You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2020/03/14 16:30:28 UTC
[GitHub] [skywalking] vision-ken opened a new issue #4512: How to connect
elasticsearch with https?
vision-ken opened a new issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512
Please answer these questions before submitting your issue.
- Why do you submit this issue?
- [x] Question or discussion
- [ ] Bug
- [ ] Requirement
- [ ] Feature or performance improvement
___
### Question
- What do you want to know?
I had install elasticsearch with [elastic-cloud-kubernetes](https://www.elastic.co/elastic-cloud-kubernetes), and install [skywalking-kubernetes](https://github.com/apache/skywalking-kubernetes) chart with helm 3:
```sh
$ helm install skywalking skywalking \
--set elasticsearch.enabled=false \
--set elasticsearch.config.host=quickstart-es-http \
--set elasticsearch.config.port.http=9200
```
Everything work fine but when OAP connect to es got a error:
```
org.apache.skywalking.oap.server.starter.OAPServerBootstrap -8869 [main] ERROR [] - Connection is closed
org.apache.skywalking.oap.server.library.module.ModuleStartException: Connection is closed
...
Caused by: org.apache.http.ConnectionClosedException: Connection is closed
```
the log in es has a WARN:
```
received plaintext http traffic on an https channel, closing connection
```
It looks like connecting to HTTPS through the HTTP port, how to solve this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connect to ES now, but report an error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `SW_ES_USER` and `SW_ES_PASSWORD` in the `oap.env` section in charts/values.yaml as below, and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599179700
@hanahmily
How could I pass these env variable to the chart ?
- SW_ES_USER
- SW_ES_PASSWORD
- SW_SW_STORAGE_ES_SSL_JKS_PATH
- SW_SW_STORAGE_ES_SSL_JKS_PASS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connetct to ES now, but report the error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `oap.env` in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connect to ES now, but report an error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `SW_ES_USER` and `SW_ES_PASSWORD` in the `oap.env` section in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connect to ES now, but report a error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `SW_ES_USER` and `SW_ES_PASSWORD` in the `oap.env` section in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
when I disable TLS of elasticsearch, OAP can connetct to ES now, but report the error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `oap.env` in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connetct to ES now, but report the error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `SW_ES_USER` and `SW_ES_PASSWORD` in the `oap.env` section in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] hanahmily commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
hanahmily commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599171817
@vision-ken it seems that you should refer to https://github.com/apache/skywalking/blob/v6.6.0/docs/en/setup/backend/backend-storage.md#elasticsearch, then set up below parameters to enable TLS between OAP and ES.
```
trustStorePath: ${SW_SW_STORAGE_ES_SSL_JKS_PATH:""}
trustStorePass: ${SW_SW_STORAGE_ES_SSL_JKS_PASS:""}
```
Something you should take care of is
1. OAP ports to `trustedStore` directly instead of X.502 CA files.
1. The format of `trustedStore` is `JKS` instead of `PKCS12`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599112766
When I disable TLS of elasticsearch, OAP can connect to ES now, but report the error:
```
org.elasticsearch.client.ResponseException: method [HEAD], host [http://quickstart-es-http:9200], URI [/], status line [HTTP/1.1 401 Unauthorized]
```
And then I add `SW_ES_USER` and `SW_ES_PASSWORD` in the `oap.env` section in charts/values.yaml as below and reinstall the chart, but it didn't work.
```
oap:
env:
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "xxx"
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] wu-sheng commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
wu-sheng commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599213612
@vision-ken Could you send a pull request to fix this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] innerpeacez closed issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
innerpeacez closed issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599212267
Look like lost these lines in the es-init.job.yaml env section :
```
env:
{{- range $key, $value := .Values.oap.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
```
After added these lines to es-init.job.yaml, it work.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599179700
@hanahmily
How could I pass these env variables to the chart ?
- SW_ES_USER
- SW_ES_PASSWORD
- SW_SW_STORAGE_ES_SSL_JKS_PATH
- SW_SW_STORAGE_ES_SSL_JKS_PASS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] hanahmily commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
hanahmily commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-600925664
`oap.env` list in https://github.com/apache/skywalking-kubernetes/tree/master/chart/skywalking#configuration is what you want
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] wu-sheng commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
wu-sheng commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599150902
@hanahmily
> And then I add SW_ES_USER and SW_ES_PASSWORD in the oap.env section in charts/values.yaml as below, and reinstall the chart, but it didn't work.
These two env variables seem right. Any idea why?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599179700
@hanahmily
How to pass these env variables to the skywalking helm chart ?
- SW_ES_USER
- SW_ES_PASSWORD
- SW_SW_STORAGE_ES_SSL_JKS_PATH
- SW_SW_STORAGE_ES_SSL_JKS_PASS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken commented on issue #4512: How to connect
elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken commented on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599212267
Look like lost these lines in es-init.job.yaml :
```
{{- range $key, $value := .Values.oap.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
```
After added these lines to es-init.job.yaml, it work.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599179700
@hanahmily
How could I pass these env variables to the skywalking helm chart ?
- SW_ES_USER
- SW_ES_PASSWORD
- SW_SW_STORAGE_ES_SSL_JKS_PATH
- SW_SW_STORAGE_ES_SSL_JKS_PASS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] vision-ken edited a comment on issue #4512: How to
connect elasticsearch with https?
Posted by GitBox <gi...@apache.org>.
vision-ken edited a comment on issue #4512: How to connect elasticsearch with https?
URL: https://github.com/apache/skywalking/issues/4512#issuecomment-599212267
Look like lost these lines in es-init.job.yaml :
```
env:
{{- range $key, $value := .Values.oap.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
```
After added these lines to es-init.job.yaml, it work.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services