[jira] [Created] (KARAF-5754) Make Decanter elasticsearch-jest appender support HTTPS/XPack enabled ES

Tue, 15 May 2018 00:44:25 -0700 

Xilai Dai created KARAF-5754:
--------------------------------

             Summary: Make Decanter elasticsearch-jest appender support 
HTTPS/XPack enabled ES
                 Key: KARAF-5754
                 URL: https://issues.apache.org/jira/browse/KARAF-5754
             Project: Karaf
          Issue Type: Improvement
          Components: decanter
    Affects Versions: decanter-2.0.0
            Reporter: Xilai Dai


Now the Decanter elasticsearch-jest appender is able to connect with plain ES, 
but failed to connect with HTTPS/XPack enabled ES.

With configuration in the 
org.apache.karaf.decanter.appender.elasticsearch.jest.cfg:
{code:java}
address=https://192.168.99.100:9200

# Basic username and password authentication
username=xxxx
password=xxxx{code}
Then the SSLHandshakeException will be thrown from the ElasticsearchAppender:
{code:java}
2018-05-15T11:11:10,666 | WARN  | EventAdminThread #20 | 
earch.jest.ElasticsearchAppender  120 | 315 - 
org.apache.karaf.decanter.appender.elasticsearch.jest - 2.0.0 | Can't append 
into Elasticsearch
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [?:?]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) [?:?]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) [?:?]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [?:?]
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) 
[?:?]
    at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [?:?]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) [?:?]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) [?:?]
    at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) 
[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) 
[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) 
[?:?]
    at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) 
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) 
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) 
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) 
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:47) 
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.send(ElasticsearchAppender.java:128)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.handleEvent(ElasticsearchAppender.java:118)
 [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
    at 
org.apache.felix.eventadmin.impl.handler.EventHandlerProxy.sendEvent(EventHandlerProxy.java:415)
 [3:org.apache.karaf.services.eventadmin:4.1.5]
    at 
org.apache.felix.eventadmin.impl.tasks.HandlerTask.run(HandlerTask.java:70) 
[3:org.apache.karaf.services.eventadmin:4.1.5]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
[?:?]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
    at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 
[?:?]
    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 
[?:?]
    at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) 
~[?:?]
    at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) 
~[?:?]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 ~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 ~[?:?]
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) 
~[?:?]
    ... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
    at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 ~[?:?]
    at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 ~[?:?]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:?]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) 
~[?:?]
    at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) 
~[?:?]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 ~[?:?]
    at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 ~[?:?]
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) 
~[?:?]
    ... 29 more{code}

The ElasticsearchAppender need to be enhanced to support XPack secured ES.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to