OpenShift 3

修改 elasticsearch 使用的 Java参数

$ oc project openshift-logging$ oc get dc -l component=es
NAME                              REVISION   DESIRED   CURRENT   TRIGGERED BY
logging-es-data-master-9fgtlhi4   1          1         1$ oc set env -c elasticsearch dc/logging-es-data-master-9fgtlhi4 ES_JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true"
$ oc set env -c elasticsearch dc -l component=es --list | grep ES_JAVA_OPTS$ oc scale dc/logging-es-data-master-9fgtlhi4 --replicas=0
$ oc rollout latest dc/logging-es-data-master-9fgtlhi4
$ oc scale dc/logging-es-data-master-9fgtlhi4 --replicas=1

验证

for es_pod in $(oc get pods -l component=es --no-headers -o jsonpath='{range .items[?(@.status.phase=="Running")]}{.metadata.name}{"\n"}{end}'); \do echo "Confirm changes on $es_pod" ;  sleep 1 ; \oc rsh -Tc elasticsearch $es_pod ps auxwww | grep log4j2.formatMsgNoLookups ; sleep 3; \donefor es_pod in $(oc get pods -l component=es --no-headers -o jsonpath='{range .items[?(@.status.phase=="Running")]}{.metadata.name}{"\n"}{end}'); \do echo "Confirm changes on $es_pod" ;  sleep 1 ; \oc rsh -Tc elasticsearch $es_pod printenv | grep ES_JAVA_OPTS ; sleep 3; \done

OpenShift 4

修改 elasticsearch 使用的 Java参数

$ oc project openshift-logging$ oc get deployment -l component=elasticsearch
NAME                                      REVISION   DESIRED   CURRENT   TRIGGERED BY
elasticsearch-cdm-ba9c6evk-1-796f6cfdbc   1          1         1$ oc patch deployment/elasticsearch-cdm-ba9c6evk-1-796f6cfdbc --type=merge -p '{"spec":{"paused": false}}'
$ oc set env deployment/elasticsearch-cdm-ba9c6evk-1-796f6cfdbc -c elasticsearch ES_JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true"
$ oc set env -c elasticsearch deployment -l component=elasticsearch --list | grep ES_JAVA_OPTS$ oc scale deployment/elasticsearch-cdm-ba9c6evk-1-796f6cfdbc --replicas=0

验证

$ oc get pods -l component=elasticsearch$ oc set env -c elasticsearch pods -l component=elasticsearch --list | grep ES_JAVA_OPTS$ oc exec -c elasticsearch elasticsearch-cdm-ba9c6evk-1-796f6cfdbc-4dqc6 -- grep -a log4j2.formatMsgNoLookups /proc/1/cmdline

OpenShift 4 - 解决 OpenShift 中 elasticsearch 环境的 Log4j 漏洞相关推荐

OpenShift 4 - 配置OpenShift集群日志环境EFK
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.6环境中验证文章目录安装Elastic Search Operator 安装Cluster Lo ...
OpenShift 4 - 创建Service Mesh运行环境
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.10环境中验证文章目录安装 OpenShift Service Mesh 和相关依赖 Opera ...
OpenShift 4 - 用 Operator 创建 Jenkins 环境
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证文章目录安装 Jenkins Operator 用 Operator 创建 Jenk ...
在 OpenShift 4 上部署 Ansible Tower 环境
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证文章目录准备OpenShift环境安装PostgreSQL 安装Ansible T ...
从根源解决Pycharm中terminal控制台环境与项目环境不一致问题
从根源解决Pycharm中terminal控制台环境与项目环境不一致问题问题描述我们知道可以利用Anaconda创建多个虚拟的python环境,但将项目导入pycharm中并为此设置了编译环境后, ...
OpenShift 4 MTC - 从 OpenShift 3 向 OpenShift 4 迁移应用
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证演示视频文章目录准备对象存储配置迁移源 OpenShift 3 的环境部署 M ...
OpenShift Security (13) - 利用Log4j漏洞攻击容器
<OpenShift 4.x HOL教程汇总> 演示视频利用 Log4j 漏洞攻击容器需要有2个条件,1)Java应用中包含受到漏洞影响的Log4j.2)带有"JNDI 注入& ...
OpenShift 4 - 向OpenShift添加新的SSH Key
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.6环境中验证文章目录创建新的SSH Key秘钥对获取当前OpenShift已有SSH Key ...
OpenShift 4 - 向OpenShift内部Image Registry推送Image
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.6环境中验证文章目录了解OpenShift内部Image Registry 向内部Image R ...

OpenShift 4 - 解决 OpenShift 中 elasticsearch 环境的 Log4j 漏洞

文章目录

OpenShift 3

OpenShift 4

OpenShift 4 - 解决 OpenShift 中 elasticsearch 环境的 Log4j 漏洞相关推荐

最新文章

热门文章