curator 4.0.5 can't connect to secured elasticsearch 2.3.4

Search Guard
1

ES: 2.3.4 Plugins: marvel-gent, head, kopf, sg, sg-ssl

Description: search-guard is working absolutely fine… but curator is not connecting.

Additional info: curator is running in same host as where ES and SG is configured. And ES is not running behind any proxy.
curator --version
curator, version 4.0.5

config file:
client:
hosts:

  • 192.168.0.1
    port: 9200
    url_prefix:
    use_ssl: True
    certificate: /usr/local/bin/root-ca.pem
    client_cert:
    client_key:
    aws_key:
    aws_secret_key:
    aws_region:
    ssl_no_validate: False
    http_auth: admin:pass
    timeout: 30
    master_only: False

logging:
loglevel: INFO
logfile: curator.log
logformat: default
blacklist: [‘elasticsearch’, ‘urllib3’]

Action_File:
actions:
1:
action: open
description: >-
Open indices older than 1 days but younger than 2 days (based on index
name), for default- prefixed indices.
options:
timeout_override:
continue_if_exception: False
disable_action: False
filters:

  • filtertype: pattern
    kind: prefix
    value: default-
    exclude:
  • filtertype: age
    source: name
    direction: older
    timestring: ‘%Y.%m.%d’
    unit: days
    unit_count: 2
    exclude:
  • filtertype: age
    source: name
    direction: younger
    timestring: ‘%Y.%m.%d’
    unit: days
    unit_count: 1
    exclude:

[root@elk-master ~]$ curator “action_file.yml”
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html

curator.log, which is created:

2016-08-10 15:48:35,700 INFO Action #1: open
2016-08-10 15:48:35,729 ERROR Unable to complete action “open”. No actionable items in list:
2016-08-10 15:49:46,108 INFO Action #1: open
2016-08-10 15:49:46,138 ERROR Unable to complete action “open”. No actionable items in list:
2016-08-10 15:54:26,930 INFO Action #1: open
2016-08-10 15:54:26,959 ERROR Unable to complete action “open”. No actionable items in list:

This is totally cubersome, where to add certificate for verification and which certificate? I tried all my possible ways, but no luck. I have root-ca.pem which is kind of signed certificate which I used in kibana.yml and working perfectly. Please someone help me.

More info: when ES wasn’t secured, curator 3.5 was working fine

worked command:
curator --master-only --quiet --loglevel ERROR --host 192.168.0.1 --port 9200 show indices --older-than 7 --newer-than 9 --timestring “%Y.%m.%d” --time-unit days --prefix monitoring

Any help please… As an ending note: I’m new to CURATOR and as well using it in secured environment.

2

Pls ask this here: https://discuss.elastic.co

See also: https://github.com/floragunncom/search-guard/issues/196

···

On Thursday, 11 August 2016 11:17:39 UTC+2, SAI KRISHNA GHANTA wrote:

ES: 2.3.4 Plugins: marvel-gent, head, kopf, sg, sg-ssl

Description: search-guard is working absolutely fine… but curator is not connecting.

Additional info: curator is running in same host as where ES and SG is configured. And ES is not running behind any proxy.
curator --version
curator, version 4.0.5

config file:
client:
hosts:

  • 192.168.0.1
    port: 9200
    url_prefix:
    use_ssl: True
    certificate: /usr/local/bin/root-ca.pem
    client_cert:
    client_key:
    aws_key:
    aws_secret_key:
    aws_region:
    ssl_no_validate: False
    http_auth: admin:pass
    timeout: 30
    master_only: False

logging:
loglevel: INFO
logfile: curator.log
logformat: default
blacklist: [‘elasticsearch’, ‘urllib3’]

Action_File:
actions:
1:
action: open
description: >-
Open indices older than 1 days but younger than 2 days (based on index
name), for default- prefixed indices.
options:
timeout_override:
continue_if_exception: False
disable_action: False
filters:

  • filtertype: pattern
    kind: prefix
    value: default-
    exclude:
  • filtertype: age
    source: name
    direction: older
    timestring: ‘%Y.%m.%d’
    unit: days
    unit_count: 2
    exclude:
  • filtertype: age
    source: name
    direction: younger
    timestring: ‘%Y.%m.%d’
    unit: days
    unit_count: 1
    exclude:

[root@elk-master ~]$ curator “action_file.yml”
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:770: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See:https://urllib3.readthedocs.org/en/latest/security.html

curator.log, which is created:

2016-08-10 15:48:35,700 INFO Action #1: open
2016-08-10 15:48:35,729 ERROR Unable to complete action “open”. No actionable items in list:
2016-08-10 15:49:46,108 INFO Action #1: open
2016-08-10 15:49:46,138 ERROR Unable to complete action “open”. No actionable items in list:
2016-08-10 15:54:26,930 INFO Action #1: open
2016-08-10 15:54:26,959 ERROR Unable to complete action “open”. No actionable items in list:

This is totally cubersome, where to add certificate for verification and which certificate? I tried all my possible ways, but no luck. I have root-ca.pem which is kind of signed certificate which I used in kibana.yml and working perfectly. Please someone help me.

More info: when ES wasn’t secured, curator 3.5 was working fine

worked command:
curator --master-only --quiet --loglevel ERROR --host 192.168.0.1 --port 9200 show indices --older-than 7 --newer-than 9 --timestring “%Y.%m.%d” --time-unit days --prefix monitoring

Any help please… As an ending note: I’m new to CURATOR and as well using it in secured environment.