1. 首頁
  2. 問答
  3. Elasticsearch EC2發現失敗,出現「無效憑據」

Elasticsearch EC2發現失敗,出現「無效憑據」

2014-03-03 29 views
4

我試圖在EC2上創建一個Elasticsearch集羣並獲取我提供的無效憑證的錯誤,但這些都與我通過jclouds創建實例時使用的憑據完全相同。Elasticsearch EC2發現失敗,出現「無效憑據」

從Elasticsearch樣本錯誤日誌我看到:

[2014-03-03 21:32:26,109][INFO ][node      ] [Baron Blood] version[1.0.1], pid[6832], build[5c03844/2014-02-25T15:52:53Z] 
[2014-03-03 21:32:26,110][INFO ][node      ] [Baron Blood] initializing ... 
[2014-03-03 21:32:26,127][INFO ][plugins     ] [Baron Blood] loaded [cloud-aws], sites [] 
[2014-03-03 21:32:30,736][INFO ][node      ] [Baron Blood] initialized 
[2014-03-03 21:32:30,736][INFO ][node      ] [Baron Blood] starting ... 
[2014-03-03 21:32:30,932][INFO ][transport    ] [Baron Blood] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/10.154.175.62:9300]} 
[2014-03-03 21:32:31,228][WARN ][org.apache.http.impl.client.DefaultHttpClient] Authentication error: Unable to respond to any of these challenges: {} 
[2014-03-03 21:32:31,388][INFO ][discovery.ec2   ] [Baron Blood] Exception while retrieving instance list from AWS API: AWS was not able to validate the provided access credentials 
[2014-03-03 21:32:46,415][WARN ][org.apache.http.impl.client.DefaultHttpClient] Authentication error: Unable to respond to any of these challenges: {} 
[2014-03-03 21:32:46,425][INFO ][discovery.ec2   ] [Baron Blood] Exception while retrieving instance list from AWS API: AWS was not able to validate the provided access credentials 
[2014-03-03 21:33:00,939][WARN ][discovery    ] [Baron Blood] waited for 30s and no initial state was set by the discovery 
[2014-03-03 21:33:00,939][INFO ][discovery    ] [Baron Blood] adstage-es-log/KolEM00zT9mYvYn3mDkrow 
[2014-03-03 21:33:00,946][INFO ][http      ] [Baron Blood] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/10.154.175.62:9200]} 
[2014-03-03 21:33:00,998][INFO ][node      ] [Baron Blood] started 
[2014-03-03 21:33:01,454][WARN ][org.apache.http.impl.client.DefaultHttpClient] Authentication error: Unable to respond to any of these challenges: {} 
[2014-03-03 21:33:01,463][INFO ][discovery.ec2   ] [Baron Blood] Exception while retrieving instance list from AWS API: AWS was not able to validate the provided access credentials 
[2014-03-03 21:33:01,466][INFO ][cluster.service   ] [Baron Blood] new_master [Baron Blood][KolEM00zT9mYvYn3mDkrow][ip-10-154-175-62][inet[/10.154.175.62:9300]], reason: zen-disco-join (elected_as_master) 
[2014-03-03 21:33:01,516][INFO ][gateway     ] [Baron Blood] recovered [0] indices into cluster_state

我elasticsearch.yml文件看來,基於文檔,是正確的:

cluster.name: adstage-es-log 
cloud.aws.access_key: MY_ACCESS_KEY 
cloud.aws.secret_key: MY_SECRET_TOKEN 
cloud.aws.region: us-east 
discovery.type: ec2 
discovery.ec2.ping_timeout: 30s

此外,因爲有人會問,安全團隊在這些箱子上全面開放。使用Elasticsearch 1.0.1和ec2插件2.0.0.RC1。

到目前爲止,我還沒有發現任何可能導致這種情況的信息。關於如何解決這個問題的任何想法?

來源

2014-03-03 G Gordon Worley III

回答

6

原來的問題是,自從我們使用IAM以來,我的AWS賬戶設置了不正確的權限。能夠通過確保讓過去這個問題我考慮了以下權限:

  • EC2:DescribeAvailabilityZones
  • EC2:DescribeInstances
  • EC2:DescribeRegions
  • EC2:DescribeSecurityGroups
  • EC2:DescribeTags

來源

2014-03-04 01:08:16

1

要給Gordon的有用答案添加一個具體的例子,下面是一個工作的IAM權限策略:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Action": "ec2:Describe*", 
     "Resource": "*" 
    } 
    ] 
}

來源

2014-06-04 18:05:55

6

這是它作爲一個政策準備複製粘貼&:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Sid": "Stmt1404060922000", 
     "Effect": "Allow", 
     "Action": [ 
     "ec2:DescribeAvailabilityZones", 
     "ec2:DescribeInstances", 
     "ec2:DescribeRegions", 
     "ec2:DescribeSecurityGroups", 
     "ec2:DescribeTags" 
     ], 
     "Resource": [ 
     "*" 
     ] 
    } 
    ] 
}

來源

2014-06-29 17:01:12

相關問題

 相關問題