这篇文章上次修改于 680 天前,可能其部分内容已经发生变化,如有疑问可询问作者。
同事说Splunk的索引有问题,而且右上角消息框有关于KV-Store的报错提示。
经排查mongod.log和splunkd.log日志文件,发现报错:
***aborting after fassert() failure
2020-04-26T19:51:41.408Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-26T19:51:41.423Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-26T19:51:41.423Z I - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
2020-04-26T19:51:41.423Z I - [main]
***aborting after fassert() failure
2020-04-26T19:52:45.131Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-26T19:52:45.146Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-26T19:52:45.146Z I - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
2020-04-26T19:52:45.146Z I - [main]
***aborting after fassert() failure
2020-04-26T19:53:29.791Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-26T19:53:29.806Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-26T19:53:29.806Z I - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
2020-04-26T19:53:29.806Z I - [main]
***aborting after fassert() failure
2020-04-26T19:54:32.420Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-26T19:54:32.434Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-26T19:54:32.434Z I - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 840
2020-04-26T19:54:32.434Z I - [main]
可以看到和SSL证书相关,在splunk官方问答中心查到原因是$SPLKUNK_HOME/etc/auth/下的server.pem文件过期了。使用openssl x509 -enddate -noout -in ./server.pem 可以查询有效期。查了下果不其然!
[root@localhost auth]# openssl x509 -enddate -noout -in ./server.pem
notAfter=Jul 15 19:49:43 2018 GMT
在上面的日志文件中,最早提示过期的时间是2018年8月。好了,那么我们按照官方给的提示进行解决吧。
第一步,检查kv-store服务状态
检查kv-store服务是否是failed状态
首先获取hostname的fqdn名称:
hostname --fqdn
OK,是failed状态。
<br/>
第二步,生成新的证书
FQDN就输入上面查到的localhost:
./splunk createssl server-cert 3072 -d /opt/splunk/etc/auth -n server -c <FQDN>
生成完成
重启splunk即可,再次查看kv-store也是ready状态了。
没有评论