当前位置: 首页 > 知识库问答 >
问题:

无法使用Java API和shield连接到ElasticSearch服务器

蓝宜
2023-03-14

误差

1342 [main] DEBUG org.elasticsearch.shield.transport.netty  - [Benjamin Jacob Grimm] connected to node [{#transport#-1}{HOST_IP}{HOST/HOST_IP:9300}]
1431 [elasticsearch[Benjamin Jacob Grimm][generic][T#1]] DEBUG org.elasticsearch.shield.transport.netty  - [Benjamin Jacob Grimm] disconnecting from [{#transport#-1}{HOST_IP}{HOST/HOST_IP:9300}], channel closed event
1463 [main] INFO org.elasticsearch.client.transport  - [Benjamin Jacob Grimm] failed to get node info for {#transport#-1}{HOST_IP}{HOST/HOST_IP:9300}, disconnecting...
NodeDisconnectedException[[][HOST/HOST_IP:9300][cluster:monitor/nodes/liveness] disconnected]

...9200/_nodes

"cluster_name": "elasticsearch",
   "nodes": {
      "UYdZbCQKQZavtFYOoUpawg": {
         "name": "Desmond Pitt",
         "transport_address": "HOST_IP:9300",
         "host": "HOST_IP",
         "ip": "HOST_IP",
         "version": "2.3.3",
         "build": "218bdf1",
         "http_address": "HOST_IP:9200",
         "settings": {
            "pidfile": "/var/run/elasticsearch/elasticsearch.pid",
            "cluster": {
               "name": "elasticsearch"
            },
            "path": {
               "conf": "/etc/elasticsearch",
               "data": "/var/lib/elasticsearch",
               "logs": "/var/log/elasticsearch",
               "home": "/usr/share/elasticsearch"
            },
            "shield": {
               "http": {
                  "ssl": "true"
               },
               "https": {
                  "ssl": "true"
               },
               "transport": {
                  "ssl": "true"
               }
            },
            "name": "Desmond Pitt",
            "client": {
               "type": "node"
            },
            "http": {
               "cors": {
                  "allow-origin": "*",
                  "allow-headers": "Authorization, Origin, X-Requested-With, Content-Type, Accept",
                  "allow-credentials": "true",
                  "allow-methods": "OPTIONS, HEAD, GET, POST, PUT, DELETE",
                  "enabled": "true"
               }
            },
            "index": {
               "queries": {
                  "cache": {
                     "type": "opt_out_cache"
                  }
               }
            },
            "foreground": "false",
            "config": {
               "ignore_system_properties": "true"
            },
            "network": {
               "host": "HOST_IP",
               "bind_host": "0.0.0.0",
               "publish_host": "HOST_IP"
            }
         }

Java代码:

TransportClient client = TransportClient.builder()
    .addPlugin(ShieldPlugin.class)
    .settings(Settings.builder()
        .put("cluster.name", ClusterName)
        .put("shield.user", "USER:PASSWORD")
        .build())
    .build()
    .addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(HOST), 9300));
C:\Program Files\Java\jdk1.8.0_92
"version": "1.8.0_91",
"vm_name": "OpenJDK 64-Bit Server VM",

更新:

我在ElasticSearch.yml中所做的更改

shield.ssl.keystore.path:          /usr/share/elasticsearch/bin/shield/elastic.jks
shield.ssl.keystore.password:      password
shield.ssl.keystore.key_password:  password

shield.transport.ssl: true
shield.http.ssl: true
shield.https.ssl: true

network.host: HOST_IP
network.publish_host: HOST_IP
shield.ssl.hostname_verification.resolve_name: false

