Python Authentication Problem

Elastic Stack Elasticsearch
1

image
image1342×365 39.1 KB

Facing this issue, all my path and passwords are ok but not able to authenticate. Please some one help me.

2

Hi @Somdev_Das, Please do not post images of text; they are hard to read, can not be debugged or searched or reproduced, and we can not even see the entirety of the code.

Where did you

Here is a sample of my working code

!pip install elasticsearch
     

# Read in connection and auth info
# Note the port is REQUIRED for the elasticsearch endpoint!
import getpass, os

os.environ['es_url'] = getpass.getpass('Enter Elasticsearch Endpoint:  ')
os.environ['es_user'] = getpass.getpass('Enter User:  ')
os.environ['es_pwd'] = getpass.getpass('Enter Password:  ')
     

# Connect and test connection
from elasticsearch import Elasticsearch


es_url = os.environ['es_url']
es_user = os.environ['es_user']
es_pwd = os.environ['es_pwd']

# Initialize the Elasticsearch client
es = Elasticsearch(
    [es_url],
    basic_auth=(es_user, es_pwd),
    request_timeout=30
)
es.info().body

And from here

from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "<password>"

# Create the client instance
client = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/path/to/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
client.info()
3

Getting
SSLError: ConnectionError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)) caused by: SSLError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007))
this error after doing your first step
and getting
ElasticsearchWarning: The client is unable to verify that the server is Elasticsearch due security privileges on the server side
client.ping()
this after 2nd step

4

What permissions does your user have in Elasticsearch?

What is the role for this user?

5

@Somdev_Das

Please share your whole connection code in text please

What OS are you running on?

If this is a newer windows box there may be additional steps for self signed certs.

How did you set up elasticsearch? Using what method?

Can you curl with same config?

curl -v -u elastic --cacert /path/to/ca.crt https://localhost:9200

https://curl.se/docs/sslcerts.html

6

I encountered an issue with the 'elastic' user and its system-generated password. To address this, I created my own user and granted it admin, superuser, network, and monitor rights. However, I am still facing the same problem, and my browser indicates that https://localhost:9200/ is unsecured.

7 
from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "*hR-5LqISxAvlerhYvc+"

# Create the client instance
client = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/home/somdev/SentientGeeks/elastic/8.10.2/elasticsearch-8.10.2-linux-x86_64/elasticsearch-8.10.2/config/certs/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
client.ping()

Using ubuntu 22.04

I first downloaded both ES and Kibana, extracted them, and then used the bin/elasticsearch and bin/kibana commands in the terminal.

8

What is the result of the curl command I provided above?.

Please run it. Show me the command and the results

9

image
image1366×768 182 KB

image
image1366×768 137 KB

10

Hi @Somdev_Das

Again Please do not provide images of text. It's nearly impossible to read. It cannot debugged or searched.

The curl looks good.

Can you add this.
client.info()

What is the error you're getting now from your python.

11 
from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "bQv4p1L+cCK3BjzApxgA"

# Create the client instance
client = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/home/somdev/SentientGeeks/elastic/8.10.2/elasticsearch-8.10.2-linux-x86_64/elasticsearch-8.10.2/config/certs/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
client.info()

/tmp/ipykernel_31816/1719526992.py:14: ElasticsearchWarning: The client is unable to verify that the server is Elasticsearch due security privileges on the server side
  client.info()
---------------------------------------------------------------------------
AuthenticationException                   Traceback (most recent call last)
Cell In[1], line 14
      7 client = Elasticsearch(
      8     "https://localhost:9200",
      9     ca_certs="/home/somdev/SentientGeeks/elastic/8.10.2/elasticsearch-8.10.2-linux-x86_64/elasticsearch-8.10.2/config/certs/http_ca.crt",
     10     basic_auth=("elastic", ELASTIC_PASSWORD)
     11 )
     13 # Successful response!
---> 14 client.info()

File ~/.local/lib/python3.10/site-packages/elasticsearch/client/utils.py:347, in query_params.<locals>._wrapper.<locals>._wrapped(*args, **kwargs)
    345     if p in kwargs:
    346         params[p] = kwargs.pop(p)
--> 347 return func(*args, params=params, headers=headers, **kwargs)

