Attached is my config file

client:
hosts:
use_ssl:True
certificate:''
ssl_no_validate:False
timeout:90
master_only:False

logging:
loglevel:DEBUG
logfile:'/elasticsearch/logs/curator.log'
logformat:default
blacklist:['elasticsearch', 'urllib3' ]

actions file :

actions:
1:
action: delete_indices
description: "Delete selected indices"
options:
ignore_empty_list: False
timeout_override: 300
continue_if_exception: False
disable_action: False
filters:
- filtertype: pattern
kind : prefix
value: logstash
- filtertype: age
source: creation_date
direction: older
unit: days
unit_count: 1

Please encapsulate your pasted config data inside triple back ticks, like this:

```
PASTE HERE
```

Without this, I can't tell if the YAML is properly indented and formatted.

---
client:
  hosts:
  use_ssl:True
  certificate:'/elasticsearch/certs/ca.crt'
  ssl_no_validate:False
  timeout:90
  master_only:False
#
logging:
  loglevel:DEBUG
  logfile:'/elasticsearch/logs/curator.log'
  logformat:default
  blacklist:[]

Here is the actions file as well

actions:
 1:
 action:delete_indices
 description:"Delete selected indices"
 options:
    ignore_empty_list:False
    timeout_override:300
    continue_if_exception:False
    disable_action:False
  filters:
      - filtertype:pattern
        kind:prefix
        value:logstash
      - filtertype:age
        source:creation_date
        direction:older
        unit:days
        unit_count:1

There are two problems I see.

1. YAML requires a space between the colon after a key name (and before the value).
2. The indentation was incorrect.

This is a corrected example based on what you provided:

actions:
  1:
    action: delete_indices
    description: "Delete selected indices"
    options:
      ignore_empty_list: False
      timeout_override: 300
      continue_if_exception: False
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: logstash
    - filtertype: age
      source: creation_date
      direction: older
      unit: days
      unit_count: 1

Thansk aaron for that. Does the config file has proper indentation ?

The indentation is okay for the config file, but you need to add spaces after the colons for each key, e.g.

use_ssl: true

(true and false don't need to be capitalized, but it will work either way)

Thanks aaron for that. I got everything worked out now. The only thing that I have hard time is using certificate file for ssl authentication. Attached is my config file. It gives me authentication error. Just to add , It works perfectly fine if I change the ssl_no_validate to true.

---
client:
  hosts: 
  use_ssl: true
  certificate: '/logstash/certs/us-xplore-dev/ca.crt'
  ssl_no_validate: false
  timeout: 90
  http_auth: 
  master_only: false
#
logging:
  loglevel: DEBUG
  logfile: '/logstash/curator/curator.log'
  logformat: default
  blacklist: []

But I get this following error :
/usr/local/lib/python2.7/dist-packages/curator/utils.py:53: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
return yaml.load(read_file(path))
Traceback (most recent call last):
File "/usr/local/bin/curator", line 11, in
sys.exit(cli())
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 722, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/curator/cli.py", line 213, in cli
run(config, action_file, dry_run)
File "/usr/local/lib/python2.7/dist-packages/curator/cli.py", line 160, in run
client = get_client(**client_args)
File "/usr/local/lib/python2.7/dist-packages/curator/utils.py", line 906, in get_client
'Error: {0}'.format(e)
elasticsearch.exceptions.ElasticsearchException: Unable to create client connection to Elasticsearch. Error: ConnectionError(hostname u'112.16.116.185' doesn't match either of 'elasticsearch1', '112.16.116.185') caused by: SSLError(hostname u'112.16.116.185' doesn't match either of 'elasticsearch1', '112.16.116.185')

What did you use to generate those certificates? It appears you are doing full hostname validation, as it's checking for elasticsearch1 or the IP. Is the remote Elasticsearch configured to expect full verification for ssl.verification_mode? I recommend using certificate for these self-signed ones, or you should probably build them with fully-qualified domain names, instead of just IPs and short host names.

So when you mean use certificate for self signed ones , does that mean just use the http_auth with certificate ?.

I'm making some assumptions here.

1. You're using Elastic's Security (formerly known as xpack)
2. You are generating the certificates with Elastic's certutil command.

Is this accurate?

yes that is accurate aaron.

Just wanted to confirm , do I need to mention the dns as well in the config file , instead of just giving the IP ?

Apparently, your certificate only has 'elasticsearch1', and '112.16.116.185' associated with it. You specified this when you created the certificates. Elasticsearch is trying to verify these values, and it's not able to do so. I recommend setting

xpack.ssl.verification_mode: certificate

…in your elasticsearch.yml file so that the certificate Curator is using only has to be signed by the same certificate authority that created the ones you made for your Elasticsearch nodes.

If you can't, I recommend creating new certificates that are based not on short name and IP, but on a fully-qualified domain name, and making an extra one for Curator, if needed. If Curator is running on one of your existing hosts, you can re-use its certificate.

You could also try to just put elasticsearch1 in your hosts array in the Curator YAML file, but FQDN is better.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.