NoNodeAvailableException

hexiang55 · May 17, 2017, 10:13am

Hi all
I install searchguard and use javaapi connect cluster, but client NoNodeAvailableException

elasticsearch.yml


searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: sg_admin
searchguard.authcz.admin_dn:
- CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
- CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

init client transport

Settings settings = Settings.builder()
        .put("cluster.name", cluster)

        .put("client.transport.sniff", true)
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/sg_user_admin-keystore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/truststore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "sg_admin")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "sg_admin").build();

client = new PreBuiltTransportClient(settings);
client.threadPool().getThreadContext().putHeader("Authorization", "Basic " + BaseEncoding.base64().encode("cluster_admin:fe32dWAd199".getBytes()));

for (InetSocketTransportAddress transportAddress : transportAddressList) {
    client.addTransportAddress(transportAddress);
}

bulkProcessor = BulkProcessor.builder(
        client,
        new BulkProcessor.Listener() {
            @Override
            public void beforeBulk(long executionId,
                                   BulkRequest request) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  BulkResponse response) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  Throwable failure) {
            }
        })
        .setBulkActions(BULK_ACTIONS)
        .setBulkSize(new ByteSizeValue(BYTE_SIZE_MB, ByteSizeUnit.MB))
        .setFlushInterval(TimeValue.timeValueSeconds(FLUSH_INTERVAL_SECONDS))
        .setConcurrentRequests(CONCURRENT_REQUESTS_NUM)
        .build();

client log

[ERROR] 05-17 18:05:12,355 com.xiaomi.data.main.EsClusterAvailabilityMonitorMain:74| NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{R2XSobKlQlSKGaxauwyeMg}{host2}{10…:9300}, {#transport#-2}{0z7eeV7kRPCxbK_kVZt6EA}{host3}{10…:9300}, {#transport#-3}{9rCGRNUgS4uF_-BuIyAtjQ}{host1}{10…:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:344)

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:242)

at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:356)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)

at org.elasticsearch.action.ActionRequestBuilder.get(ActionRequestBuilder.java:69)

at com.xiaomi.data.main.C3PrivacyCluserAvailabilityMonitor.main(C3PrivacyCluserAvailabilityMonitor.java:71)

elasticsearch log

[2017-05-17T18:08:50,146][WARN ][c.f.s.s.t.SearchGuardSSLNettyTransport] [host1] exception caught on transport layer [[id: 0x716b7ce4, L:0.0.0.0/0.0.0.0:9300 ! R:/10.132.15.33:43661]], closing connection

io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 455300000027000000000000005e08004c4ba3000016696e7465726e616c3a7463702f68616e647368616b6500

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:968) [netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

but I use curl get cluster health, it’s ok

curl -XGET ‘http://cluster_admin:fe32dWAd199@host1:9200/_cat/health?v&pretty’

epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent

1495015936 18:12:16 c3-es-privacy green 5 5 17 7 0 0 0 0 - 100.0%

jkressin · May 17, 2017, 3:25pm

Maybe you forgot to add the SearchGuardSSL plugin to the transport client?

TransportClient tc =
  TransportClient
  .builder()
  .settings(settings)
  .addPlugin(SearchGuardSSLPlugin.class)
  .build()

···

On Wednesday, May 17, 2017 at 12:13:36 PM UTC+2, hexiang55@gmail.com wrote:

Hi all
I install searchguard and use javaapi connect cluster, but client NoNodeAvailableException

elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.


resolve_hostname: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.

truststore_password: sg_admin
searchguard.authcz.admin_dn:
- CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
- CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

init client transport

Settings settings = Settings.builder()
        .put("[cluster.name](http://cluster.name)", cluster)

