问题描述
我设置了 AWS Elastic 服务域,我正在尝试通过 Logstash 将一些数据从 ec2 实例推送到 AWS elasticservice。
我已经使用 Open access policy - Allow all traffic 设置了 AWS ES 域。我还启用了 Fine Grained Control 并设置了 master user 帐户以访问 AWS ES 服务。
使用 Kibana 或常规 cURL 调用一切正常,但 logstash 失败,请求发送到 https://<my_es_hostname>/_license,响应为 401。
我无法弄清楚为什么会发生此呼叫。当我尝试在浏览器中点击这个时,我得到 {"Message":"Your request: '/_license' is not allowed."}
这是我从 logstash 得到的示例日志:
[INFO ] 2021-06-02 11:40:18.858 [[main]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch",:hosts=>["https://<host-name-partxxxx>.us-east-2.es.amazonaws.com:443"]}
[INFO ] 2021-06-02 11:40:19.902 [[main]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[],:added=>[https://<username>:<password>@<host-name-partxxxx>.us-east-2.es.amazonaws.com:443/]}}
[WARN ] 2021-06-02 11:40:20.760 [[main]-pipeline-manager] elasticsearch - Restored connection to ES instance {:url=>"https://<username>:<password>@<host-name-partxxxx>.us-east-2.es.amazonaws.com:443/"}
[INFO ] 2021-06-02 11:40:21.371 [[main]-pipeline-manager] elasticsearch - Elasticsearch version determined (7.10.2) {:es_version=>7}
[WARN ] 2021-06-02 11:40:21.380 [[main]-pipeline-manager] elasticsearch - Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[ERROR] 2021-06-02 11:40:21.443 [[main]-pipeline-manager] elasticsearch - Unable to get license information {:url=>"https://<username>:<password>@<host-name-partxxxx>.us-east-2.es.amazonaws.com:443/",:exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,:message=>"Got response code '401' contacting Elasticsearch at URL 'https://<host-name-partxxxx>.us-east-2.es.amazonaws.com:443/_license'"}
[ERROR] 2021-06-02 11:40:21.449 [[main]-pipeline-manager] elasticsearch - Could not connect to a compatible version of Elasticsearch {:url=>"https://<username>:<password>@<host-name-partxxxx>.us-east-2.es.amazonaws.com:443/"}
这是我的logstash配置:
input {
jdbc {
jdbc_driver_class => "org.postgresql.Driver"
jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/postgresql-42.2.20.jar"
...
<other properties to fetch data>
}
}
output {
elasticsearch {
hosts => ["https://<host-name-partxxxx>.us-east-2.es.amazonaws.com:443"]
user => "username"
password => "password"
ilm_enabled => false
index => "my_index"
document_id => "%{id}"
doc_as_upsert => true
}
}
解决方法
问题在于 Logstash Elasticsearch 输出插件试图验证 URL <hostname>/_license 上的许可证。
有关报告的问题/修复,请参阅 LS should always perform ES license check · Issue #1004 · logstash-plugins/logstash-output-elasticsearch。
当该修复发布时,您可以按照以下步骤使其正常工作:
- 前往
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch - 打开文件
license_checker.rb-> 根据上述 github 问题中建议的修复更改方法appropriate_license。在appropriate_license()设置的情况下,使方法OSS返回 true。