【ElasticSearch Reindex重建索引】 骑猪看日落 2022-10-02 13:52 170阅读 0赞 **什么是Reindex?** 索引重建。 -------------------- **Reindex演进** 相比于[ES 6.1][],[ES 6.7][]的Reindex为跨集群的索引重建增加了一系列SSL相关的参数配置。这些参数必须被配置到elasticsearch.yml文件里,只能依靠重启集群来生效,因此不建议频繁修改这些参数。 -------------------- **问题描述** > 源集群和目标集群都是安全模式。在Reindex操作时,源集群的Hostname在目标集群认证不通过。 [root@189-39-172-103 mzh]#curl -XPOST --tlsv1.2 --negotiate -k -v -u : 'https://189.39.172.103:24100/_reindex?pretty' -H 'Content-Type: application/json' -d' {"source": {"remote": {"host":"https://189.120.205.16:24100","socket_timeout": "30s","connect_timeout": "30s"},"index":"index2"},"dest":{"index":"myindex-002"}}' * About to connect() to 189.39.172.103 port 24100 (#0) * Trying 189.39.172.103... connected * Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * NSS: client certificate not found (nickname not specified) * SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn * start date: Mar 28 03:39:00 2015 GMT * expire date: Mar 04 03:39:00 2114 GMT * common name: FusionInsight * issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn > POST /_reindex?pretty HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 189.39.172.103:24100 > Accept: */* > Content-Type: application/json > Content-Length: 160 > < HTTP/1.1 401 Unauthorized < WWW-Authenticate: Negotiate < Set-Cookie: es.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly < content-length: 59 < * Ignoring the response-body * Connection #0 to host 189.39.172.103 left intact * Issue another request to this URL: 'https://189.39.172.103:24100/_reindex?pretty' * Connection #0 seems to be dead! * Closing connection #0 * About to connect() to 189.39.172.103 port 24100 (#0) * Trying 189.39.172.103... connected * Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0) * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * NSS: client certificate not found (nickname not specified) * SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn * start date: Mar 28 03:39:00 2015 GMT * expire date: Mar 04 03:39:00 2114 GMT * common name: FusionInsight * issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn * Server auth using GSS-Negotiate with user '' > POST /_reindex?pretty HTTP/1.1 > Authorization: Negotiate YIICUgYJKoZIhvcSAQICAQBuggJBMIICPaADAgEFoQMCAQ6iBwMFAAAAAACjggFVYYIBUTCCAU2gAwIBBaEMGwpIQURPT1AuQ09NoiEwH6ADAgEDoRgwFhsESFRUUBsOMTg5LTM5LTE3Mi0xMDOjggET MIIBD6ADAgESoQMCAQGiggEBBIH+EJ3M8XMSlGk/5qpm08PHZo2HqOkvbP9PzUzX2a1AbxYxtlUThCTCqFXUUOP7E3Y+vU0TdGlP1jHvSDlp7VjxUNXP6Mge4V42KG2bbxGR+zbzoD5KroqQAaO85hDC44Wo+/ox+z7C6eV1dOx0EvA2aR5 VLCAFE78Qdc1VrFvATlDdDGmNMEihJ7IbRDwpTT6Tgj9sOEGUPy6A1v2742dF/sWzq5uURZDxbQ43uL6g+5UTtE2wjLV48Gj/GcdkXoiO9qOt4q5vUCUknUVQw99wiQDETCkjwPFkzxaV0uMmWUs/E2Rj3JkNmD0K+Yw2o0GOZWtyJ1pswF ofRf7LMEykgc4wgcugAwIBEqKBwwSBwFdk7bCaesL4UuMDaCtXZaomK2NHRg5HoJIu+UP3CxwQSRt6SANUX4mwUvO1OPrQ4XzKSxju2qGdIkHX9JJsF/vQPMPOkAyeuISS1zOpSR3oaFqhzP6OxNv1XAMcUzXZjrAu57niSvMBbq/ba6sTW vyerbwcIQJNFVrhx4s2UPXnz+2wrshFTdg7uysthgJx8NTCAWIKvuowlm9V3bsh4Ly5qFu/cQgfm8n3uf45pXMgfFQAaKWYJ9xk9CfQ5VGmSg== > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 189.39.172.103:24100 > Accept: */* > Content-Type: application/json > Content-Length: 160 > < HTTP/1.1 500 Internal Server Error < content-type: application/json; charset=UTF-8 < content-length: 540 < set-cookie: es.auth="u=eeesss&p=eeesss@HADOOP.COM&t=kerberos&e=1560643989717&s=H/UB5dPOZTInCjieCYThYWxmHPY="; Expires=Sun, 16-Jun-2019 00:13:09 GMT; HttpOnly < { "error" : { "root_cause" : [ { "type" : "s_s_l_peer_unverified_exception", "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)" } ], "type" : "s_s_l_peer_unverified_exception", "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)" }, "status" : 500 } * Connection #0 to host 189.39.172.103 left intact * Closing connection #0 -------------------- **问题解决** ![SSL认证模式][SSL] -------------------- **Reference** [ES 6.1 Reindex][ES 6.1] [ES 6.7 Reindex Configuring SSL parameters][ES 6.7] [ES 6.1]: https://www.elastic.co/guide/en/elasticsearch/reference/6.1/docs-reindex.html [ES 6.7]: https://www.elastic.co/guide/en/elasticsearch/reference/6.7/docs-reindex.html#reindex-ssl [SSL]: /images/20220112/f079b6a685ab44b39bba1c8879953b21.png
还没有评论,来说两句吧...