[ https://issues.apache.org/jira/browse/KARAF-5754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved KARAF-5754. ----------------------------------------- Resolution: Fixed > Make Decanter elasticsearch-jest/elasticsearch-rest appender support > HTTPS/XPack enabled ES > ------------------------------------------------------------------------------------------- > > Key: KARAF-5754 > URL: https://issues.apache.org/jira/browse/KARAF-5754 > Project: Karaf > Issue Type: Improvement > Components: decanter > Affects Versions: decanter-2.0.0 > Reporter: Xilai Dai > Assignee: Jean-Baptiste Onofré > Priority: Major > Fix For: decanter-2.1.0 > > > Now the Decanter elasticsearch-jest appender is able to connect with plain > ES, but failed to connect with HTTPS/XPack enabled ES. > With configuration in the > org.apache.karaf.decanter.appender.elasticsearch.jest.cfg: > {code:java} > address=https://192.168.99.100:9200 > # Basic username and password authentication > username=xxxx > password=xxxx{code} > Then the SSLHandshakeException will be thrown from the ElasticsearchAppender: > {code:java} > 2018-05-15T11:11:10,666 | WARN | EventAdminThread #20 | > earch.jest.ElasticsearchAppender 120 | 315 - > org.apache.karaf.decanter.appender.elasticsearch.jest - 2.0.0 | Can't append > into Elasticsearch > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [?:?] > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) [?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) [?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) > [?:?] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > [?:?] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [?:?] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) [?:?] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) > [?:?] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) > [?:?] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) > [?:?] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) > [?:?] > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:47) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.send(ElasticsearchAppender.java:128) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.handleEvent(ElasticsearchAppender.java:118) > [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0] > at > org.apache.felix.eventadmin.impl.handler.EventHandlerProxy.sendEvent(EventHandlerProxy.java:415) > [3:org.apache.karaf.services.eventadmin:4.1.5] > at > org.apache.felix.eventadmin.impl.tasks.HandlerTask.run(HandlerTask.java:70) > [3:org.apache.karaf.services.eventadmin:4.1.5] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:?] > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [?:?] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [?:?] > at java.lang.Thread.run(Thread.java:748) [?:?] > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) > ~[?:?] > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:?] > at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) > ~[?:?] > ... 29 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > ~[?:?] > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > ~[?:?] > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[?:?] > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) > ~[?:?] > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:?] > at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) > ~[?:?] > ... 29 more{code} > Also, the elasticsearch-rest appender has the same problem with > Secured/Xpacked enabled ES. > {code} > 2018-05-15T11:24:00,901 | WARN | Thread-6 | > earch.rest.ElasticsearchAppender 144 | 329 - > org.apache.karaf.decanter.appender.elasticsearch.rest - 2.0.0 | Can't append > into Elasticsearch > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [?:?] > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) [?:?] > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) [?:?] > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) [?:?] > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) [?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at > org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) > [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0] > at java.lang.Thread.run(Thread.java:748) [?:?] > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?] > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) ~[?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:?] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?] > at java.security.AccessController.doPrivileged(Native Method) ~[?:?] > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) > ~[?:?] > ... 9 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) > ~[?:?] > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:?] > at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:?] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?] > at java.security.AccessController.doPrivileged(Native Method) ~[?:?] > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) > ~[?:?] > ... 9 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > ~[?:?] > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > ~[?:?] > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[?:?] > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) > ~[?:?] > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:?] > at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) > ~[?:?] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:?] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?] > at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?] > at java.security.AccessController.doPrivileged(Native Method) ~[?:?] > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) > ~[?:?] > at > org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) > ~[?:?] > ... 9 more > {code} > The elasticsearch-jest/elasticsearch-rest appenders need to be enhanced to > support XPack secured ES. -- This message was sent by Atlassian JIRA (v7.6.3#76005)