docker - Elastic with Kibana on docker 让 Kibana 服务器还没有准备好
问题描述
我有 Elastic & Kibana,上周它突然停止处理错误Kibana server is not ready yet
。我在谷歌上看到了很多关于这个问题的帖子。尝试了这一切,完全没有运气。我可以在 kibana 日志中看到以下错误:
License information could not be obtained from Elasticsearch due to Error: Error: certificate has expired error"}
{"type":"log","@timestamp":"2020-05-31T13:45:24Z","tags":["info","monitoring","kibana-monitoring"],"pid":6,"message":"Monitoring status upload endpoint is not enabled in Elasticsearch:Monitoring stats collection is stopped"}
{"type":"log","@timestamp":"2020-05-31T13:45:54Z","tags":["error","elasticsearch","data"],"pid":6,"message":"Request error, retrying\nGET https://el.mydomain.io:9200/_xpack => certificate has expired"}
我检查了证书。它没有过期。它将于明年二月到期。知道发生了什么吗?
更新 #1:添加了 docker-compose.yml
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION}
container_name: el.mydomain.io
environment:
- node.name=el.mydomain.io
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=trial # <1>
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true # <2>
- xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.enabled=true # <3>
- xpack.security.transport.ssl.verification_mode=certificate # <4>
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data01:/usr/share/elasticsearch/data
- /home/user11/SSL-Certs/:$CERTS_DIR
ports:
- 9200:9200
networks:
- elastic
healthcheck:
test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://el.mydomain.io:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
kib01:
image: docker.elastic.co/kibana/kibana:${VERSION}
container_name: kib.mydomain.io
depends_on: {"es01": {"condition": "service_healthy"}}
ports:
- 443:5601
environment:
SERVERNAME: kib.mydomain.io
SERVER.HOST: kib.mydomain.io
ELASTICSEARCH_URL: https://el.mydomain.io:9200
ELASTICSEARCH_HOSTS: https://el.mydomain.io:9200
ELASTICSEARCH_USERNAME: kibana
ELASTICSEARCH_PASSWORD: Mypassword
ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: $CERTS_DIR/ca/ca.crt
SERVER_SSL_ENABLED: "true"
SERVER_SSL_KEY: $CERTS_DIR/kib01/kib01.key
SERVER_SSL_CERTIFICATE: $CERTS_DIR/kib01/kib01.crt
volumes:
- /home/user11/SSL-Certs/:$CERTS_DIR
networks:
- elastic
volumes:
data01:
driver: local
#certs:
#driver: local
networks:
elastic:
driver: bridge
更新 #2:证书输出:
C:\Temp>openssl verify -CAfile ca.crt es01.crt
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
error 10 at 3 depth lookup: certificate has expired
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 10 at 2 depth lookup: certificate has expired
error es01.crt: verification failed
C:\Temp>openssl verify -CAfile ca.crt kib01.crt
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
error 10 at 3 depth lookup: certificate has expired
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 10 at 2 depth lookup: certificate has expired
error kib01.crt: verification failed
C:\Temp>openssl x509 -noout -in es01.crt -dates
notBefore=Jan 2 00:00:00 2020 GMT
notAfter=Jan 1 23:59:59 2021 GMT
C:\Temp>openssl x509 -noout -in kib01.crt -dates
notBefore=Jan 2 00:00:00 2020 GMT
notAfter=Jan 1 23:59:59 2021 GMT
C:\Temp>openssl x509 -noout -in ca.crt -dates
notBefore=Nov 2 00:00:00 2018 GMT
notAfter=Dec 31 23:59:59 2030 GMT
解决方案
查看您的错误消息的这一部分
{"type":"log","@timestamp":"2020-05-31T13:45:54Z","tags":["error","elasticsearch","data"],"pid":6,"message":"Request error, retrying\nGET https://el.mydomain.io:9200/_xpack => certificate has expired"}
看起来您的 x-pack 许可证已过期,这可能会导致此问题,您能否解决此问题或删除 x-pack 并重试。
推荐阅读
- function - 定义一个 XLISP 函数 rev-rest,它反转除了列表的第一个元素之外的所有元素
- javascript - 将工作函数插入 setTimeout 调用时发生 TypeError
- c# - Debug.Log 在 Unity 中被延迟
- c - 我如何一起使用 enum 和 argv?
- php - 转换为 mysqli,现在我的图表不会在 HighCharts 上绘制
- python - 使用 CSV 和文本文件中的 python 插入 SQL Server 表
- angular - 获取视频 URI 并将其上传到 back4app 后,我无法观看视频
- winapi - MmMapLockedPages 在 UserMode 中有什么作用?
- javascript - javascript如何强制硬刷新当前页面
- pandas - 如何根据每天同一时间的日期时间索引删除行或更改值?