查询ES数据的常用的客户端工具:
1. Kibana
2. cerebro [https://github.com/lmenezes/cerebro,最近更新为2021年]
3. elasticsearch-head [https://github.com/mobz/elasticsearch-head,最近的更新为2018年]
问题:cerebro无法连接开启了xpack.security.http.ssl.enabled选项的elasticsearch
为了数据传输的安全性,我们一般会通过开启xpack.security.http.ssl.enabled选项,使通过http方式访问ES数据的传输是加密且相对安全的。
这时通过Cerebro访问ES集群时就会报下面的错误:
Error connecting to [https://x.x.x.x:port]
查看Cerebro的日志文件,部分报错信息如下:
[error] p.a.h.DefaultHttpErrorHandler -
! @86d7dgkg3 - Internal server error, for (POST) [/connect] ->
play.api.UnexpectedException: Unexpected exception[ConnectException: General SSLEngine problem]
at play.api.http.HttpErrorHandlerExceptions$.throwableToUsefulException(HttpErrorHandler.scala:331)
at play.api.http.DefaultHttpErrorHandler.onServerError(HttpErrorHandler.scala:253)
at play.core.server.AkkaHttpServer$$anonfun$2.applyOrElse(AkkaHttpServer.scala:424)
at play.core.server.AkkaHttpServer$$anonfun$2.applyOrElse(AkkaHttpServer.scala:420)
at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
Caused by: java.net.ConnectException: General SSLEngine problem
at play.shaded.ahc.org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:179)
at play.shaded.ahc.org.asynchttpclient.netty.channel.NettyConnectListener$1.onFailure(NettyConnectListener.java:151)
at play.shaded.ahc.org.asynchttpclient.netty.SimpleFutureListener.operationComplete(SimpleFutureListener.java:26)
at play.shaded.ahc.io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:577)
at play.shaded.ahc.io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:570)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
解决方法:
在cerebro的配置文件application.conf中添加如下配置信息即可解决:
hosts = [
{
host = "https://xx.xx.xx.xx:port" #指定ES集群中的任意节点的IP和端口,注意协议是https
name = "myes" #自定义,会展示在Cerebro登录页面的Known clusters列表中
auth = {
username = "username" #指定查询ES数据的用户名,该用户就是通过elasticsearch-setup-passwords interactive命令产生的用户
password = "password" #指定查询ES数据的密码
}
}
]
play.ws.ssl {
trustManager = {
stores = [
{ type = "PEM", path = "/xx/cerebro-0.9.4/conf/xx.pem" } #指定证书文件,该证书文件同Kibana中参数elasticsearch.ssl.certificateAuthorities指定的证书文件为同一个,从kibana中拷贝一个即可
]
}
}
play.ws.ssl.loose.acceptAnyCertificate=true