Cannot install elser on elastic search

I have an Elasticsearch instance (version 9.1.0) running on docker. Everything works perfectly until tried to test the semantic search feature using ELSER model.

Here is my code (following the example in elastic.co blogpost)

```

def deploy_elser(self):

        # download ELSER v2

        self.es.ml.put_trained_model(model_id='.elser_model_2',

                                     input={'field_names': ['text_field']})

        # wait until ready

        while True:

            status = self.es.ml.get_trained_models(model_id='.elser_model_2',

                                                   include='definition_status')

            if status['trained_model_configs'][0]['fully_defined']:

                # model is ready

                break

            time.sleep(1)

        # deploy the model

        self.es.ml.start_trained_model_deployment(model_id='.elser_model_2')

        # define a pipeline

        self.es.ingest.put_pipeline(

            id='elser-ingest-pipeline',

            processors=[

                {

                    'inference': {

                        'model_id': '.elser_model_2',

                        'input_output': [

                            {

                                'input_field': 'summary',

                                'output_field': 'elser_embedding',

                            }

                        ]

                    }

                }

            ]

        )

Here is the error

Error: BadRequestError(400, 'illegal_argument_exception', 'Failed to load package metadata', javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

What am I doing wrong?

Hi @Nnamdi_Ekweariri Welcome to the community.

That link is not to a blog post ... can you share the correct link?

Perhaps take a look at the ELSER Docs at the requirements etc.

The error looks like there are self-managed certs, so I suspect you may need to disable certificate validation in your code or something

Did you try deploying it directly from the Dev Tools in Kibana? To see if it works?

The easiest and recommended way to download and deploy ELSER is to use the inference API.

  1. In Kibana, navigate to the Dev Console.
  2. Create an inference endpoint with the ELSER service by running the following API request:
PUT _inference/sparse_embedding/my-elser-endpoint
{
  "service": "elasticsearch",
  "service_settings": {
    "adaptive_allocations": {
      "enabled": true,
      "min_number_of_allocations": 1,
      "max_number_of_allocations": 10
    },
    "num_threads": 1,
    "model_id": ".elser_model_2"
  }
}
1 Like

Hi Stephen,
thanks for your prompt response, here is the blog post where I found the implementation. The ELSER Model - Elasticsearch Labs

I ran the code you provided in kibana, but the error seems to be similar. Could it be that ssl certificate is not included in the docker-based installation?


{   "error": {     "root_cause": [       {         "type": "illegal_argument_exception",         "reason": "Failed to load package metadata"       }     ],     "type": "illegal_argument_exception",     "reason": "Failed to load package metadata",     "caused_by": {       "type": "unchecked_i_o_exception",       "reason": "javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",       "caused_by": {         "type": "s_s_l_handshake_exception",         "reason": "(certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",         "caused_by": {           "type": "validator_exception",           "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",           "caused_by": {             "type": "sun_cert_path_builder_exception",             "reason": "unable to find valid certification path to requested target"           }         }       }     }   },   "status": 400 }

The error comes from SSL verification when Elasticsearch tries to download the ELSER model. It usually happens due to missing CA certificates, an outdated Docker image, or network restrictions. Updating CA certs or adjusting elasticsearch.yml often resolves it. If you’re still facing the same issue, you can connect webkul.

1 Like

@Nnamdi_Ekweariri

Exactly how have you set up elastic in docker?

Is SSL enabled?

What is the connection string look like in Python?

Can you do a simple search from the python?

I modified my elasticsearch.yml to include xpack.security.transport.ssl.enabled: true but the instance kept restarting so I have just removed it, the error went away and I noticed that the initial issue was from my license. Thanks all for your support.

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "current license is non-compliant for [inference]",
        "license.expired.feature": "inference"
      }
    ],
    "type": "security_exception",
    "reason": "current license is non-compliant for [inference]",
    "license.expired.feature": "inference"
  },
  "status": 403
}
1 Like

This message indicates that you don’t have the right license level for this feature. You can activate a trial from Kibana directly or by calling Start a trial | Elasticsearch API documentation

POST /_license/start_trial?acknowledge=true
2 Likes