https://host:9200/_cluster/health?pretty=true的结果

{
   "cluster_name": "elasticsearch",
   "status": "yellow",
   "timed_out": false,
   "number_of_nodes": 1,
   "number_of_data_nodes": 1,
   "active_primary_shards": 5,
   "active_shards": 5,
   "relocating_shards": 0,
   "initializing_shards": 0,
   "unassigned_shards": 5,
   "delayed_unassigned_shards": 0,
   "number_of_pending_tasks": 0,
   "number_of_in_flight_fetch": 0,
   "task_max_waiting_in_queue_millis": 0,
   "active_shards_percent_as_number": 50
}
2082 [elasticsearch[Steel Serpent][transport_client_worker][T#1]{New I/O worker #1}] DEBUG org.elasticsearch.shield.transport.netty  - [Steel Serpent] SSL/TLS handshake failed, closing channel: null
java.nio.channels.ClosedChannelException
    at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:575)
    at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:102)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
    at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:396)
    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:360)
    at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:93)
    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
    at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
    at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
    at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
    at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

共有1个答案

漆雕疏珂
2023-03-14

正如我所看到的,您启用了SSL加密。但是您的java代码没有激活SSL。根据官方文档,您应该使用如下代码:

TransportClient client = TransportClient.builder()
.addPlugin(ShieldPlugin.class)
.settings(Settings.builder()
    .put("cluster.name", "myClusterName")
    .put("shield.user", "transport_client_user:changeme")
    .put("shield.ssl.keystore.path", "/path/to/client.jks") (1)
    .put("shield.ssl.keystore.password", "password")
    .put("shield.transport.ssl", "true")
    ...
    .build())

此外,我将测试我的代码没有任何加密,并添加一些新的功能(例如SSL),以配置和代码一步一步。

UPD:老实说,远程修复ssl问题将是棘手的。当客户端发送无效的SSL证书时,通常会出现此错误。可能需要禁用客户端auth

 类似资料:
  • null ...9200/_cluster/nodes ...9200/_cluster/health?pretty=true Java代码: Java版本: 问题已按以下方式解决。确保您的客户端和服务器版本是同步的!

  • 我的elasticsearch服务器运行时有索引,比如说服务器XX。XXX。XXX。XXX:9200。 我在服务器ES集群XX中有索引。XXX。XXX。XXX:9200,我正试图在本地主机5601(Kibana)中为其创建仪表盘 在我的kibana.yml我有这样的配置: 在弹性搜索中。yml我有这个配置: 但我在运行kibana时遇到了这个错误。yml: 连接ECONNREFUSED超文本传输协

  • 这是mysql连接php脚本。它不断地显示出它的错误 警告:mysqli_connect():(HY000/1045):用户'user'@'localhost'(使用密码:YES)在第6行的C:\xampp\htdocs\index.php访问被拒绝 注意:尝试在第7行连接成功的C:\xampp\htdocs\index.php中获取非对象的属性 我听不懂,请帮帮我好吗?

  • 首先,我知道有很多类似的问题,但我所看到的似乎都不能解决我的设置(我发现的任何解决方案都不管用)。所以请容忍我。。。 我的服务器主机名是IP地址,而不是域名(即URL看起来像:) 我的服务器有一个真正的证书(即,没有自签名) 我的应用程序的plist条目字典为空(没有任何例外-出厂设置ATS) 这是生产代码,我不能禁用ATS(我也不认为我可以,因为例外只适用于显式域名,而不是IP地址) (iOS9

  • 问题内容: 我正在尝试使用smack 4.1.0运行此代码 这给我一个错误: 并且,在本地openfire服务器中启用调试后,我收到以下消息: 我要去哪里错了? 问题答案: 根据与用户问题的讨论,AS位于XMPPTCPConnectionConfiguration中。默认情况下,Openfire中的端口5223是客户端SSL端口, 服务器>>服务器设置>>客户端连接 错误 org.jivesoft

  • 我在设置打开班次时遇到问题,并在连接到我的服务器域后收到以下错误: 我不确定这是在告诉我做什么。我尝试按字面意思使用指令,但它无法识别命令。 有什么想法吗?