转载说明:如果您喜欢这篇文章并打算转载它,请私信作者取得授权。感谢您喜爱本文,请文明转载,谢谢。
最近因为某些原因,需要将ES升级到8.7.1版本。之前用的ES版本比较老了,这次部署新版本ES,发现变化蛮大的,一小心又踩了一些坑,还给自己挖了一些坑......
1.java版本不符合需求,es启动失败
报错内容:
[2023-05-12T16:52:24,895][ERROR][o.e.b.Elasticsearch ] [es-03] fatal exception while booting Elasticsearch
java.nio.file.NoSuchFileException: /opt/jdk-11/jre/lib/rt.jar
原因及解决:
因为本机部署因有9.4.0版本的skywalking,就使用了jdk-11,而jdk-11没有jre/lib/rt.jar文件。
修改elasticsearch-env,大约在35行的位置,指定ES_JAVA_HOME的路径,使用es自带的jdkES_JAVA_HOME="/home/elasticsearch-8.7.1/jdk/"
ES_JAVA_HOME="/home/elasticsearch-8.7.1/jdk/" ##新加内容
# now set the path to java
if [ ! -z "$ES_JAVA_HOME" ]; then
JAVA="$ES_JAVA_HOME/bin/java"
JAVA_TYPE="ES_JAVA_HOME"
if [ ! -x "$JAVA" ]; then
echo "could not find java in $JAVA_TYPE at $JAVA" >&2
exit 1
fi
2.未配置安全机制参数,es启动失败
报错内容:
[2023-05-12T10:47:23,633][ERROR][o.e.b.Elasticsearch ] [es-01] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elas
ticsearch.
bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.securi
ty.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
原因及解决:
原因是新版的es默认开启了xpack安全机制,也就是xpack.security.enabled参数默认值是true,配置文件elasticsearch.yml需要加以下几行参数:
xpack.security.enabled: true #默认的
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key:
xpack.security.transport.ssl.certificate:
或者如果只是测试需要的es,可以关闭xpack,即在配置文件elasticsearch.yml添加:
xpack.security.enabled: false
3.配置文件错误,ssl证书创建失败
报错内容:
Exception in thread "main" org.elasticsearch.ElasticsearchParseException: null-valued setting found for key [xpack.security.transport.ssl.keystore.path] found at line number [97], column number [44]
原因及解决:
原因:因为在测试的时候修改了配置文件,添加了下面几行配置,但是因为还没创建证书,就还没配置值,然后就把文件保存了。把这2行先注释掉再创建证书就可以了。
xpack.security.transport.ssl.key:
xpack.security.transport.ssl.certificate:
4.ssl证书路径未配置,es启动失败
报错内容:
[2023-05-12T11:04:02,910][ERROR][o.e.b.Elasticsearch ] [es-01] fatal exception while booting Elasticsearch
org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - ser
ver ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
原因及解决:
在配置文件elasticsearch.yml中只设置了xpack.security.enabled: true,xpack.security.transport.ssl.enabled: true,没有设置ssl证书路径参数:
xpack.security.transport.ssl.key:/home/elasticsearch-8.7.1/cert/ca/ca.key
xpack.security.transport.ssl.certificate:/home/elasticsearch-8.7.1/cert/ca/ca.crt
5.ssl证书配置冲突,es启动失败
报错内容:
[2023-05-13T19:24:36,732][ERROR][o.e.b.Elasticsearch ] [es-03] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot specify both [certificate] and [keystore.path]
原因及解决:
原因:在遇到错误④的时候看日志看花了眼,在配置文件elasticsearch.yaml中同时设置了下边4个参数:
xpack.security.transport.ssl.verification_mode:
xpack.security.transport.ssl.keystore.path: ##应该不要这行
xpack.security.transport.ssl.key:
xpack.security.transport.ssl.certificate:
其中xpack.security.transport.ssl.keystore.path参数是java库文件,不该配置在这里,注释掉就好了。
6.集群某个节点的cluster name配置不一致,集群报错
报错内容:
[2023-05-12T11:25:26,522][INFO ][o.e.c.c.ClusterBootstrapService] [es-03] this node has not joined a bootstrapped cluster yet; [cluster.initial_master_nodes] is set to [es-01, es-02, es-03] [2023-05-12T11:25:26,561][WARN ][o.e.d.HandshakingTransportAddressConnector] [es-03] handshake to [10.0.0.102:9300] failed java.lang.IllegalStateException: handshake with [{10.0.0.102:9300}{LAkbd2oVTteBkzcY1aeaTA}{es-02}{10.0.0.102:9300}{7.17.0}] failed: remote cluster name [sreest] does not match local cluster name [sretest]
原因及解决:
原因:elk-02的clustername 配置错误,少写了个t
还有一些之前踩的坑,有兴趣的朋友可阅读我之前梳理的博文:总结—elasticsearch启动失败的几种情况及解决