Hello.
I use:
X-Pack 5.5.1; Elastic 5.5.1; Kibana 5.5; Logstash 5.5
Configurations:
- master:
xpack.monitoring.enabled: true
xpack.ssl.key: /etc/elasticsearch/logstashtest.key
xpack.ssl.certificate: /etc/elasticsearch/logstashtest.crt
xpack.ssl.certificate_authorities: ["/etc/elasticsearch/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
cluster.name: itisagooddaytodie
node.name: logstashtest
node.master: true
node.data: true
node.ingest: false
node.ml: false
xpack.ml.enabled: true
network.host: 0.0.0.0
network.publish_host: logstashtest
transport.tcp.port: 9300
http.port: 9200
discovery.zen.ping.unicast.hosts: ["logstashtest", "elastic3.rsw.msk"]
discovery.zen.minimum_master_nodes: 1
2.slave:
xpack.monitoring.enabled: true
xpack.ssl.key: /etc/elasticsearch/elastic3.key
xpack.ssl.certificate: /etc/elasticsearch/elastic3.crt
xpack.ssl.certificate_authorities: ["/etc/elasticsearch/ca.crt"]
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
cluster.name: itisagooddaytodie
node.name: elastic3
node.master: false
node.data: true
node.ingest: false
node.ml: false
network.host: 0.0.0.0
network.publish_host: elastic3.rsw.msk
transport.tcp.port: 9300
http.port: 9200
discovery.zen.ping.unicast.hosts: ["logstashtest"]
If you try to link multiple hosts to the cluster, you receive an error:
https://elastic3.rsw.msk:9200/_cluster/health?pretty ->
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}
log error:
[2017-09-21T13:11:59,442][WARN ][o.e.d.z.ZenDiscovery ] [elastic3] not enough master nodes discovered during pinging (found [[]], but needed [-1]), pinging again
[2017-09-21T13:11:59,494][WARN ][o.e.x.s.t.n.SecurityNetty4Transport] [elastic3] exception caught on transport layer [[id: 0x05e55112, L:0.0.0.0/0.0.0.0:59552 ! R:/192.168.10.144:9300]], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.11.Final.jar:4.1.11.Final]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
...
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
....
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
... 15 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:145) ~[?:?]
.....
It turns out that the error is due to the fact that the SSL on port 9300 costs, how can I solve this problem?
xpack.security.transport.ssl.enabled: false - did not help = (
Please, help!)