Getting ElasticsearchSecurityException while working with ES 5.4.0

pkumar25 · May 21, 2017, 5:28am

I am trying to use ElasticSearch 5.4.0 to create a TransportClient and utilize it for indexing records in my local ES cluster. The client, I have created, is as follows:

@SuppressWarnings({ "resource", "unchecked" })
protected static Client getTransportClient() {
    try {
        Settings settings = Settings.builder()
                .put("xpack.security.user", "username:password")
                //.put("xpack.security.enabled", false)
                .build();
        InetSocketTransportAddress inetAddress = new InetSocketTransportAddress(InetAddress.getByName("127.0.0.1"), 9300);
        client = new PreBuiltXPackTransportClient(settings).addTransportAddress(inetAddress);
    } catch (UnknownHostException e) {
        LOGGER.log(Level.WARNING, e.getMessage());
    }
    return client;
}

But, when I try to use the client to prepare an index as follows:

IndexResponse response = client.prepareIndex(INDEX, TYPE)
            .setSource(json).execute().actionGet();

i got the following error:

Exception in thread "main" NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{Vydx3TkcTReJh71fcCjqQg}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:348)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:246)
at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:366)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408)
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)
at org.personal.elastic.twitter.ElasticUtil.indexTweet(ElasticUtil.java:44)
at org.personal.elastic.twitter.TweetHunter.main(TweetHunter.java:39)

The error log itself didn't help much, so I looked up further. I found out that my ES node was, in fact, found out but was dropped during network handshake. The internal error log (which didn't show up in the previous stack trace) can be found here: https://pastebin.com/j5n52pN6

Could someone help me resolving this issue, which looks like related to ES x-pack authentication. Please let me know, if any further information is required.

Ed_Brown · June 18, 2017, 12:55am

I'm getting the same error with 5.4.0 and 5.4.1.

Much sadness.

TimV · June 19, 2017, 1:58am

The most likely cause of this error is that you are connecting to the server without configuring SSL (TLS) correctly for that cluster.

Generally speaking, the transport client needs to have all the same SSL settings as the server.
For example, something like:

Settings.builder()
        .put("xpack.security.user", user + ":" + password)
        .put("xpack.security.enabled", true)
        .put("xpack.security.transport.ssl.enabled", "true")
        .putArray("xpack.ssl.certificate_authorities", conf + "/tls/ca/ca.crt")
        .put("xpack.ssl.certificate", conf + "/tls/client-node/client-node.crt")
        .put("xpack.ssl.key", conf + "/tls/client-node/client-node.key")
        .build();

system · July 17, 2017, 1:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.