Curator: can't get it running with searchguard (WRONG_VERSION_NUMBER

Hi there,
I’m currently facing big problems trying to make curator work with a searchguard protected cluster…
Elasticsearch version: 6.3.1

Curator Version: 5.6

Python env: v3.6.6

No matter what I’m trying out, I only see: SSL: WRONG_VERSION_NUMBER

My config file:

client:

hosts:

• elasticsearch

port: 9200

url_prefix:

use_ssl: True

certificate:

client_cert:

client_key:

ssl_no_validate: False

http_auth: ‘XXXXX:XXXXXXXXX’

timeout: 30

master_only: False

logging:

loglevel: DEBUG

logfile:

logformat: default

blacklist: [‘elasticsearch’, ‘urllib3’]

Does anybody has a running setup with curator and might share its configuration details with me? I don’t know, what else I should try out …

2019-01-08 10:03:56,520 DEBUG curator.cli run:121 Full list of actions: {1: {'action': 'snapshot', 'description': 'Snapshot all greple profiles in a daily snapshot. Wait for the snapshot to complete. Do not skip the repository filesystem access check. Use the other options to create the snapshot.', 'options': {'repository': 'fs_storage', 'name': 'greple-profiles-daily-%Y%m%d%H%M', 'ignore_unavailable': False, 'include_global_state': False, 'partial': False, 'wait_for_completion': True, 'skip_repo_fs_check': False, 'disable_action': False, 'continue_if_exception': False, 'wait_interval': 9, 'ignore_empty_list': False, 'timeout_override': 21600, 'max_wait': -1, 'allow_ilm_indices': False}, 'filters': [{'filtertype': 'pattern', 'kind': 'regex', 'value': '(linprofiles|xingprofiles)', 'exclude': False}]}}

8.1.2019 12:03:56 2019-01-08 10:03:56,520 DEBUG curator.cli run:126 action_disabled = False

8.1.2019 12:03:56 2019-01-08 10:03:56,520 DEBUG curator.cli run:130 continue_if_exception = False

8.1.2019 12:03:56 2019-01-08 10:03:56,520 DEBUG curator.cli run:132 timeout_override = 21600

8.1.2019 12:03:56 2019-01-08 10:03:56,520 DEBUG curator.cli run:134 ignore_empty_list = False

8.1.2019 12:03:56 2019-01-08 10:03:56,520 DEBUG curator.cli run:136 allow_ilm_indices = False

8.1.2019 12:03:56 2019-01-08 10:03:56,521 INFO curator.cli run:146 Preparing Action ID: 1, "snapshot"

8.1.2019 12:03:56 2019-01-08 10:03:56,521 DEBUG curator.utils get_client:802 kwargs = {'hosts': ['elasticsearch'], 'port': 9200, 'use_ssl': True, 'ssl_no_validate': False, 'http_auth': 'curator:zsEjL4ko2BF3IgpBSVHV', 'master_only': False, 'aws_key': None, 'url_prefix': '', 'client_cert': None, 'aws_secret_key': None, 'certificate': None, 'client_key': None, 'aws_token': None, 'aws_sign_request': False, 'timeout': 21600}

8.1.2019 12:03:56 2019-01-08 10:03:56,521 DEBUG curator.utils get_client:808 Attempting to verify SSL certificate.

8.1.2019 12:03:56 2019-01-08 10:03:56,525 DEBUG curator.utils get_client:877 "requests_aws4auth" module present, but not used.

