Hi I am trying to restore an index from one machine to another, with reindex, the problem is that I am having an error that I imagine is linked to search guard.
The source is the machine 128.95.36.46 and the target is 128.95.36.12. I tried to find how to do it, but I admit I didn’ t find some step by step guide. I imagine that I should pass the login and password some how, and I am pretty sure is this the problem. The thing is that i don’ t know how!
when I try this in Kibaana over the machine 128.95.36.46
POST _reindex
{
“source”: {
“remote”: {
“host”: “https://128.95.36.12:9200”
},
“index”: “test1”,
“size”: 10
},
“dest”: {
“index”: “test1”
}
}
I receive the following answer:
{
“error”: {
“root_cause”: [
{
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”
}
],
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”,
“caused_by”: {
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”,
“caused_by”: {
“type”: “validator_exception”,
“reason”: “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”,
“caused_by”: {
“type”: “sun_cert_path_builder_exception”,
“reason”: “unable to find valid certification path to requested target”
}
}
}
},
“status”: 500
}
The configuration of the whitelist is reindex.remote.whitelist: 128.95.36.46:9200 in one machine and reindex.remote.whitelist: 128.95.36.12:9200 on the other, is the only thing that changes on the elasticsearc.yml from the two servers. The config files are in attachment to the message.
Thank you for any help
– Daniel
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version : 6.2.2
-
Installed and used enterprise modules: No
-
JVM version and operating system version: 1.8.0_162 HotSpot
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
[2018-05-23T18:05:18,318][WARN ][r.suppressed ] path: /_reindex, params: {}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) ~[?:?]
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) ~[?:?]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[?:1.8.0_121]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) ~[?:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_121]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more
- Other installed Elasticsearch or Kibana plugins, if any
sg_config.yml (9.4 KB)
elasticsearch.yml (3.98 KB)