这篇文章上次修改于 439 天前,可能其部分内容已经发生变化,如有疑问可询问作者。

同事说Splunk的索引有问题,而且右上角消息框有关于KV-Store的报错提示。

tu1



经排查mongod.log和splunkd.log日志文件,发现报错:

***aborting after fassert() failure
 2020-04-26T19:51:41.408Z W CONTROL  [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
 2020-04-26T19:51:41.423Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.
 2020-04-26T19:51:41.423Z I -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
 2020-04-26T19:51:41.423Z I -        [main] 
 ***aborting after fassert() failure
 2020-04-26T19:52:45.131Z W CONTROL  [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
 2020-04-26T19:52:45.146Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.
 2020-04-26T19:52:45.146Z I -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
 2020-04-26T19:52:45.146Z I -        [main] 
 ***aborting after fassert() failure
 2020-04-26T19:53:29.791Z W CONTROL  [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
 2020-04-26T19:53:29.806Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.
 2020-04-26T19:53:29.806Z I -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
 2020-04-26T19:53:29.806Z I -        [main] 
 ***aborting after fassert() failure
 2020-04-26T19:54:32.420Z W CONTROL  [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
 2020-04-26T19:54:32.434Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.
 2020-04-26T19:54:32.434Z I -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
 2020-04-26T19:54:32.434Z I -        [main]

可以看到和SSL证书相关,在splunk官方问答中心查到原因是$SPLKUNK_HOME/etc/auth/下的server.pem文件过期了。使用openssl x509 -enddate -noout -in ./server.pem 可以查询有效期。查了下果不其然!

[root@localhost auth]# openssl x509 -enddate -noout -in ./server.pem

notAfter=Jul 15 19:49:43 2018 GMT

在上面的日志文件中,最早提示过期的时间是2018年8月。好了,那么我们按照官方给的提示进行解决吧。

第一步,检查kv-store服务状态

检查kv-store服务是否是failed状态

首先获取hostname的fqdn名称:

#hostname --fqdn

tu2
tu3

OK,是failed状态。
<br/>

第二步,生成新的证书

FQDN就输入上面查到的localhost:

./splunk createssl server-cert 3072 -d /opt/splunk/etc/auth -n server -c <FQDN>

tu4


生成完成

重启splunk即可,再次查看kv-store也是ready状态了。