        .put("client.transport.sniff", true)
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/sg_user_admin-keystore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/truststore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "sg_admin")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "sg_admin").build();

client = new PreBuiltTransportClient(settings);
client.threadPool().getThreadContext().putHeader("Authorization", "Basic " + BaseEncoding.base64().encode("cluster_admin:fe32dWAd199".getBytes()));

for (InetSocketTransportAddress transportAddress : transportAddressList) {
    client.addTransportAddress(transportAddress);
}

bulkProcessor = BulkProcessor.builder(
        client,
        new BulkProcessor.Listener() {
            @Override
            public void beforeBulk(long executionId,
                                   BulkRequest request) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  BulkResponse response) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  Throwable failure) {
            }
        })
        .setBulkActions(BULK_ACTIONS)
        .setBulkSize(new ByteSizeValue(BYTE_SIZE_MB, ByteSizeUnit.MB))
        .setFlushInterval(TimeValue.timeValueSeconds(FLUSH_INTERVAL_SECONDS))
        .setConcurrentRequests(CONCURRENT_REQUESTS_NUM)
        .build();

client log

[ERROR] 05-17 18:05:12,355 com.xiaomi.data.main.EsClusterAvailabilityMonitorMain:74| NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{R2XSobKlQlSKGaxauwyeMg}{host2}{10…:9300}, {#transport#-2}{0z7eeV7kRPCxbK_kVZt6EA}{host3}{10…:9300}, {#transport#-3}{9rCGRNUgS4uF_-BuIyAtjQ}{host1}{10…:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:344)

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:242)

at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:356)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)

at org.elasticsearch.action.ActionRequestBuilder.get(ActionRequestBuilder.java:69)

at com.xiaomi.data.main.C3PrivacyCluserAvailabilityMonitor.main(C3PrivacyCluserAvailabilityMonitor.java:71)

elasticsearch log

[2017-05-17T18:08:50,146][WARN ][c.f.s.s.t.SearchGuardSSLNettyTransport] [host1] exception caught on transport layer [[id: 0x716b7ce4, L:0.0.0.0/0.0.0.0:9300 ! R:/10.132.15.33:43661]], closing connection

io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 455300000027000000000000005e08004c4ba3000016696e7465726e616c3a7463702f68616e647368616b6500

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:968) [netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

but I use curl get cluster health, it’s ok

curl -XGET ‘http://cluster_admin:fe32dWAd199@host1:9200/_cat/health?v&pretty’

epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent

1495015936 18:12:16 c3-es-privacy green 5 5 17 7 0 0 0 0 - 100.0%

hexiang55 · May 18, 2017, 3:59am

TransportClient tc =
        TransportClient
                .builder()
                .settings(settings)
                .addPlugin(SearchGuardSSLPlugin.class)
                .build();

Hi

Cannot resolve the method “builder()”

<!-- https://mvnrepository.com/artifact/org.elasticsearch.client/transport -->
<dependency>
    <groupId>org.elasticsearch.client</groupId>
    <artifactId>transport</artifactId>
    <version>5.2.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.floragunn/search-guard-ssl -->
<dependency>
    <groupId>com.floragunn</groupId>
    <artifactId>search-guard-ssl</artifactId>
    <version>5.2.1-21</version>
</dependency>

在 2017年5月17日星期三 UTC+8下午11:25:31，Jochen Kressin写道：

···

Maybe you forgot to add the SearchGuardSSL plugin to the transport client?

TransportClient tc =
  TransportClient
  .builder()
  .settings(settings)
  .addPlugin(SearchGuardSSLPlugin.class)
  .build()
On Wednesday, May 17, 2017 at 12:13:36 PM UTC+2, hexi...@gmail.com wrote:

Hi all
I install searchguard and use javaapi connect cluster, but client NoNodeAvailableException

elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.


resolve_hostname: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.

truststore_password: sg_admin
searchguard.authcz.admin_dn:
- CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
- CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

init client transport

Settings settings = Settings.builder()
        .put("[cluster.name](http://cluster.name)", cluster)

        .put("client.transport.sniff", true)
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/sg_user_admin-keystore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/truststore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "sg_admin")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "sg_admin").build();

client = new PreBuiltTransportClient(settings);
client.threadPool().getThreadContext().putHeader("Authorization", "Basic " + BaseEncoding.base64().encode("cluster_admin:fe32dWAd199".getBytes()));

for (InetSocketTransportAddress transportAddress : transportAddressList) {
    client.addTransportAddress(transportAddress);
}

