I'm trying to set up a deployment of Elastic Enterprise Search now that it's free as part of the standard license. For the life of me, I can't get the service to see our Elasticsearch cluster, and I can't figure out why.
I have a configuration file that looks like this:
elasticsearch.ssl.enabled: true
elasticsearch.ssl.verify: false
ent_search.auth.source: standard
secret_management.encryption_keys: [secret]
allow_es_settings_modification: true
elasticsearch.host: https://monitoring.internal
elasticsearch.username: elastic
elasticsearch.password: secret
When I separately try to use curl to access the resource from the sever where I'm trying to run the service, it works just fine:
$ curl --user elastic:secret https://monitoring.internal -k
{
"name" : "monitoring-es-client-0",
"cluster_name" : "monitoring",
"cluster_uuid" : "XXX",
"version" : {
"number" : "7.9.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667",
"build_date" : "2020-08-11T21:36:48.204330Z",
"build_snapshot" : false,
"lucene_version" : "8.6.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
But when I try to run the Enterprise Search service, it fails to completely boot up with the unhelpful error message:
[2020-09-16T20:25:21.546+00:00][42859][2002][app-server][INFO]: Failed to connect to Elasticsearch backend. Make sure it is running.
And the diagnostic report function isn't much more helpful:
$ sudo bin/enterprise-search --diagnostic-report
Found java executable in PATH
Java version detected: 11.0.8 (major version: 11)
Enterprise Search is starting...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/enterprise-search/lib/war/lib/jruby-core-9.2.9.0-complete.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2020-09-16T20:29:50.258+00:00][43020][2002][script][INFO]: Enterprise Search version=7.9.1, JRuby version=9.2.9.0, Ruby version=2.5.7, Rails version=4.2.11.3
[2020-09-16T20:29:51.158+00:00][43020][2002][script][INFO]: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[2020-09-16T20:29:51.160+00:00][43020][2002][script][ERROR]:
--------------------------------------------------------------------------------
Error: Enterprise Search is unable to connect to Elasticsearch. Ensure a healthy Elasticsearch cluster is running at https://monitoring.internal for user elastic.
--------------------------------------------------------------------------------
What am I doing wrong in my configuration file?
I was getting this same error. I was able to have Enterprise-search talk to the elasticsearch database by enabling the following settings in the config/enterprise-search.yml file.
I had a PKCS12 truststore and used the following commands to extract the files I needed:
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.crt -nokeys
openssl pkcs12 -in elasticsearch-certificates.p12 -out outfile.key -nodes -nocerts
openssl pkcs12 -in elasticsearch-certificates.p12 -cacerts -nokeys -out ca.crt
I also used chown enterprise-search:enterprise-search on these files for good measure.
elasticsearch.ssl.enabled: true
elasticsearch.ssl.certificate: "/usr/share/enterprise-search/outfile.crt"
elasticsearch.ssl.certificate_authority: "/usr/share/enterprise-search/ca.crt"
elasticsearch.ssl.key: "/usr/share/enterprise-search/outfile.key"
elasticsearch.ssl.key_passphrase: [key password]
elasticsearch.ssl.verify: false
You'll also need an SSL certificate for the Enterprise Search website to load
ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "/home/<user>/http.p12"
ent_search.ssl.keystore.password: [password]