Cluster Elastics 5.5 exception caught on transport layer


(Павел Живцов) #1

Hello.

I use:
X-Pack 5.5.1; Elastic 5.5.1; Kibana 5.5; Logstash 5.5

Configurations:

  1. master:
    xpack.monitoring.enabled: true
    xpack.ssl.key: /etc/elasticsearch/logstashtest.key
    xpack.ssl.certificate: /etc/elasticsearch/logstashtest.crt
    xpack.ssl.certificate_authorities: ["/etc/elasticsearch/ca.crt" ]
    xpack.security.http.ssl.enabled: true
    xpack.security.transport.ssl.enabled: true
    cluster.name: itisagooddaytodie
    node.name: logstashtest
    node.master: true
    node.data: true
    node.ingest: false
    node.ml: false
    xpack.ml.enabled: true
    network.host: 0.0.0.0
    network.publish_host: logstashtest
    transport.tcp.port: 9300
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["logstashtest", "elastic3.rsw.msk"]
    discovery.zen.minimum_master_nodes: 1

2.slave:
xpack.monitoring.enabled: true
xpack.ssl.key: /etc/elasticsearch/elastic3.key
xpack.ssl.certificate: /etc/elasticsearch/elastic3.crt
xpack.ssl.certificate_authorities: ["/etc/elasticsearch/ca.crt"]
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
cluster.name: itisagooddaytodie
node.name: elastic3
node.master: false
node.data: true
node.ingest: false
node.ml: false
network.host: 0.0.0.0
network.publish_host: elastic3.rsw.msk
transport.tcp.port: 9300
http.port: 9200
discovery.zen.ping.unicast.hosts: ["logstashtest"]

If you try to link multiple hosts to the cluster, you receive an error:
https://elastic3.rsw.msk:9200/_cluster/health?pretty ->
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}

log error:

[2017-09-21T13:11:59,442][WARN ][o.e.d.z.ZenDiscovery ] [elastic3] not enough master nodes discovered during pinging (found [[]], but needed [-1]), pinging again
[2017-09-21T13:11:59,494][WARN ][o.e.x.s.t.n.SecurityNetty4Transport] [elastic3] exception caught on transport layer [[id: 0x05e55112, L:0.0.0.0/0.0.0.0:59552 ! R:/192.168.10.144:9300]], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.11.Final.jar:4.1.11.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.11.Final.jar:4.1.11.Final]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
...
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
....
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
... 15 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:145) ~[?:?]
.....

It turns out that the error is due to the fact that the SSL on port 9300 costs, how can I solve this problem?
xpack.security.transport.ssl.enabled: false - did not help = (

Please, help!)


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.