Not yet initialized (you may need to run securityadmin)

最新推荐文章于 2024-08-11 21:52:12 发布

我是要成为大神的男人

最新推荐文章于 2024-08-11 21:52:12 发布

阅读量3.6k

点赞数 1

分类专栏： kubernetes 运维文章标签： 1024程序员节 kubernetes elasticsearch

本文链接：https://blog.csdn.net/u012140251/article/details/120939043

版权

文章目录

错误详情
解决方案
错误原因
- 1 你能不能把 OpenSearch 放在你现有的索引上?
- 2 在现有系统上设置OpenSearch安全性
参考文献

错误详情

集群中使用 Open Distro for Elasticsearch 发行版。

当之前在这个环境上使用过，再次安装的时候，可能是之前 es 挂载的数据没清干净，别的 pod 在连该 es 的 client 的时候，就会报错 CrashLoopBackOff。查看日志说 es 健康检查出错，连不上。

查看 es-client pod 的日志，发现报错如下：

[2021-08-12T02:34:21,855][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:21,857][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,354][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,355][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,356][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),

解决方案

使用 kubectl exec 命令进入 es client 的 Pod 里，如：

kubectl exec -it -n default opendistro-es-client -- bash

在容器中，执行命令找到 securityadmin.sh 脚本：

find / -name securityadmin.sh

执行 securityadmin.sh 脚本：

./securityadmin.sh -cd ../securityconfig/ -icl -nhnv \
   -cacert ../../../config/root-ca.pem \
   -cert ../../../config/kirk.pem \
   -key ../../../config/kirk-key.pem

运行结果：

Open Distro Security Admin v7
Will connect to localhost:9300 ... done
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Elasticsearch Version: 7.10.2
Open Distro Security Version: 1.13.1.0
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: elasticsearch
Clusterstate: GREEN
Number of nodes: 3
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
Will update '_doc/config' with ../securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with ../securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with ../securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with ../securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with ../securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with ../securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with ../securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with ../securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with ../securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success

查看 pod 状态，已经正常 running 了。

错误原因

—— 翻译自 https://www.electricbrain.com.au/pages/analytics/opensearch-vs-elasticsearch.php

1 你能不能把 OpenSearch 放在你现有的索引上?

这简直是个地狱！下图是直接在 ElectricBrain 的太阳能分析系统的 ElasticSearch 索引上加载OpenSearch的结果。
在这里插入图片描述
有几个额外的步骤来让新的安全东西运行，但当结合上面的步骤在摄入方面，我们得到了一个完整的可行的解决方案与所有额外的功能。而且是完全可再发布和可 saas 化的。

文档中出现的第一件事是“你需要转换 config.yml 中的设置到 OpenSearch”。当然，关于这样一个过程的文档很少，我想这在早期发布的情况下是可以预料到的。

然后，一旦您弄清楚了这些参数及其名称，那么旧的 Java 虚拟机选项就不再工作了。从官方镜像中复制过来的演示集覆盖到原来的 ElasticSearch 配置之上。

于是Opensearch亮了起来!不过，还需要最后一步。由于OpenSearch内置了安全功能，而ElasticSearch-OSS 没有(因为它是 X-Pak 的付费选项)，因此您的现有数据中没有任何需要的索引。

[2021-08-12T02:34:21,855][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:21,857][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,354][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,355][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,356][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:24,356][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:26,854][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:26,855][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:26,856][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:26,856][ERROR][o.o.s.a.BackendRegistry  ] [opensearch-node1] Not yet initialized (you may need to run securityadmin),
[2021-08-12T02:34:27,259][WARN ][o.o.s.c.ConfigurationLoaderSecurity7] [opensearch-node1] No data for internalusers while retrieving configuration for [INTERNALUSERS,
 ACTIONGROUPS,
 CONFIG,
 ROLES,
 ROLESMAPPING,
 TENANTS,
 NODESDN,
 WHITELIST,
 AUDIT]  (index=.opendistro_security and type=null),
[2021-08-12T02:34:27,259][WARN ][o.o.s.c.ConfigurationLoaderSecurity7] [opensearch-node1] No data for actiongroups while retrieving configuration for [INTERNALUSERS,
 ACTIONGROUPS,
 CONFIG,
 ROLES,
 ROLESMAPPING,
 TENANTS,
 NODESDN,
 WHITELIST,
 AUDIT]  (index=.opendistro_security and type=null),