8.1.2019 12:04:07 Traceback (most recent call last):

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen

8.1.2019 12:04:07 chunked=chunked)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request

8.1.2019 12:04:07 self._validate_conn(conn)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn

8.1.2019 12:04:07 conn.connect()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect

8.1.2019 12:04:07 ssl_context=context)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket

8.1.2019 12:04:07 return context.wrap_socket(sock, server_hostname=server_hostname)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 407, in wrap_socket

8.1.2019 12:04:07 _context=self, _session=session)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 814, in __init__

8.1.2019 12:04:07 self.do_handshake()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 1068, in do_handshake

8.1.2019 12:04:07 self._sslobj.do_handshake()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake

8.1.2019 12:04:07 self._sslobj.do_handshake()

8.1.2019 12:04:07 ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

8.1.2019 12:04:07

8.1.2019 12:04:07 During handling of the above exception, another exception occurred:

8.1.2019 12:04:07

8.1.2019 12:04:07 Traceback (most recent call last):

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/elasticsearch/connection/http_urllib3.py", line 172, in perform_request

8.1.2019 12:04:07 response = self.pool.urlopen(method, url, body, retries=Retry(False), headers=request_headers, **kw)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen

8.1.2019 12:04:07 _stacktrace=sys.exc_info()[2])

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 343, in increment

8.1.2019 12:04:07 raise six.reraise(type(error), error, _stacktrace)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/packages/six.py", line 685, in reraise

8.1.2019 12:04:07 raise value.with_traceback(tb)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen

8.1.2019 12:04:07 chunked=chunked)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request

8.1.2019 12:04:07 self._validate_conn(conn)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn

8.1.2019 12:04:07 conn.connect()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect

8.1.2019 12:04:07 ssl_context=context)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket

8.1.2019 12:04:07 return context.wrap_socket(sock, server_hostname=server_hostname)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 407, in wrap_socket

8.1.2019 12:04:07 _context=self, _session=session)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 814, in __init__

8.1.2019 12:04:07 self.do_handshake()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 1068, in do_handshake

8.1.2019 12:04:07 self._sslobj.do_handshake()

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake

8.1.2019 12:04:07 self._sslobj.do_handshake()

8.1.2019 12:04:07 urllib3.exceptions.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

8.1.2019 12:04:07

8.1.2019 12:04:07 During handling of the above exception, another exception occurred:

8.1.2019 12:04:07

8.1.2019 12:04:07 Traceback (most recent call last):

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/utils.py", line 899, in get_client

8.1.2019 12:04:07 check_version(client)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/utils.py", line 685, in check_version

8.1.2019 12:04:07 version_number = get_version(client)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/utils.py", line 658, in get_version

8.1.2019 12:04:07 version = client.info()['version']['number']

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped

8.1.2019 12:04:07 return func(*args, params=params, **kwargs)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/__init__.py", line 241, in info

8.1.2019 12:04:07 return self.transport.perform_request('GET', '/', params=params)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/elasticsearch/transport.py", line 318, in perform_request

8.1.2019 12:04:07 status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/elasticsearch/connection/http_urllib3.py", line 178, in perform_request

8.1.2019 12:04:07 raise SSLError('N/A', str(e), e)

8.1.2019 12:04:07 elasticsearch.exceptions.SSLError: ConnectionError([SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)) caused by: SSLError([SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841))

8.1.2019 12:04:07

8.1.2019 12:04:07 During handling of the above exception, another exception occurred:

8.1.2019 12:04:07

8.1.2019 12:04:07 Traceback (most recent call last):

8.1.2019 12:04:07 File "/usr/local/bin/curator", line 11, in <module>

8.1.2019 12:04:07 sys.exit(cli())

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__

8.1.2019 12:04:07 return self.main(*args, **kwargs)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main

8.1.2019 12:04:07 rv = self.invoke(ctx)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke

8.1.2019 12:04:07 return ctx.invoke(self.callback, **ctx.params)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke

8.1.2019 12:04:07 return callback(*args, **kwargs)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/cli.py", line 213, in cli

8.1.2019 12:04:07 run(config, action_file, dry_run)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/cli.py", line 160, in run

8.1.2019 12:04:07 client = get_client(**client_args)

8.1.2019 12:04:07 File "/usr/local/lib/python3.6/site-packages/curator/utils.py", line 906, in get_client

8.1.2019 12:04:07 'Error: {0}'.format(e)

8.1.2019 12:04:07 elasticsearch.exceptions.ElasticsearchException: Unable to create client connection to Elasticsearch. Error: ConnectionError([SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)) caused by: SSLError([SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841))