bulkProcessor = BulkProcessor.builder(
        client,
        new BulkProcessor.Listener() {
            @Override
            public void beforeBulk(long executionId,
                                   BulkRequest request) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  BulkResponse response) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  Throwable failure) {
            }
        })
        .setBulkActions(BULK_ACTIONS)
        .setBulkSize(new ByteSizeValue(BYTE_SIZE_MB, ByteSizeUnit.MB))
        .setFlushInterval(TimeValue.timeValueSeconds(FLUSH_INTERVAL_SECONDS))
        .setConcurrentRequests(CONCURRENT_REQUESTS_NUM)
        .build();

client log

[ERROR] 05-17 18:05:12,355 com.xiaomi.data.main.EsClusterAvailabilityMonitorMain:74| NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{R2XSobKlQlSKGaxauwyeMg}{host2}{10…:9300}, {#transport#-2}{0z7eeV7kRPCxbK_kVZt6EA}{host3}{10…:9300}, {#transport#-3}{9rCGRNUgS4uF_-BuIyAtjQ}{host1}{10…:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:344)

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:242)

at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:356)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)

at org.elasticsearch.action.ActionRequestBuilder.get(ActionRequestBuilder.java:69)

at com.xiaomi.data.main.C3PrivacyCluserAvailabilityMonitor.main(C3PrivacyCluserAvailabilityMonitor.java:71)

elasticsearch log

[2017-05-17T18:08:50,146][WARN ][c.f.s.s.t.SearchGuardSSLNettyTransport] [host1] exception caught on transport layer [[id: 0x716b7ce4, L:0.0.0.0/0.0.0.0:9300 ! R:/10.132.15.33:43661]], closing connection

io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 455300000027000000000000005e08004c4ba3000016696e7465726e616c3a7463702f68616e647368616b6500

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:968) [netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

but I use curl get cluster health, it’s ok

curl -XGET ‘http://cluster_admin:fe32dWAd199@host1:9200/_cat/health?v&pretty’

epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent

1495015936 18:12:16 c3-es-privacy green 5 5 17 7 0 0 0 0 - 100.0%

hexiang55 · May 18, 2017, 6:41am

Hi TransportClient.builder… es2.4X but I used 5.2.1. what should I do?

TransportClient
  .builder()

在 2017年5月17日星期三 UTC+8下午11:25:31，Jochen Kressin写道：

···

Maybe you forgot to add the SearchGuardSSL plugin to the transport client?

TransportClient tc =
  TransportClient
  .builder()
  .settings(settings)
  .addPlugin(SearchGuardSSLPlugin.class)
  .build()
On Wednesday, May 17, 2017 at 12:13:36 PM UTC+2, hexi...@gmail.com wrote:

Hi all
I install searchguard and use javaapi connect cluster, but client NoNodeAvailableException

elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.


resolve_hostname: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.

truststore_password: sg_admin
searchguard.authcz.admin_dn:
- CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
- CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

init client transport

Settings settings = Settings.builder()
        .put("[cluster.name](http://cluster.name)", cluster)

        .put("client.transport.sniff", true)
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/sg_user_admin-keystore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/truststore.jks")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "sg_admin")
        .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "sg_admin").build();

client = new PreBuiltTransportClient(settings);
client.threadPool().getThreadContext().putHeader("Authorization", "Basic " + BaseEncoding.base64().encode("cluster_admin:fe32dWAd199".getBytes()));

for (InetSocketTransportAddress transportAddress : transportAddressList) {
    client.addTransportAddress(transportAddress);
}

bulkProcessor = BulkProcessor.builder(
        client,
        new BulkProcessor.Listener() {
            @Override
            public void beforeBulk(long executionId,
                                   BulkRequest request) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  BulkResponse response) {
            }

            @Override
            public void afterBulk(long executionId,
                                  BulkRequest request,
                                  Throwable failure) {
            }
        })
        .setBulkActions(BULK_ACTIONS)
        .setBulkSize(new ByteSizeValue(BYTE_SIZE_MB, ByteSizeUnit.MB))
        .setFlushInterval(TimeValue.timeValueSeconds(FLUSH_INTERVAL_SECONDS))
        .setConcurrentRequests(CONCURRENT_REQUESTS_NUM)
        .build();

client log

[ERROR] 05-17 18:05:12,355 com.xiaomi.data.main.EsClusterAvailabilityMonitorMain:74| NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{R2XSobKlQlSKGaxauwyeMg}{host2}{10…:9300}, {#transport#-2}{0z7eeV7kRPCxbK_kVZt6EA}{host3}{10…:9300}, {#transport#-3}{9rCGRNUgS4uF_-BuIyAtjQ}{host1}{10…:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:344)

