$ curator_cli --version
curator_cli, version 5.8.3
$ curator_cli --loglevel DEBUG --use_ssl --host 'https://test01.elk.com' --certificate '/etc/pki/www/pams-ca.pem' --port 9200 show_indices
2021-03-03 16:22:08,053 DEBUG curator.cli_singletons.cli_action.show_indices check_filters:125 Validating provided filters: [{'filtertype': 'none'}]
2021-03-03 16:22:08,053 DEBUG curator.validators.SchemaCheck __init__:26 Schema: <function Filters.<locals>.f at 0x7fce9ae97940>
2021-03-03 16:22:08,053 DEBUG curator.validators.SchemaCheck __init__:27 "filters" config: [{'filtertype': 'none'}]
2021-03-03 16:22:08,054 DEBUG curator.validators.SchemaCheck __init__:26 Schema: {'filtertype': Any(In(['age', 'alias', 'allocated', 'closed', 'count', 'empty', 'forcemerged', 'ilm', 'kibana', 'none', 'opened', 'pattern', 'period', 'shards', 'space', 'state']), msg="filtertype must be one of ['age', 'alias', 'allocated', 'closed', 'count', 'empty', 'forcemerged', 'ilm', 'kibana', 'none', 'opened', 'pattern', 'period', 'shards', 'space', 'state']")}
2021-03-03 16:22:08,054 DEBUG curator.validators.SchemaCheck __init__:27 "filter" config: {'filtertype': 'none'}
2021-03-03 16:22:08,054 DEBUG curator.validators.filters f:48 Filter #0: {'filtertype': 'none'}
2021-03-03 16:22:08,054 DEBUG curator.utils process_ssl_args:826 Attempting to verify SSL certificate.
2021-03-03 16:22:08,054 DEBUG curator.utils try_aws_auth:886 Checking for AWS settings
2021-03-03 16:22:08,057 DEBUG curator.utils get_client:1019 kwargs = {'use_ssl': True, 'hosts': ['https://test01.elk.com'], 'certificate': '/etc/pki/www/pams-ca.pem', 'port': 9200, 'url_prefix': '', 'aws_key': None, 'aws_sign_request': False, 'client_cert': None, 'timeout': 30, 'aws_secret_key': None, 'aws_token': None, 'ssl_no_validate': False, 'client_key': None, 'http_auth': None, 'connection_class': <class 'elasticsearch.connection.http_requests.RequestsHttpConnection'>, 'verify_certs': True, 'ca_certs': '/etc/pki/www/pams-ca.pem', 'aws_region': False}
2021-03-03 16:22:08,057 INFO curator.utils get_client:1024 Instantiating client object
2021-03-03 16:22:08,057 INFO curator.utils get_client:1027 Testing client connectivity
/opt/python/3.8./lib/python3.8/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for test01.elk.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
2021-03-03 16:22:08,186 ERROR curator.utils get_client:1040 Unable to connect to Elasticsearch cluster. Error: Unknown mimetype, unable to deserialize: text/html
2021-03-03 16:22:08,187 CRITICAL curator.utils get_client:1045 Curator cannot proceed. Exiting.```
Any Idea, what's am doing wrong here.
This indicates you are probably not connecting directly to Elasticsearch, but to something else. Elasticsearch will only ever respond with JSON. If you're getting back text/html, it's not Elasticsearch you're connected to.
it's only elasticsearch is running on that port then how it's connecting to something else. I don't understand your statement "This indicates you are probably not connecting directly to Elasticsearch, but to something else."
I am directly trying to connect with elasticsearch where elasticsearch is using ssl cert and kibana are connected as with ssl verifying process as well. and it works fine.
but I don't understand why curator won't able to verify ssl cert as it supposed to.
You're including https
in --host
, and also including --port 9200
. You must be hitting https://test01.elk.com:443
and not port 9200
.
Either switch to using --use-ssl --host 'test01.elk.com' --port 9200
or --use-ssl --host 'https://test01.elk.com:9200'
(and not specify --port
).
Thank you very much for your reply "@theuntergeek", It did work. and I did update my curator config file to https://host:port, It worked perfectly fine.
I would highly suggest people to use option as I followed and mentioned here. when you use curator.yml config: with self signed certificates for ssl/tls verification used on your Elasticsearch node.
On documents, it is not really mentioned clearly. so I was using
client:
hosts:
- 127.0.0.1
port: 9200
when I changed to format below, It actually worked just fine.
client:
hosts:
- https://securehost.com:9200
Please don't follow as it mentioned Here. but try to see what works for you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.