文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >使用Google PubSub输入插件的Logstash“错误:证书验证失败”

使用Google PubSub输入插件的Logstash“错误:证书验证失败”
EN

Stack Overflow用户
提问于 2017-10-27 12:03:52
回答 1查看 1.3K关注 0票数 1

我很难让Google PubSub插件工作,我遵循了所有的设置步骤(创建一个主题,创建一个专门的服务帐户等等)。我的配置如下所示:

代码语言:javascript
复制
input {
   google_pubsub {
       project_id => "secret"
       topic => "fw-services-logs"
       subscription => "fw-logstash-sub"
       json_key_file => "/usr/share/logstash/service_account_key.json"
   }
}

output { stdout { codec => rubydebug } }


# Works:
# input { stdin { } }
# output { stdout { codec => rubydebug } }

但是,当我构建和运行它时,我得到了以下输出:

代码语言:javascript
复制
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2017-10-27T11:39:46,455][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2017-10-27T11:39:46,462][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2017-10-27T11:39:46,694][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"arcsight", :directory=>"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/x-pack-5.6.3-java/modules/arcsight/configuration"}
[2017-10-27T11:39:46,714][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[2017-10-27T11:39:46,720][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[2017-10-27T11:39:46,795][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"a144c8d2-12a9-4a15-a629-59910dda9295", :path=>"/usr/share/logstash/data/uuid"}
[2017-10-27T11:39:48,114][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://logstash_system:xxxxxx@elasticsearch:9200/]}}
[2017-10-27T11:39:48,118][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@elasticsearch:9200/, :path=>"/"}
[2017-10-27T11:39:48,343][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}
[2017-10-27T11:39:48,345][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://elasticsearch:9200"]}
[2017-10-27T11:39:48,346][INFO ][logstash.pipeline        ] Starting pipeline {"id"=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>2}
[2017-10-27T11:39:48,389][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://logstash_system:xxxxxx@elasticsearch:9200/]}}
[2017-10-27T11:39:48,390][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@elasticsearch:9200/, :path=>"/"}
[2017-10-27T11:39:48,404][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
[2017-10-27T11:39:48,435][WARN ][logstash.licensechecker.licensereader] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch {:url=>http://logstash_system:xxxxxx@elasticsearch:9200/, :error_message=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2017-10-27T11:39:48,445][ERROR][logstash.licensechecker.licensemanager] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2017-10-27T11:39:48,446][WARN ][logstash.licensechecker.xpackinfo] Nil response from License Server
[2017-10-27T11:39:48,486][INFO ][logstash.pipeline        ] Pipeline .monitoring-logstash started
[2017-10-27T11:39:48,536][INFO ][logstash.pipeline        ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-10-27T11:39:50,049][INFO ][logstash.inputs.googlepubsub] Client authorizataion with JSON key ready
[2017-10-27T11:39:50,051][INFO ][logstash.pipeline        ] Pipeline main started
[2017-10-27T11:39:50,235][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2017-10-27T11:39:50,875][ERROR][logstash.pipeline        ] A plugin had an unrecoverable error. Will restart this plugin.
  Plugin: <LogStash::Inputs::GooglePubSub project_id=>"secret", topic=>"fw-services-logs", subscription=>"fw-logstash-sub", json_key_file=>"/usr/share/logstash/service_account_key.json", id=>"23998ce4135823320ff87ea3bf3ca73094144ca9-1", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_41007486-427e-4323-99fd-9375470f239e", enable_metric=>true, charset=>"UTF-8">, max_messages=>5>
  Error: certificate verify failed

当我使用调试日志记录级别运行时,我看到它在Faraday的某个地方崩溃:

代码语言:javascript
复制
[2017-10-27T12:42:01,538][ERROR][logstash.pipeline] A plugin had an unrecoverable error. Will restart this plugin.
  Plugin: <LogStash::...>
  Error: certificate verify failed
  Exception: Faraday::SSLError
  Stack: org

问题:

  • 您知道我如何修复插件的崩溃,因为证书验证了失败的错误吗?
  • 这些关于ElasticSearch的警告/信息日志是否正常?我不需要用ES,对吧?

我使用的停靠文件:

代码语言:javascript
复制
FROM docker.elastic.co/logstash/logstash:5.6.3

ADD service_account_key.json /usr/share/logstash/service_account_key.json

# https://www.elastic.co/guide/en/logstash/current/docker.html
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
ADD ./pipeline/ /usr/share/logstash/pipeline/

RUN logstash-plugin install logstash-input-google_pubsub

我建造和运行它就像:

代码语言:javascript
复制
docker build -t logstash -f logstash.docker --no-cache .
docker run -it logstash
logstash
elastic-stack
google-cloud-pubsub
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2017-10-30 13:20:58

显式设置SSL_CERT_FILE解决了问题。

代码语言:javascript
复制
# see https://github.com/google/google-api-ruby-client/issues/253
ENV SSL_CERT_FILE /usr/share/logstash/logstash-core/lib/logstash/certs/cacert.pem

默认情况下,Logstash尝试将监视信息记录到Elasticsearch。如果您,例如我不希望发生这种情况,您可以通过以下方式禁用它:

代码语言:javascript
复制
ENV XPACK_MONITORING_ENABLED false

要调试这些问题,可以方便地将Logstash日志记录级别设置为debug

代码语言:javascript
复制
ENV LOG_LEVEL debug
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/46974598

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档