elasticsearch-cloud-aws插件不支持IAM角色

时间:2015-08-19 19:02:42

标签: amazon-web-services elasticsearch amazon-ec2 elasticsearch-plugin

我正在尝试使用elasticsearch-cloud-aws插件在aws ec2机器上设置elasticsearch集群。我按照github自述文件中的说明操作,但无法使其与IAM角色设置一起使用。

我使用的是ES 1.7.1和插件版本2.7.0

启动了与以下政策相关联的IAM角色的EC2实例:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1439999260000",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInstances",
                "ec2:DescribeRegions",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeTags"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

在所有实例的elasticsearch配置文件中修改了以下设置:

cluster.name: my_cluster
discovery.zen.ping.multicast.enabled: false
discovery.type: ec2
discovery.type: ec2
discovery.ec2.groups: my_security_group
discovery.ec2.availability_zones: eu-west-1b

在es log中可以找到以下发现模块的DEBUG级别。

[2015-08-19 18:41:12,024][DEBUG][discovery.ec2            ] [Misfit] using ping.timeout [3s], join.timeout [1m], master_election.filter_client [true], master_election.filter_data [false]
[2015-08-19 18:41:12,025][DEBUG][discovery.zen.fd         ] [Misfit] [master] uses ping_interval [1s], ping_timeout [30s], ping_retries [3]
[2015-08-19 18:41:12,027][DEBUG][discovery.zen.fd         ] [Misfit] [node  ] uses ping_interval [1s], ping_timeout [30s], ping_retries [3]
[2015-08-19 18:41:12,785][DEBUG][discovery.ec2            ] [Misfit] using host_type [PRIVATE_IP], tags [{}], groups [[ES-development-expose]] with any_group [true], availability_zones [[eu-west-1b]]
[2015-08-19 18:41:13,479][INFO ][node                     ] [Misfit] initialized
[2015-08-19 18:41:13,479][INFO ][node                     ] [Misfit] starting ...
[2015-08-19 18:41:13,560][INFO ][transport                ] [Misfit] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/10.0.0.29:9300]}
[2015-08-19 18:41:13,581][INFO ][discovery                ] [Misfit] es-aws-dev/W24WvY0yQyew0khFFDrQVA
[2015-08-19 18:41:14,805][DEBUG][discovery.ec2            ] [Misfit] using dynamic discovery nodes []
[2015-08-19 18:41:16,433][DEBUG][discovery.ec2            ] [Misfit] using dynamic discovery nodes []
[2015-08-19 18:41:18,064][DEBUG][discovery.ec2            ] [Misfit] using dynamic discovery nodes []
[2015-08-19 18:41:18,067][DEBUG][discovery.ec2            ] [Misfit] filtered ping responses: (filter_client[true], filter_data[false]) {none}
[2015-08-19 18:41:18,074][INFO ][cluster.service          ] [Misfit] new_master [Misfit][W24WvY0yQyew0khFFDrQVA][ip-10-0-0-29.eu-west-1.compute.internal][inet[/10.0.0.29:9300]], reason: zen-disco-join (elected_as_master)
[2015-08-19 18:41:18,101][INFO ][http                     ] [Misfit] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/10.0.0.29:9200]}
[2015-08-19 18:41:18,101][INFO ][node                     ] [Misfit] started
[2015-08-19 18:41:18,102][INFO ][gateway                  ] [Misfit] recovered [0] indices into cluster_state

未形成群集,而是两个独立的主人。

我已经确认机器上的IAM角色有效。但是有可能验证哪些条目返回到ec2节点? 什么暗示我忽略了什么?

THX

1 个答案:

答案 0 :(得分:2)

当我通过cloud.aws.region设置aws区域时,它开始按预期运行。

相关问题
最新问题