File ~/.local/lib/python3.10/site-packages/elasticsearch/client/__init__.py:295, in Elasticsearch.info(self, params, headers)
    286 @query_params(
    287     response_mimetypes=["application/json"],
    288 )
    289 def info(self, params=None, headers=None):
    290     """
    291     Returns basic information about the cluster.
    292 
    293     `<https://www.elastic.co/guide/en/elasticsearch/reference/7.17/index.html>`_
    294     """
--> 295     return self.transport.perform_request(
    296         "GET", "/", params=params, headers=headers
    297     )

File ~/.local/lib/python3.10/site-packages/elasticsearch/transport.py:466, in Transport.perform_request(self, method, url, headers, params, body)
    464             raise e
    465     else:
--> 466         raise e
    468 else:
    469     # connection didn't fail, confirm it's live status
    470     self.connection_pool.mark_live(connection)

File ~/.local/lib/python3.10/site-packages/elasticsearch/transport.py:427, in Transport.perform_request(self, method, url, headers, params, body)
    424 connection = self.get_connection()
    426 try:
--> 427     status, headers_response, data = connection.perform_request(
    428         method,
    429         url,
    430         params,
    431         body,
    432         headers=headers,
    433         ignore=ignore,
    434         timeout=timeout,
    435     )
    437     # Lowercase all the header names for consistency in accessing them.
    438     headers_response = {
    439         header.lower(): value for header, value in headers_response.items()
    440     }

File ~/.local/lib/python3.10/site-packages/elasticsearch/connection/http_urllib3.py:291, in Urllib3HttpConnection.perform_request(self, method, url, params, body, timeout, ignore, headers)
    287 if not (200 <= response.status < 300) and response.status not in ignore:
    288     self.log_request_fail(
    289         method, full_url, url, orig_body, duration, response.status, raw_data
    290     )
--> 291     self._raise_error(response.status, raw_data)
    293 self.log_request_success(
    294     method, full_url, url, orig_body, response.status, raw_data, duration
    295 )
    297 return response.status, response_headers, raw_data

File ~/.local/lib/python3.10/site-packages/elasticsearch/connection/base.py:328, in Connection._raise_error(self, status_code, raw_data)
    325 except (ValueError, TypeError) as err:
    326     logger.warning("Undecodable raw error response from server: %s", err)
--> 328 raise HTTP_EXCEPTIONS.get(status_code, TransportError)(
    329     status_code, error_message, additional_info
    330 )

AuthenticationException: AuthenticationException(401, 'security_exception', 'missing authentication credentials for REST request [/]')
12

401 = Bad username + password... not sure what the issue is

13 
missing authentication credentials for REST request [/]

This means that either:

  1. your username + password didn't get sent to the server, or
  2. the server is configured not to accept username + password as an authentication mechanism.

Since your curl command worked, we can assume that it's not (2), but I cannot understand how that code would fail to send the the basic authentication header. Never-the-less, that definitely looks like what is going on here.

What is the python environment that you're using (it looks like an interactive workbook of some sort)? Is it possible that this environment is stripping out your credentials?

14

Currently, I'm utilizing Jupyter Notebook on Ubuntu 22.04.3 LTS with Python version 3.10.12. Additionally, I'd like to mention that when I use version 7.9.2, which doesn't require a username and password, it operates efficiently.

15

It seems that Jupyter is doing something to strip basic authentication headers from your outgoing HTTP request.

I don't know enough about Jupyter to know how to resolve that, but I don't think the problem is with your cluster or your python script.

16

Do you know which version of the Elasticsearch python library are you using?

Try to change basic_auth to http_auth and see if it works.

According to this post, if you are using the version 7 of the library, the parameter basic_auth does not exists, you need to use http_auth.

1 Like
17

The code I showed above was from a Jupyter notebook I use with Google collab

Here is the git repo....

This runs in Google Collab and connects 8.x elasticsearch clusters

18

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.