Previous post got closed hence opening a new request
Dear All,
My new ECE cluster is up and running however I am getting below message when I access kibana portal directly on port serverIP:9243. I am able to access the admin console of the cluster but no the kibana.
{"ok":false,"message":"Unknown deployment."}
My ECE cluster is running on a private cloud and have 3 allocator hosts and haproxy is configured on first allocator host (192.168.1.1).
It has 3 master, 3 kibana and 3 data nodes.
Below is my sample haproxy config
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen ece_coordinator_uiapi_http_12400
bind 192.168.1.1:1240
# bind *:12400
#mode tcp
mode http
balance source
#option tcplog
reqadd X-Forwarded-Proto:\ http
server allocator01_12400 192.168.1.1:12400 check
server allocator02_12400 192.168.1.1:12400 check
server allocator03_12400 192.168.1.1:12400 check
listen ece_coordinator_uiapi_https_12443
bind 192.168.1.1:2443
#bind *:12443
#mode tcp
mode http
balance source
#option tcplog
reqadd X-Forwarded-Proto:\ https
server allocator01_12443 192.168.1.1:12443 check
server allocator02_12443 192.168.1.2:12443 check
server allocator03_12443 192.168.1.3:12443 check
listen ece_proxy_elastickibana_http_9200
bind 192.168.1.1:9100
#bind *:9200
#mode tcp
mode http
balance source
#option tcplog
reqadd X-Forwarded-Proto:\ http
server allocator01_9200 192.168.1.1:9200 check
server allocator02_9200 192.168.1.2:9200 check
server allocator03_9200 192.168.1.3:9200 check
listen ece_proxy_elastickibana_https_9243
bind 192.168.1.1:9223
#bind *:9243
#mode tcp
mode http
balance source
#option tcplog
http-request add-header X-Found-Cluster 72bbc3de0e144f378ebab582fe3ea047
reqadd X-Forwarded-Proto:\ https
server allocator01_9243 192.168.1.1:9243 check
server allocator02_9243 192.168.1.2:9243 check
server allocator03_9243 192.168.1.3:9243 check
listen stats
bind 192.168.1.1:9090
#bind *:9090
mode http
stats uri /
stats auth user1:password
Also I tried even with 9243 directly by skipping haproxy and gives me same error.
[elastic@ecehost1 ~]$ curl -k -u elastic https://192.168.1.1:9243
Enter host password for user 'elastic':
{"ok":false,"message":"Unknown deployment."}
[elastic@ecehost1 ~]$ curl -k -u elastic https://192.168.1.1:9243/_health
Enter host password for user 'elastic':
{
"ok": true,
"status": 200
}
[elastic@ecehost1 ~]$ curl -u elastic https://192.168.1.1:9243
Enter host password for user 'elastic':
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[elastic@ecehost1 ~]$
Health status log below:
[elastic@ecehost1 ~]$ curl -k -u elastic https://72bbc3de0e144f378ebab582fe3ea047.192.168.1.1:9243/_health
Enter host password for user 'elastic':
{
"ok": true,
"status": 200
}
[elastic@ecehost1 ~]$
---------------------------
{"type":"response","@timestamp":"2020-08-10T16:29:13Z","tags":["api"],"pid":32,"method":"get","statusCode":200,"req":{"url":"/api/status","method":"get","headers":{"host":"192.168.1.1:18350","user-agent":"Go-http-client/1.1","accept-encoding":"gzip"},"remoteAddress":"172.17.42.1","userAgent":"172.17.42.1"},"res":{"statusCode":200,"responseTime":42,"contentLength":9},"message":"GET /api/status 200 42ms - 9.0B"}
I also tried to hit a non-existent page just to check the server is responding and checked the logs, below are the output
[elastic@ecehost1 ~]$ curl -k -u elastic https://72bbc3de0e144f378ebab582fe3ea047.192.168.1.1:9243/apps
Enter host password for user 'elastic':
{"statusCode":404,"error":"Not Found","message":"Not Found"}
[elastic@ecehost1 ~]$
Below is the snippet log of above command
{"type":"response","@timestamp":"2020-08-10T16:30:38Z","tags":[],"pid":32,"method":"get","statusCode":404,"req":{"url":"/apps","method":"get","headers":{"host":"192.168.1.1:18350","user-agent":"curl/7.29.0","accept":"*/*","x-cloud-request-id":"vSsroRS-SMGkcI-R8dJ9jw","x-forwarded-host":"72bbc3de0e144f378ebab582fe3ea047.192.168.1.1:9243","x-found-kibana-cluster":"72bbc3de0e144f378ebab582fe3ea047"},"remoteAddress":"172.17.42.1","userAgent":"172.17.42.1"},"res":{"statusCode":404,"responseTime":300,"contentLength":9},"message":"GET /apps 404 300ms - 9.0B"}