Curator not able to authenticate elasticSearch, with X-Pack

(Sundeep Mamidi) #1


I have been using curator to cleanup my data, for a while now. It worked all well while I was running elasticsearch 5.5.2, but since the upgrade to 6.2.3, it doesn't work. I have also added x-pack with the v6.2.3. Below are the logs from curator. (I'm running everything containerized).

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/bin/curator_cli", line 11, in
load_entry_point('elasticsearch-curator==5.4.0', 'console_scripts', 'curator_cli')()
File "/usr/lib/python3.6/site-packages/curator/", line 5, in main
File "/usr/lib/python3.6/site-packages/click/", line 722, in call
return self.main(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/click/", line 697, in main
rv = self.invoke(ctx)
File "/usr/lib/python3.6/site-packages/click/", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3.6/site-packages/click/", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3.6/site-packages/click/", line 535, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/click/", line 17, in new_func
return f(get_current_context(), *args, **kwargs)
File "/usr/lib/python3.6/site-packages/curator/", line 256, in delete_indices_singleton
client = get_client(**c_args)
File "/usr/lib/python3.6/site-packages/curator/", line 901, in get_client
'Error: {0}'.format(e)
elasticsearch.exceptions.ElasticsearchException: Unable to create client connection to Elasticsearch. Error: TransportError(401, 'security_exception', 'missing authentication token for REST request [/]')

Can someone help me here -- How do I authenticate curator with Elasticsearch, as I don't see a location include the elastic credentials on Curator config.


(Aaron Mildenstein) #2

Curator can and does connect to X-Pack enabled hosts. The options are all in the documentation.

A sample configuration is below:

  hosts: [ 'myhost_or_ip' ]
  port: 9200
  use_ssl: true
  certificate: /etc/elasticsearch/certs/ca.crt
  client_cert: /etc/elasticsearch/certs/mynode.crt
  client_key: /etc/elasticsearch/certs/mynode.key
  ssl_no_validate: false
  http_auth: "username:password"
  • use_ssl: true is necessary for SSL-enabled clusters
  • certificate is necessary if you are using self-signed certs, or ones not recognized by common signing authorities
  • client_cert and client_key are necessary if you are using hostname verification for your SSL.
  • ssl_no_validate: false means to validate that the certificates are properly signed. If you set this to true, you will see warning messages that you are not performing this test.
  • http_auth needs to be in "username:password" format (complete with quotes, if you have special characters in either the username or password). This is quite possibly the source of the error missing authentication token. You are not providing a username/password, so no authentication can happen.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.