Hi,
I'm trying to install the gcp
plugin as described here: https://www.elastic.co/guide/en/elasticsearch/plugins/6.3/repository-gcs.html
I'm also running this in Kubernetes, and am running a custom docker image so that I can preinstall the GCP plugin and to load the credentials file.
The container starts up happily, but when I try to actually execute a snapshot using:
PUT /_snapshot/my_gcs_repo
, with a body of:
{
"type": "gcs",
"settings": {
"bucket": "es-metrics",
"base_path": "dev"
}
}
I get a bunch of SSL error messages, mostly around an ssl handshake exception, with the message of java.security.cert.CertificateException: No subject alternative DNS name matching oauth2.googleapis.com found.
I get that it's related to the application not being able to find an appropriately configured cert, but... how do I fix it?
Thanks!
ElasticSearch v6.3.2
No x-pack
Running in GCP Kubernetes
Snippet of the stack trace below:
[2018-12-17T11:32:17,120][WARN ][o.e.r.RepositoriesService] [JXtjUCp] failed to create repository [gcs][my_gcs_repository]
org.elasticsearch.common.blobstore.BlobStoreException: Unable to check if bucket [es-metrics] exists
at org.elasticsearch.repositories.gcs.GoogleCloudStorageBlobStore.doesBucketExist(GoogleCloudStorageBlobStore.java:118) ~[?:?]
at org.elasticsearch.repositories.gcs.GoogleCloudStorageBlobStore.<init>(GoogleCloudStorageBlobStore.java:75) ~[?:?]
at org.elasticsearch.repositories.gcs.GoogleCloudStorageRepository.<init>(GoogleCloudStorageRepository.java:137) ~[?:?]
at org.elasticsearch.repositories.gcs.GoogleCloudStoragePlugin.lambda$getRepositories$1(GoogleCloudStoragePlugin.java:129) ~[?:?]
at org.elasticsearch.repositories.RepositoriesService.createRepository(RepositoriesService.java:383) [elasticsearch-6.3.2.jar:6.3.2]
at org.elasticsearch.repositories.RepositoriesService.registerRepository(RepositoriesService.java:356) [elasticsearch-6.3.2.jar:6.3.2]
at org.elasticsearch.repositories.RepositoriesService.access$100(RepositoriesService.java:55) [elasticsearch-6.3.2.jar:6.3.2]
at org.elasticsearch.repositories.RepositoriesService$1.execute(RepositoriesService.java:108) [elasticsearch-6.3.2.jar:6.3.2]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching oauth2.googleapis.com found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) ~[?:?]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:345) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:339) ~[?:?]
at sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1968) ~[?:?]
at sun.security.ssl.ClientHandshaker.certificateStatus(ClientHandshaker.java:1798) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:276) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098) ~[?:?]
at sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[?:?]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:?]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) ~[?:?]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1356) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1331) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:241) ~[?:?]
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:77) ~[?:?]
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981) ~[?:?]
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:283) ~[?:?]
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307) ~[?:?]
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:394) ~[?:?]
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489) ~[?:?]
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217) ~[?:?]
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:868) ~[?:?]
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419) ~[?:?]
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352) ~[?:?]
... 20 more