转载说明：如果您喜欢这篇文章并打算转载它，请私信作者取得授权。感谢您喜爱本文，请文明转载，谢谢。

最近因为某些原因，需要将ES升级到8.7.1版本。之前用的ES版本比较老了，这次部署新版本ES，发现变化蛮大的，一小心又踩了一些坑，还给自己挖了一些坑......

1.java版本不符合需求，es启动失败

报错内容：

[2023-05-12T16:52:24,895][ERROR][o.e.b.Elasticsearch      ] [es-03] fatal exception while booting Elasticsearch

java.nio.file.NoSuchFileException: /opt/jdk-11/jre/lib/rt.jar

原因及解决：

因为本机部署因有9.4.0版本的skywalking，就使用了jdk-11，而jdk-11没有jre/lib/rt.jar文件。

修改elasticsearch-env，大约在35行的位置，指定ES_JAVA_HOME的路径，使用es自带的jdkES_JAVA_HOME="/home/elasticsearch-8.7.1/jdk/"

ES_JAVA_HOME="/home/elasticsearch-8.7.1/jdk/"  ##新加内容
# now set the path to java
if [ ! -z "$ES_JAVA_HOME" ]; then
  JAVA="$ES_JAVA_HOME/bin/java"
  JAVA_TYPE="ES_JAVA_HOME"

  if [ ! -x "$JAVA" ]; then
    echo "could not find java in $JAVA_TYPE at $JAVA" >&2
    exit 1
  fi

2.未配置安全机制参数，es启动失败

报错内容：

[2023-05-12T10:47:23,633][ERROR][o.e.b.Elasticsearch      ] [es-01] node validation exception

[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elas

ticsearch.

bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.securi

ty.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

原因及解决：

原因是新版的es默认开启了xpack安全机制，也就是xpack.security.enabled参数默认值是true，配置文件elasticsearch.yml需要加以下几行参数：

xpack.security.enabled: true  #默认的

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.key:

xpack.security.transport.ssl.certificate:

或者如果只是测试需要的es，可以关闭xpack，即在配置文件elasticsearch.yml添加：

xpack.security.enabled: false

3.配置文件错误，ssl证书创建失败

报错内容：

Exception in thread "main" org.elasticsearch.ElasticsearchParseException: null-valued setting found for key [xpack.security.transport.ssl.keystore.path] found at line number [97], column number [44]

原因及解决：

原因：因为在测试的时候修改了配置文件，添加了下面几行配置，但是因为还没创建证书，就还没配置值，然后就把文件保存了。把这2行先注释掉再创建证书就可以了。

xpack.security.transport.ssl.key:  
xpack.security.transport.ssl.certificate:

4.ssl证书路径未配置，es启动失败

报错内容：

[2023-05-12T11:04:02,910][ERROR][o.e.b.Elasticsearch      ] [es-01] fatal exception while booting Elasticsearch

org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - ser

ver ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]

原因及解决：

在配置文件elasticsearch.yml中只设置了xpack.security.enabled: true，xpack.security.transport.ssl.enabled: true，没有设置ssl证书路径参数：

xpack.security.transport.ssl.key:/home/elasticsearch-8.7.1/cert/ca/ca.key
xpack.security.transport.ssl.certificate:/home/elasticsearch-8.7.1/cert/ca/ca.crt

5.ssl证书配置冲突，es启动失败

报错内容：

[2023-05-13T19:24:36,732][ERROR][o.e.b.Elasticsearch      ] [es-03] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot specify both [certificate] and [keystore.path]

原因及解决：

原因：在遇到错误④的时候看日志看花了眼，在配置文件elasticsearch.yaml中同时设置了下边4个参数：

xpack.security.transport.ssl.verification_mode:  
xpack.security.transport.ssl.keystore.path:  ##应该不要这行

xpack.security.transport.ssl.key:  
xpack.security.transport.ssl.certificate:

其中xpack.security.transport.ssl.keystore.path参数是java库文件，不该配置在这里，注释掉就好了。 

6.集群某个节点的cluster name配置不一致，集群报错

报错内容：

[2023-05-12T11:25:26,522][INFO ][o.e.c.c.ClusterBootstrapService] [es-03] this node has not joined a bootstrapped cluster yet; [cluster.initial_master_nodes] is set to [es-01, es-02, es-03] [2023-05-12T11:25:26,561][WARN ][o.e.d.HandshakingTransportAddressConnector] [es-03] handshake to [10.0.0.102:9300] failed java.lang.IllegalStateException: handshake with [{10.0.0.102:9300}{LAkbd2oVTteBkzcY1aeaTA}{es-02}{10.0.0.102:9300}{7.17.0}] failed: remote cluster name [sreest] does not match local cluster name [sretest]

原因及解决：

原因：elk-02的clustername 配置错误,少写了个t

还有一些之前踩的坑，有兴趣的朋友可阅读我之前梳理的博文：总结—elasticsearch启动失败的几种情况及解决