Elasticsearch

测试 Elasticsearch 实例连通性,一般为 9200 端口,可得到以下 JSON 格式的返回结果,则说明 Elasticsearch 实例正常运行,为了表示方便,以下 "Elasticsearch" 简称为 "ES"。

root@hetzner-dedi /usr/local/elasticsearch/config # curl -k -u elastic:'your-password' https://localhost:9200
{
  "name" : "hetzner-dedi",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "jPOLB2d8QKi-OlYjPrAo_g",
  "version" : {
    "number" : "9.4.2",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "c402c2b36d90eae29c0182f86bd9050fd0b746cc",
    "build_date" : "2026-05-25T22:10:36.017759931Z",
    "build_snapshot" : false,
    "lucene_version" : "10.4.0",
    "minimum_wire_compatibility_version" : "8.19.0",
    "minimum_index_compatibility_version" : "8.0.0"
  },
  "tagline" : "You Know, for Search"
}

这能验证 ES 服务正常响应,带证书校验进行测试

root@hetzner-dedi ~ # curl --cacert /usr/local/elasticsearch/config/certs/http_ca.crt \
  -u elastic:'' \
  https://localhost:9200
{
  "name" : "hetzner-dedi",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "jPOLB2d8QKi-OlYjPrAo_g",
  "version" : {
    "number" : "9.4.2",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "c402c2b36d90eae29c0182f86bd9050fd0b746cc",
    "build_date" : "2026-05-25T22:10:36.017759931Z",
    "build_snapshot" : false,
    "lucene_version" : "10.4.0",
    "minimum_wire_compatibility_version" : "8.19.0",
    "minimum_index_compatibility_version" : "8.0.0"
  },
  "tagline" : "You Know, for Search"
}

默认的 ES 配置文件 elasticsearch.yml 配置了 xPack,要求所有连接通过 HTTPS 加密

xpack.security.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

http.host: 0.0.0.0

ES 自动安全配置会生成:

  • http_ca.crt:签发 HTTP 层证书的 CA 证书;
  • http.p12:当前节点 HTTP 层使用的 key/cert keystore;
  • transport.p12:节点间通信 transport 层使用的 keystore。

xpack.security.http.ssl.enabled: true 开启,使用自签 CA http_ca.crt

若直接连接 ES 实例会导致校验证书失败,是因为 GitLab 不信任 ES 实例的证书

root@hetzner-dedi ~/workspace # gitlab-rake gitlab:elastic:info
                            
GitLab version:                 19.1.0

Advanced Search
Server version:                 unknown
Server distribution:            unknown
rake aborted!
Gitlab::Search::Client::ConnectionError: Search is currently unavailable. Please try again later. (Gitlab::Search::Client::ConnectionError)
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:28:in `rescue in perform_request'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:17:in `perform_request'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:237:in `alias_exists?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:360:in `target_index_names'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:352:in `target_index_name'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:331:in `get_meta'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:575:in `display_search_application_settings'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:546:in `info'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:75:in `execute'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:167:in `block (3 levels) in <main>'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'

Caused by:
Faraday::ConnectionFailed: SSL peer certificate or SSH remote key was not OK (Faraday::ConnectionFailed)
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:16:in `perform_request'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:237:in `alias_exists?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:360:in `target_index_names'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:352:in `target_index_name'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:331:in `get_meta'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:575:in `display_search_application_settings'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:546:in `info'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:75:in `execute'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:167:in `block (3 levels) in <main>'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Tasks: TOP => gitlab:elastic:info
(See full trace by running task with --trace)

如何使其正常接受来自 HTTPS 通道流量,参考如下

复制到 GitLab 受信任证书目录

GitLab 的受信任证书目录通常位于 /etc/gitlab/trusted-certs 目录

sudo cp /usr/local/elasticsearch/config/certs/http_ca.crt /etc/gitlab/trusted-certs/es-http-ca.crt
sudo chmod 644 /etc/gitlab/trusted-certs/es-http-ca.crt

重新配置并启动实例

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

在 GitLab 里验证

  • Indexing enabled: yes
  • Search enabled: yes
  • Code search enabled: yes

此处对应以下三种具体搜索开关

  • Turn on indexing for advanced search:开启索引器,创建空索引,跟踪新数据;
  • Search with advanced search:让 GitLab 搜索功能使用 Advanced Search;
  • Code search with advanced search:让代码搜索使用 Advanced Search。
root@hetzner-dedi ~ # gitlab-rake gitlab:elastic:info

GitLab version:                 19.1.0

Advanced Search
Server version:                 9.4.2
Server distribution:            elasticsearch
Indexing enabled:               yes
Search enabled:                 yes
Code search enabled:            yes
Requeue Indexing workers:       no
Pause search cluster indexing:  no
Pause advanced search indexing: no
Indexing restrictions enabled:  no
File size limit:                1024 KiB
Index version:                  19.1.0-ee
Indexing number of shards:      2
Max code indexing concurrency:  30
Prefix:                         gitlab
Client adapter:                 typhoeus

Indexing Queues
Initial queue:                  0
Incremental queue:              0
Concurrency limit code queue:   0

Pending Migrations
There are no pending migrations.

Current Migration
There is no current migration.

Current Zero-downtime Reindexing Tasks
There is no current reindexing task.

Indices
- gitlab-production-20260701-1559:
        document_count: 29
        number_of_shards: 5
        number_of_replicas: 1
- gitlab-production-commits-20260701-1559:
        document_count: 9
        number_of_shards: 5
        number_of_replicas: 1
······
······

初次索引流程需要在 admin 后台打开,Admin Area -> Settings -> Search,勾选 Turn on indexing for advanced search,点击 Index the instance,等待索引完成再勾选 Search with advanced search

参考资料

Elasticsearch | GitLab Docs

Install Elasticsearch from archive on Linux or MacOS | Elastic Docs

最后修改:2026 年 07 月 02 日
如果觉得我的文章对你有用,请随意赞赏