Reindex from Remote

alexus · March 14, 2017, 7:18pm

I'm trying to perform Reindex from Remote and I'm getting following error:

@dest:

# curl --request POST 0:9200/_reindex?pretty -d @reindex.json 
{
  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "[X:X] not whitelisted in reindex.remote.whitelist"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "[X:X] not whitelisted in reindex.remote.whitelist"
  },
  "status" : 400
}
# cat reindex.json 
{
   "dest" : {
      "index" : "index1"
   },
   "source" : {
      "query" : {
         "match_all" : {}
      },
      "remote" : {
         "password" : "password",
         "username" : "username",
         "host" : "https://URL:443"
      },
      "index" : "index1"
   }
}
#

@source: reindex.remote.whitelist:

# grep ^reindex.remote.whitelist elasticsearch.yml 
reindex.remote.whitelist: *:*
#

Please advise.

warkolm · March 14, 2017, 10:57pm

Is there a space in front of reindex.remote.whitelist in the config file? yaml is sensitive to that.

alexus · March 15, 2017, 12:08am

no, there is no space...

is there way to see reindex.remote.whitelist variable through curl somehow? I tried without square braces, but with same result(

JKhondhu · March 29, 2017, 12:25pm

Has this since been resolved?

Something along the lines of reindex.remote.whitelist: localhost:* works well in the elasticsearch.yml
And for multiples, a comma delimited list of allowed remote host and port combinations is suffice.

alexus · April 3, 2017, 3:47pm

No, I'm still experiencing issue even with wildcard for host and port:

# tail -1 elasticsearch.yml 
reindex.remote.whitelist: *:*
#

I may have found my issue...

elk    | Caused by: while scanning an alias
elk    |  in 'reader', line 100, column 27:
elk    |     reindex.remote.whitelist: *:*
elk    |                               ^
elk    | expected alphabetic or numeric character, but found but found :
elk    |  in 'reader', line 100, column 28:
elk    |     reindex.remote.whitelist: *:*
elk    |                                ^

I tried changing syntax to following:

root@166ac979a194:/# tail -1 /etc/elasticsearch/elasticsearch.yml 
reindex.remote.whitelist: '*:*'
root@166ac979a194:/#

and even like following:

root@166ac979a194:/# tail -1 /etc/elasticsearch/elasticsearch.yml 
reindex.remote.whitelist: ["*:*"]
root@166ac979a194:/#

neither resolve my issue(

nik9000 · April 3, 2017, 4:26pm

We test reindex-from-remote with an elasticsearch.yml file like this:

reindex.remote.whitelist: 127.0.0.1:*

and it works. You probably don't want to whitelist 127.0.0.1 though. Not too useful.

It looks like you can see the settings with curl -s 'localhost:9200/_cluster/settings?pretty&include_defaults'.

alexus · April 3, 2017, 4:30pm

thank you for that curl command, that's useful)

alexus · April 3, 2017, 4:31pm

I've gotten a little further and now I'm getting following error instead:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "s_s_l_handshake_exception",
        "reason" : "General SSLEngine problem"
      }
    ],
    "type" : "s_s_l_handshake_exception",
    "reason" : "General SSLEngine problem",
    "caused_by" : {
      "type" : "s_s_l_handshake_exception",
      "reason" : "General SSLEngine problem",
      "caused_by" : {
        "type" : "validator_exception",
        "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
        "caused_by" : {
          "type" : "sun_cert_path_builder_exception",
          "reason" : "unable to find valid certification path to requested target"
        }
      }
    }
  },
  "status" : 500
}

I'm using letsencrypt certificate.

Please advise.

nik9000 · April 3, 2017, 5:08pm

Something like this ought to work:

system · May 1, 2017, 5:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.