Curate Unable to connect to Elasticsearch cluster

$ curator_cli --version
curator_cli, version 5.8.3
$ curator_cli --loglevel DEBUG --use_ssl --host 'https://test01.elk.com' --certificate '/etc/pki/www/pams-ca.pem' --port 9200  show_indices
2021-03-03 16:22:08,053 DEBUG     curator.cli_singletons.cli_action.show_indices          check_filters:125  Validating provided filters: [{'filtertype': 'none'}]
2021-03-03 16:22:08,053 DEBUG     curator.validators.SchemaCheck               __init__:26   Schema: <function Filters.<locals>.f at 0x7fce9ae97940>
2021-03-03 16:22:08,053 DEBUG     curator.validators.SchemaCheck               __init__:27   "filters" config: [{'filtertype': 'none'}]
2021-03-03 16:22:08,054 DEBUG     curator.validators.SchemaCheck               __init__:26   Schema: {'filtertype': Any(In(['age', 'alias', 'allocated', 'closed', 'count', 'empty', 'forcemerged', 'ilm', 'kibana', 'none', 'opened', 'pattern', 'period', 'shards', 'space', 'state']), msg="filtertype must be one of ['age', 'alias', 'allocated', 'closed', 'count', 'empty', 'forcemerged', 'ilm', 'kibana', 'none', 'opened', 'pattern', 'period', 'shards', 'space', 'state']")}
2021-03-03 16:22:08,054 DEBUG     curator.validators.SchemaCheck               __init__:27   "filter" config: {'filtertype': 'none'}
2021-03-03 16:22:08,054 DEBUG     curator.validators.filters                      f:48   Filter #0: {'filtertype': 'none'}
2021-03-03 16:22:08,054 DEBUG              curator.utils       process_ssl_args:826  Attempting to verify SSL certificate.
2021-03-03 16:22:08,054 DEBUG              curator.utils           try_aws_auth:886  Checking for AWS settings
2021-03-03 16:22:08,057 DEBUG              curator.utils             get_client:1019 kwargs = {'use_ssl': True, 'hosts': ['https://test01.elk.com'], 'certificate': '/etc/pki/www/pams-ca.pem', 'port': 9200, 'url_prefix': '', 'aws_key': None, 'aws_sign_request': False, 'client_cert': None, 'timeout': 30, 'aws_secret_key': None, 'aws_token': None, 'ssl_no_validate': False, 'client_key': None, 'http_auth': None, 'connection_class': <class 'elasticsearch.connection.http_requests.RequestsHttpConnection'>, 'verify_certs': True, 'ca_certs': '/etc/pki/www/pams-ca.pem', 'aws_region': False}
2021-03-03 16:22:08,057 INFO               curator.utils             get_client:1024 Instantiating client object
2021-03-03 16:22:08,057 INFO               curator.utils             get_client:1027 Testing client connectivity
/opt/python/3.8./lib/python3.8/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for test01.elk.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
2021-03-03 16:22:08,186 ERROR              curator.utils             get_client:1040 Unable to connect to Elasticsearch cluster. Error: Unknown mimetype, unable to deserialize: text/html
2021-03-03 16:22:08,187 CRITICAL           curator.utils             get_client:1045 Curator cannot proceed. Exiting.```


Any Idea, what's am doing wrong here.

This indicates you are probably not connecting directly to Elasticsearch, but to something else. Elasticsearch will only ever respond with JSON. If you're getting back text/html, it's not Elasticsearch you're connected to.

it's only elasticsearch is running on that port then how it's connecting to something else. I don't understand your statement "This indicates you are probably not connecting directly to Elasticsearch, but to something else."

I am directly trying to connect with elasticsearch where elasticsearch is using ssl cert and kibana are connected as with ssl verifying process as well. and it works fine.

but I don't understand why curator won't able to verify ssl cert as it supposed to.

You're including https in --host, and also including --port 9200. You must be hitting https://test01.elk.com:443 and not port 9200.

Either switch to using --use-ssl --host 'test01.elk.com' --port 9200 or --use-ssl --host 'https://test01.elk.com:9200' (and not specify --port).

1 Like

Thank you very much for your reply "@theuntergeek", It did work. and I did update my curator config file to https://host:port, It worked perfectly fine.

I would highly suggest people to use option as I followed and mentioned here. when you use curator.yml config: with self signed certificates for ssl/tls verification used on your Elasticsearch node.

On documents, it is not really mentioned clearly. so I was using

client:
  hosts:
    - 127.0.0.1
  port: 9200

when I changed to format below, It actually worked just fine.

client:
  hosts:
    - https://securehost.com:9200

Please don't follow as it mentioned Here. but try to see what works for you. :grinning:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.