【ElasticSearch Reindex重建索引】

什么是Reindex?
索引重建。


Reindex演进
相比于ES 6.1,ES 6.7的Reindex为跨集群的索引重建增加了一系列SSL相关的参数配置。这些参数必须被配置到elasticsearch.yml文件里,只能依靠重启集群来生效,因此不建议频繁修改这些参数。


问题描述

源集群和目标集群都是安全模式。在Reindex操作时,源集群的Hostname在目标集群认证不通过。

[root@189-39-172-103 mzh]#curl -XPOST --tlsv1.2 --negotiate -k -v -u : 'https://189.39.172.103:24100/_reindex?pretty' -H 'Content-Type: application/json' -d' {"source": {"remote":                                                       {"host":"https://189.120.205.16:24100","socket_timeout": "30s","connect_timeout": "30s"},"index":"index2"},"dest":{"index":"myindex-002"}}'
* About to connect() to 189.39.172.103 port 24100 (#0)
*   Trying 189.39.172.103... connected
* Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
*       start date: Mar 28 03:39:00 2015 GMT
*       expire date: Mar 04 03:39:00 2114 GMT
*       common name: FusionInsight
*       issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
> POST /_reindex?pretty HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 189.39.172.103:24100
> Accept: */*
> Content-Type: application/json
> Content-Length: 160
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Negotiate
< Set-Cookie: es.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
< content-length: 59
<
* Ignoring the response-body
* Connection #0 to host 189.39.172.103 left intact
* Issue another request to this URL: 'https://189.39.172.103:24100/_reindex?pretty'
* Connection #0 seems to be dead!
* Closing connection #0
* About to connect() to 189.39.172.103 port 24100 (#0)
*   Trying 189.39.172.103... connected
* Connected to 189.39.172.103 (189.39.172.103) port 24100 (#0)
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=FusionInsight,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
*       start date: Mar 28 03:39:00 2015 GMT
*       expire date: Mar 04 03:39:00 2114 GMT
*       common name: FusionInsight
*       issuer: CN=huawei,OU=huawei,O=huawei,L=shenzhen,ST=guangdong,C=cn
* Server auth using GSS-Negotiate with user ''
> POST /_reindex?pretty HTTP/1.1
> Authorization: Negotiate YIICUgYJKoZIhvcSAQICAQBuggJBMIICPaADAgEFoQMCAQ6iBwMFAAAAAACjggFVYYIBUTCCAU2gAwIBBaEMGwpIQURPT1AuQ09NoiEwH6ADAgEDoRgwFhsESFRUUBsOMTg5LTM5LTE3Mi0xMDOjggET                                                       MIIBD6ADAgESoQMCAQGiggEBBIH+EJ3M8XMSlGk/5qpm08PHZo2HqOkvbP9PzUzX2a1AbxYxtlUThCTCqFXUUOP7E3Y+vU0TdGlP1jHvSDlp7VjxUNXP6Mge4V42KG2bbxGR+zbzoD5KroqQAaO85hDC44Wo+/ox+z7C6eV1dOx0EvA2aR5                                                       VLCAFE78Qdc1VrFvATlDdDGmNMEihJ7IbRDwpTT6Tgj9sOEGUPy6A1v2742dF/sWzq5uURZDxbQ43uL6g+5UTtE2wjLV48Gj/GcdkXoiO9qOt4q5vUCUknUVQw99wiQDETCkjwPFkzxaV0uMmWUs/E2Rj3JkNmD0K+Yw2o0GOZWtyJ1pswF                                                       ofRf7LMEykgc4wgcugAwIBEqKBwwSBwFdk7bCaesL4UuMDaCtXZaomK2NHRg5HoJIu+UP3CxwQSRt6SANUX4mwUvO1OPrQ4XzKSxju2qGdIkHX9JJsF/vQPMPOkAyeuISS1zOpSR3oaFqhzP6OxNv1XAMcUzXZjrAu57niSvMBbq/ba6sTW                                                       vyerbwcIQJNFVrhx4s2UPXnz+2wrshFTdg7uysthgJx8NTCAWIKvuowlm9V3bsh4Ly5qFu/cQgfm8n3uf45pXMgfFQAaKWYJ9xk9CfQ5VGmSg==
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 189.39.172.103:24100
> Accept: */*
> Content-Type: application/json
> Content-Length: 160
>

< HTTP/1.1 500 Internal Server Error
< content-type: application/json; charset=UTF-8
< content-length: 540
< set-cookie: es.auth="[email protected]&t=kerberos&e=1560643989717&s=H/UB5dPOZTInCjieCYThYWxmHPY="; Expires=Sun, 16-Jun-2019 00:13:09 GMT; HttpOnly
<
{
  "error" : {
    "root_cause" : [
      {
        "type" : "s_s_l_peer_unverified_exception",
        "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)"
      }
    ],
    "type" : "s_s_l_peer_unverified_exception",
    "reason" : "Host name '189.120.205.16' does not match the certificate subject provided by the peer (CN=FusionInsight, OU=huawei, O=huawei, L=shenzhen, ST=guangdong, C=cn)"
  },
  "status" : 500
}
* Connection #0 to host 189.39.172.103 left intact
* Closing connection #0

问题解决
【ElasticSearch Reindex重建索引】_第1张图片


Reference
ES 6.1 Reindex
ES 6.7 Reindex Configuring SSL parameters

你可能感兴趣的:(Elasticsearch)