterHealthAction] [nodo1] no known master node, scheduling a retry
[2019-10-24T12:03:46,089][WARN ][o.e.c.c.ClusterFormationFailureHelper] [nodo1] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [nodo1, nodo2, nodo3] to bootstrap a cluster: have discovered []; discovery will continue using [172.31.20.185:9300, 172.31.30.171:9300] from hosts providers and [{nodo1}{37vHomwsS02gMGDg3paNog}{U5VZJsBjQDm_l0Ztzn5-9Q}{172.31.26.127}{172.31.26.127:9300}] from last-known cluster state; node term 0, last-accepted version 0 in term 0

他のマシンに ping を実行できます。助けてもらえますか? マシン内でpemをsshに渡す必要がありますか? よろしく EF

4

0 に答える 0