How to connect to ECE with python?


(weibin.wu) #1

Hi

I already whitelist 9243 port to my load test server.
I can do with the following curl
curl -XGET -k https://user:password@3be9c7613c08413e8bc755802b107e6a.172.31.63.51.ip.es.io:9243

But when I was using python to connect. I download the cert from Cloud UI->platform->Settings and saved as "cloud_certs"
Then use the following code to connect.

es = Elasticsearch(
["https://3be9c7613c08413e8bc755802b107e6a.172.31.63.51.ip.es.io"],
port=9243,
http_auth="user:password",
use_ssl=True,
verify_certs=True,
ca_certs='cloud_certs'
)

It gives me

elasticsearch.exceptions.ConnectionError: ConnectionError((<urllib3.connection.VerifiedHTTPSConnection object at 0x7f862617b990>, 'Connection to 3be9c7613c08413e8bc755802b107e6a.172.31.63.51.ip.es.io timed out. (connect timeout=10)')) caused by: ConnectTimeoutError((<urllib3.connection.VerifiedHTTPSConnection object at 0x7f862617b990>, 'Connection to 3be9c7613c08413e8bc755802b107e6a.172.31.63.51.ip.es.io timed out. (connect timeout=10)'))

I tried a lot of trouble shoot but no good news. Whats the correct way to use pythong connect to ECE?


(Uri Cohen) #2

Hi @weibin.wu

Note that the hostname you're using ends with 172.31.63.51.ip.es.io. The ip.es.io domain is a "magic" domain name managed by Elastic, that provides wildcard DNS for any IP address. So in your case, 172.31.63.51.ip.es.io will simply resolve to 172.31.63.51. We use this solution to save the need for users to define their own wildcard DNS record while evaluating ECE. In a production setup, you probably don't want to rely on this service, and we recommend that you have your own wildcard DNS name that resolves to one of the ECE proxy hosts or a load balancer that fronts them.
In this specific case, for this to work properly you need to make sure that:

  • The host which runs your Python code has internet access (so it can access ip.es.io).
  • The IP adderss 172.31.63.51 resolves from that same host.

HTH
Uri


(Alex Piggott) #3

Hi @weibin.wu

Can you try connecting over :9200 first? Eg open :9200 in the firewall and connect to http://3be9c7613c08413e8bc755802b107e6a.172.31.63.51.ip.es.io:9200 first via curl and then with a similar python snippet.

That will take certification issues out the way, and also importantly, if the connection to 9200 fails you can use tcpdump to diagnose what's going on.

(You might also be able to get more information by upping the logging level:

import logging
logging.basicConfig(level=logging.DEBUG)

)

Alex


(weibin.wu) #4

Thats an very impressing DNS magic. Thanks

I checked our server has internet access and can resolve the ip.es.io.
Do you have an example of code to connect to ECE with python?


(weibin.wu) #5

Thanks Alex,

That really resolve my problem. Becuase we are using ECE as an internal service. So using port 9200 will facilitate a lot for our work rather than using port 9243.


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.