【ElasticSearch Reindex重建索引】

骑猪看日落 2022-10-02 13:52 170阅读 0赞

**什么是Reindex？**  
索引重建。

--------------------

**Reindex演进**  
相比于[ES 6.1][]，[ES 6.7][]的Reindex为跨集群的索引重建增加了一系列SSL相关的参数配置。这些参数必须被配置到elasticsearch.yml文件里，只能依靠重启集群来生效，因此不建议频繁修改这些参数。

--------------------

**问题描述**

> 源集群和目标集群都是安全模式。在Reindex操作时，源集群的Hostname在目标集群认证不通过。

[root@189-39-172-103 mzh]#curl -XPOST --tlsv1.2 --negotiate -k -v -u : 'https://189.39.172.103:24100/_reindex?pretty' -H 'Content-Type: application/json' -d' {"source": {"remote":                                                       {"host":"https://189.120.205.16:24100","socket_timeout": "30s","connect_timeout": "30s"},"index":"index2"},"dest":{"index":"myindex-002"}}'
    * About to connect() to 189.39.172.103 port 24100 (#0)
    *   Trying 189.39.172.103... connected
    * Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * warning: ignoring value of ssl.verifyhost
    * skipping SSL peer certificate verification
    * NSS: client certificate not found (nickname not specified)
    * SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
    *       start date: Mar 28 03:39:00 2015 GMT
    *       expire date: Mar 04 03:39:00 2114 GMT
    *       common name: FusionInsight
    *       issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
    > POST /_reindex?pretty HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: 189.39.172.103:24100
    > Accept: */*
    > Content-Type: application/json
    > Content-Length: 160
    >
    < HTTP/1.1 401 Unauthorized
    < WWW-Authenticate: Negotiate
    < Set-Cookie: es.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
    < content-length: 59
    <
    * Ignoring the response-body
    * Connection #0 to host 189.39.172.103 left intact
    * Issue another request to this URL: 'https://189.39.172.103:24100/_reindex?pretty'
    * Connection #0 seems to be dead!
    * Closing connection #0
    * About to connect() to 189.39.172.103 port 24100 (#0)
    *   Trying 189.39.172.103... connected
    * Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0)
    * warning: ignoring value of ssl.verifyhost
    * skipping SSL peer certificate verification
    * NSS: client certificate not found (nickname not specified)
    * SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
    *       start date: Mar 28 03:39:00 2015 GMT
    *       expire date: Mar 04 03:39:00 2114 GMT
    *       common name: FusionInsight
    *       issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
    * Server auth using GSS-Negotiate with user ''
    > POST /_reindex?pretty HTTP/1.1
    > Authorization: Negotiate YIICUgYJKoZIhvcSAQICAQBuggJBMIICPaADAgEFoQMCAQ6iBwMFAAAAAACjggFVYYIBUTCCAU2gAwIBBaEMGwpIQURPT1AuQ09NoiEwH6ADAgEDoRgwFhsESFRUUBsOMTg5LTM5LTE3Mi0xMDOjggET                                                       MIIBD6ADAgESoQMCAQGiggEBBIH+EJ3M8XMSlGk/5qpm08PHZo2HqOkvbP9PzUzX2a1AbxYxtlUThCTCqFXUUOP7E3Y+vU0TdGlP1jHvSDlp7VjxUNXP6Mge4V42KG2bbxGR+zbzoD5KroqQAaO85hDC44Wo+/ox+z7C6eV1dOx0EvA2aR5                                                       VLCAFE78Qdc1VrFvATlDdDGmNMEihJ7IbRDwpTT6Tgj9sOEGUPy6A1v2742dF/sWzq5uURZDxbQ43uL6g+5UTtE2wjLV48Gj/GcdkXoiO9qOt4q5vUCUknUVQw99wiQDETCkjwPFkzxaV0uMmWUs/E2Rj3JkNmD0K+Yw2o0GOZWtyJ1pswF                                                       ofRf7LMEykgc4wgcugAwIBEqKBwwSBwFdk7bCaesL4UuMDaCtXZaomK2NHRg5HoJIu+UP3CxwQSRt6SANUX4mwUvO1OPrQ4XzKSxju2qGdIkHX9JJsF/vQPMPOkAyeuISS1zOpSR3oaFqhzP6OxNv1XAMcUzXZjrAu57niSvMBbq/ba6sTW                                                       vyerbwcIQJNFVrhx4s2UPXnz+2wrshFTdg7uysthgJx8NTCAWIKvuowlm9V3bsh4Ly5qFu/cQgfm8n3uf45pXMgfFQAaKWYJ9xk9CfQ5VGmSg==
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: 189.39.172.103:24100
    > Accept: */*
    > Content-Type: application/json
    > Content-Length: 160
    >
    
    < HTTP/1.1 500 Internal Server Error
    < content-type: application/json; charset=UTF-8
    < content-length: 540
    < set-cookie: es.auth="u=eeesss&p=eeesss@HADOOP.COM&t=kerberos&e=1560643989717&s=H/UB5dPOZTInCjieCYThYWxmHPY="; Expires=Sun, 16-Jun-2019 00:13:09 GMT; HttpOnly
    <
    {
      "error" : {
        "root_cause" : [
          {
            "type" : "s_s_l_peer_unverified_exception",
            "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)"
          }
        ],
        "type" : "s_s_l_peer_unverified_exception",
        "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)"
      },
      "status" : 500
    }
    * Connection #0 to host 189.39.172.103 left intact
    * Closing connection #0

--------------------

**问题解决**  
![SSL认证模式][SSL]

--------------------

**Reference**  
[ES 6.1 Reindex][ES 6.1]  
[ES 6.7 Reindex Configuring SSL parameters][ES 6.7]

[ES 6.1]: https://www.elastic.co/guide/en/elasticsearch/reference/6.1/docs-reindex.html
[ES 6.7]: https://www.elastic.co/guide/en/elasticsearch/reference/6.7/docs-reindex.html#reindex-ssl
[SSL]: /images/20220112/f079b6a685ab44b39bba1c8879953b21.png

【ElasticSearch Reindex重建索引】

发表评论取消回复

还没有评论，来说两句吧...

相关阅读