将elasticsearch 7.9.3与tls安全一起使用。我可以使用生成的ca证书通过python、curl和openssl连接到它。
# These work, but this is a fake domain name
openssl s_client -connect node0:9200 -CAfile /etc/elasticsearch/certs/ca.pem
curl --cacert /etc/elasticsearch/certs/ca.crt -u "elastic:$ELASTIC_PASS" 'https://node0.elastic.test.com:9200/_cat/health'
# Node / elasticdump is not happy
$ elasticdump --input=./account_mapping.json --output="https://elastic:$ELASTIC_PASS@node0.elastic.test.com:9200/account" --type=mapping
Thu, 19 Nov 2020 21:28:50 GMT | starting dump
Thu, 19 Nov 2020 21:28:50 GMT | got 1 objects from source file (offset: 0)
Thu, 19 Nov 2020 21:28:50 GMT | Error Emitted => unable to verify the first certificate
Thu, 19 Nov 2020 21:28:50 GMT | Error Emitted => unable to verify the first certificate
Thu, 19 Nov 2020 21:28:50 GMT | Total Writes: 0
Thu, 19 Nov 2020 21:28:50 GMT | dump ended with error (get phase) => Error: unable to verify the first certificate
$ npm config set cafile /etc/elasticsearch/certs/ca.pem
# same result
Thu, 19 Nov 2020 21:28:50 GMT | dump ended with error (get phase) => Error: unable to verify the first certificate
$ elasticdump --input=../account_mapping.json --output="https://elastic:$ELASTIC_PASS@node1.elastic.test.com:9200/account" --type=mapping --output-ca=/etc/elasticsearch/certs/ca.pem
# same result
其他帖子建议使用node\u tls\u reject\u unauthorized=0运行,但这并不能解决本例中的问题。
1条答案
按热度按时间nmpmafwu1#
如果您提供tlsauth并输出ca标志,它就可以工作。