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:242)

at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:356)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)

at org.elasticsearch.action.ActionRequestBuilder.get(ActionRequestBuilder.java:69)

at com.xiaomi.data.main.C3PrivacyCluserAvailabilityMonitor.main(C3PrivacyCluserAvailabilityMonitor.java:71)

elasticsearch log

[2017-05-17T18:08:50,146][WARN ][c.f.s.s.t.SearchGuardSSLNettyTransport] [host1] exception caught on transport layer [[id: 0x716b7ce4, L:0.0.0.0/0.0.0.0:9300 ! R:/10.132.15.33:43661]], closing connection

io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 455300000027000000000000005e08004c4ba3000016696e7465726e616c3a7463702f68616e647368616b6500

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:968) [netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

but I use curl get cluster health, it’s ok

curl -XGET ‘http://cluster_admin:fe32dWAd199@host1:9200/_cat/health?v&pretty’

epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent

1495015936 18:12:16 c3-es-privacy green 5 5 17 7 0 0 0 0 - 100.0%

hexiang55 · May 18, 2017, 9:17am

hi

Settings settings = Settings.builder()
                .put("cluster.name", cluster)

                .put("client.transport.sniff", true)
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/sg_user_admin-keystore.jks")
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "/home/work/workspace/es_monitor/src/main/resources/truststore.jks")
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "sg_admin")
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "sg_admin")
// .put("path.home","/home/work/app/elasticsearch")
                .put("path.home","/")
                .build();

client = new PreBuiltTransportClient(settings,SearchGuardSSLPlugin.class);
client.threadPool().getThreadContext().putHeader("Authorization", "Basic "+ Base64.encode("cluster_admin:fe32dWAd199".getBytes()));

but it’s [transport_client_boss][T#5]] ERROR com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - SSL Problem General SSLEngine problem

client log:

17:09:35.683 [elasticsearch[client][transport_client_boss][T#4]] ERROR com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - SSL Problem General SSLEngine problem

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[?:1.8.0_111]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:1.8.0_111]

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:1.8.0_111]

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:1.8.0_111]

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_111]

at io.netty.handler.ssl.SslHandler$SslEngineType$2.unwrap(SslHandler.java:218) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1028) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:950) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) ~[netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_111]

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_111]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:1.8.0_111]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_111]

at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_111]

at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1167) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1080) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

... 17 more

Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching host1 found.

at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204) ~[?:1.8.0_111]

at sun.security.util.HostnameChecker.match(HostnameChecker.java:95) ~[?:1.8.0_111]

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[?:1.8.0_111]

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[?:1.8.0_111]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[?:1.8.0_111]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_111]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_111]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_111]

at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_111]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_111]

at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1167) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1080) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

... 17 more

es master log:

[2017-05-18T17:09:35,682][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [host1] SSL Problem Received fatal alert: certificate_unknown

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?]

at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?]

at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?]

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?]

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_111]

at io.netty.handler.ssl.SslHandler$SslEngineType$2.unwrap(SslHandler.java:218) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1028) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:950) ~[netty-handler-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) ~[netty-codec-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:341) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:349) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:642) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:527) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:481) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) [netty-transport-4.1.7.Final.jar:4.1.7.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.7.Final.jar:4.1.7.Final]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

but when I ping host1 ,it’s ok

Topic		Replies	Views
NoNodeAvailableException when trying to connect to ES using TransportClient Search Guard	4	933	January 30, 2017
NoNodeAvailableException[None of the configured nodes are available: Search Guard	1	1152	February 16, 2017
Please help me figure out why one SSL configuration works and one does not Search Guard	2	388	October 19, 2018
SSL Problem Received fatal alert: certificate_unknown Search Guard	0	1024	May 19, 2017
Evaluating Search Guard - How to enable debug lo level. Search Guard	2	632	February 18, 2019

NoNodeAvailableException

Related Topics