%EC%97%90%20%EB%8D%B0%EC%9D%B4%ED%84%B0%EB%A5%BC%20%EC%97%85%EB%A1%9C%EB%93%9C%ED%95%98%EB%8A%94%20%EB%B0%A9%EB%B2%95.png)
ElasticSearch v6.2.4가 설치되어 있습니다. 완벽하게 작동했지만 최근에는 보안상의 이유로 설치했습니다.검색 가드ElasticSearch 클러스터에 TLS 및 인증 기능을 제공하는 플러그인입니다.
현재 SearchGuard의 데모 인증서가 설치된 노드가 1개뿐입니다.
Search Guard는 다음을 사용하여 데이터를 업로드해야 하는 경우를 제외하고는 지금까지 정말 잘 작동하고 있습니다.엑셀라스틱일부 인증서가 존재하지 않음 오류가 표시됩니다.
ES에 데이터를 업로드하려면 Excelastic에는 실행하기 전에 읽는 구성 파일이 있습니다. 여기에는 인증을 위한 사용자 이름과 비밀번호에 대한 정보가 포함되어 있습니다.
이 하나:-
{
"web_port": 7777,
"elastic_port": 9200,
"elastic_host": "localhost",
"elastic_tls": true,
"authentication": true,
"basic": "admin:admin"
}
다음은 ElasticSearch 로그 세부 정보입니다.
[2019-04-04T10:14:30,602][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [OCMpWyk] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[?:1.8.0_74]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:281) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_74]
Excelastic 로그 세부 정보는 다음과 같습니다.
Apr 04, 2019 10:14:30 AM io.vertx.core.http.impl.HttpClientRequestImpl
> SEVERE: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
> Apr 04, 2019 10:14:30 AM io.netty.channel.DefaultChannelPipeline onUnhandledInbo
> undException
> WARNING: An exceptionCaught() event was fired, and it reached at the tail of the
> pipeline. It usually means the last handler in the pipeline did not handle the
> exception.
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Ge
> neral SSLEngine problem
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageD
> ecoder.java:459)
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessage
> Decoder.java:265)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:348)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(Abstra
> ctChannelHandlerContext.java:340)
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(Defau
> ltChannelPipeline.java:1359)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:348)
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChanne
> lPipeline.java:935)
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(Abstra
> ctNioByteChannel.java:141)
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.jav
> a:645)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEve
> ntLoop.java:580)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.ja
> va:497)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThread
> EventExecutor.java:886)
> at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalR
> unnable.java:30)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.jav
> a:292)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1248)
> at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1
> 159)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1194)
> at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProte
> ction(ByteToMessageDecoder.java:489)
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageD
> ecoder.java:428)
> ... 16 more
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:140
> 8)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1316)
> ... 20 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
> d certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour
> ce)
> ... 29 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Sourc
> e)
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 35 more
누구든지 옵션을 제안할 수 있나요?
답변1
그래서 Search Guard 플러그인을 사용하여 ElasticSearch에서 TLS에 사용하고 있는 인증서가 내 JVM 신뢰 저장소에 없다는 것을 알아냈습니다. 그래서 excelastic jar 파일을 실행하면 이 오류가 표시됩니다.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
이 문제를 해결하려면:
먼저 Windows에서 keytool 명령줄 도구를 사용하여 신뢰 저장소를 만들었습니다.
$keytool -importcert -keystore mytruststore.jks -alias excelastictry -file servercert.pem
그런 다음 다음과 같이 excelastic.jar 파일을 실행하는 동안 런타임 중에 trustStore 경로를 제공했습니다.
$java -Djavax.net.ssl.trustStore="path/to/mytruststore.jks" -jar excelastic-1.2.7.jar
그리고 마침내 엑셀라스틱 웹포털에서 ES 버전을 확인하고 데이터를 업로드할 수 있게 되었습니다.