centos - 关于 es 的加入集群 token 中的 ip 地址不正确的问题?
es 配置文件部分如下
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 08-06-2023 05:49:38
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["dev01"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------使用 官方的命令生成 token
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node在新的节点安装并按照提示使用生成的 token 加入
[root@dev02 ~]# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token eyJ2ZXIiOiI4LjguMCIsImFkciI6WyIxNzIuMTcuMC4xOjkyMDAiXSwiZmdyIjoiMWNhYTZhZDFlNDRiNTc1NjQwZjBkZGQzMTA3MjY4ZDNmN2NkMWU4M2ZiZWI3MzNlZDg1Zjk1ZjRlYWJlY2RiMyIsImtleSI6IjF3bFFtb2dCZ0o1TldtVkNjSG5HOjJ5cXl5RUt5UVl1R2JKZXZ6SnV2MWcifQ==
warning: ignoring JAVA_HOME=/root/env/zulu8.70.0.23; using bundled JDK
This node will be reconfigured to join an existing cluster, using the enrollment token that you provided.
This operation will overwrite the existing configuration. Specifically:
- Security auto configuration will be removed from elasticsearch.yml
- The [certs] config directory will be removed
- Security auto configuration related secure settings will be removed from the elasticsearch.keystore
Do you want to continue with the reconfiguration process [y/N]y
Unable to communicate with the node on https://172.17.0.1:9200/_security/enroll/node. Error was Connection refused
ERROR: Aborting enrolling to cluster. Could not communicate with the node on any of the addresses from the enrollment token. All of [172.17.0.1:9200] were attempted.
[root@dev02 ~]# 这里的地址是 172.17.0.1:9200 是错误的,以下是 第一个节点的 ip 地址信息
[root@dev01 elasticsearch]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:68ff:fed3:2864 prefixlen 64 scopeid 0x20<link>
ether 02:42:68:d3:28:64 txqueuelen 0 (Ethernet)
RX packets 42898 bytes 32258634 (30.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61595 bytes 9578680 (9.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.220 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fef1:ce7c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:ce:7c txqueuelen 1000 (Ethernet)
RX packets 10941141 bytes 5562339556 (5.1 GiB)
RX errors 0 dropped 294 overruns 0 frame 0
TX packets 2141017 bytes 223001264 (212.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11693530 bytes 1546289852 (1.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11693530 bytes 1546289852 (1.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
不知道为什么 生成的 token 使用的是 docker0 的地址 不是我的 ens192 的地址。
尝试修改配置文件中的 transport.host 和 network.host 都无法改变 token 的地址。
感谢大佬的回答
共有2个答案
试试base64解码一下docker
{"ver":"8.8.0","adr":["172.17.0.1:9200"],"fgr":"1caa6ad1e44b575640f0ddd3107268d3f7cd1e83fbeb733ed85f95f4eabecdb3","key":"1wlQmogBgJ5NWmVCcHnG:2yqyyEKyQYuGbJevzJuv1g"}然后修改这里的IP为node的IP,再base64编码一下,最后用新的base64结果作为token添加加入。
1.临时禁用 Docker 网络接口,然后再生成 enrollment token。:
`
sudo ip link set docker0 down
`
然后再生成 enrollment token。完成后,重新启用 Docker 网络接口:
`
sudo ip link set docker0 up
`
在 Elasticsearch 的配置文件:
network.host: 192.168.0.220
transport.host: 192.168.0.220
然后重启 Elasticsearch 并再次生成 enrollment token。
-
null 当我尝试使用这些浮动IPs和标准公共IPs时,我遇到了问题。 在spark-master计算机上,主机名为spark-master,/etc/hosts类似于 对spark-env.sh所做的唯一更改是。如果我运行,我可以查看web UI。 您的主机名spark-master解析为环回地址:127.0.1.1;使用192.x.x.1代替(在接口eth0)16/05/12 15:05:33
-
我希望创建一个EMR集群,其中出于安全原因,没有为任何实例分配公共IP地址。我已经能够在我的VPC中启动集群,并使用我自己的自定义安全组,但由于某些原因,默认情况下所有节点都分配了一个公共IP地址。 我在EMR CLI文档中找不到有关如何禁用此功能的任何信息:http://docs.aws.amazon.com/ElasticMapReduce/latest/DeveloperGuide/emr-
-
金山云天津机房 tj-eco-vision.api.xiaomi.net
-
Region/Endpoint Region endpoint 中文名称 控制台名称 cnbj2 tj-eco-vision.api.xiaomi.net 金山云武清机房 金山云-北京6 上述集群支持HTTP和HTTPS两种协,用户如果没有安全性上的顾虑,建议使用HTTP协议,以减少系统开销。
-
我有一个用例,我想建立一个Kafka集群,最初我有1个Kafka Broker(A)和1个Zookeeper节点。以下是我的疑问: > 在向集群添加新的Kafka Broker(B)时。代理A上存在的所有数据都会自动分发吗?如果不是,我需要做的是分发数据。 不,让我们假设情况以某种方式解决了!我的数据分布在两个代理上。现在由于一些维护问题,我想关闭服务器B。 如何将经纪商B的数据传输到已经存在的经
-
我有kubernetes集群和pod,它们是集群IP类型。如果要运行集成测试ip:10.102.222.181或endpoint:10.244.0.157:80,10.249.5.243:80,则哪个ip是正确的ip