Curator 5.4 SSL module is not available

nradonicich · November 16, 2017, 7:53pm

Hello, Installed curator 5.4 to manage a new ES6 instance (was RC1 now GA). When running curator against ES6 with X-Pack security (SSL enabled) an error is received from urllib3 seen from below debug log. This is on a RHEL73 system, curator installed from RPM which from what I understand should include all the needed modules, etc. Suggestions on correcting this?

Debug Log

2017-11-16 14:44:30,491 DEBUG     urllib3.connectionpool              _new_conn:824  Starting new HTTPS connection (4): 127.0.0.1
2017-11-16 14:44:30,491 WARNING            elasticsearch       log_request_fail:97   GET https://127.0.0.1:9200/ [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/home/buh/.local/lib/python3.6/site-packages/elasticsearch/connection/http_urllib3.py", line 114, in perform_request
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/util/retry.py", line 333, in increment
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/packages/six.py", line 686, in reraise
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 589, in urlopen
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 251, in _get_conn
  File "/home/buh/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 827, in _new_conn
urllib3.exceptions.SSLError: Can't connect to HTTPS URL because the SSL module is not available.
2017-11-16 14:44:30,492 DEBUG              elasticsearch       log_request_fail:105  > None
Unable to create client connection to Elasticsearch.  Error: ConnectionError(Can't connect to HTTPS URL because the SSL module is not available.) caused by: SSLError(Can't connect to HTTPS URL because the SSL module is not available.)

curator.yml

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
client:
  hosts:
    - 127.0.0.1
  port: 9200
  url_prefix:
  use_ssl: True
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: True
  http_auth: curator:password
  timeout: 30
  master_only: False

logging:
  loglevel: DEBUG
  logfile:
  logformat: default
  blacklist: []
#['elasticsearch', 'urllib3']

elasticsearch.yml (truncated)

xpack:
  security:
    transport:
      ssl:
        enabled: true
    http:
      ssl:
        enabled: true

theuntergeek · November 16, 2017, 8:30pm

Thanks for reporting this. I will try to duplicate it.

theuntergeek · November 16, 2017, 9:22pm

More research has revealed that this is limited to RHEL/CentOS 7. The Curator packages for CentOS 6, Ubuntu 1404/1604 Debian 8, and Debian 9 all work as expected.

Update: This is due to an OpenSSL library version mismatch. The fix for this is yum update openssl-libs. The expected version should be 1.0.2k-8.el7:

# yum list installed | grep ssl
openssl-libs.x86_64                       1:1.0.2k-8.el7                @base

I'm not sure what changed with OpenSSL recently, but updating it on CentOS 7 seems to have fixed it.

nradonicich · November 17, 2017, 4:07am

This worked, updating from 1.0.1e-60 to 1.0.2k-8 solved it.

Thanks!

system · December 15, 2017, 4:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Curator is not working after enable TLS/SSL in 5.6 version Elasticsearch curator	2	884	March 21, 2019
Curator over SSL Elasticsearch	3	2188	July 5, 2017
Curator support for RHEL8 Elasticsearch curator	2	803	October 15, 2020
Unable to create client connect; SSL certificate verify failed Elasticsearch docker , curator	42	7716	June 10, 2020
Docker Curator is not working Elasticsearch curator	12	3777	August 21, 2019

Curator 5.4 SSL module is not available

Related topics