S3 Snapshot issues

I am trying to set up S3 snapshots and i keep getting this error, anyone has any ideas ?

  "error" : {
    "root_cause" : [
      {
        "type" : "repository_verification_exception",
        "reason" : "[s3] path  is not accessible on master node"
      }
    ],
    "type" : "repository_verification_exception",
    "reason" : "[s3] path  is not accessible on master node",
    "caused_by" : {
      "type" : "i_o_exception",
      "reason" : "Unable to upload object [tests-SZM1dzKDSgicfmnjCdwcfg/master.dat] using a single upload",
      "caused_by" : {
        "type" : "sdk_client_exception",
        "reason" : "Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
        "caused_by" : {
          "type" : "s_s_l_handshake_exception",
          "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
          "caused_by" : {
            "type" : "validator_exception",
            "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
            "caused_by" : {
              "type" : "sun_cert_path_builder_exception",
              "reason" : "unable to find valid certification path to requested target"
            }
          }
        }
      }
    }
  },
  "status" : 500
}

@Elk_huh are you using actual AWS S3 or are you working with a third party implementation like Minio?

It looks like your nodes have trouble validating the SSL certificate used by the S3 endpoint. If this is not AWS S3 and you're using a third party S3 implementation, then you'll have to add its certificate to the secret store used by your ES nodes to fix this.

I am using repository-S3 for snapshots

The problem is we have Zsacler in the middle doing SSl inspections , i have a slight suspicion that is part of the ossie

Sorry for being unclear here, my question was rather geared at whether or not you're setting a custom endpoint setting for your S3 repository and are using something like Minio/Ceph/etc. not at the plugin itself.

Possibly, though I have to admit that I don't know anything about Zsacler so I couldn't say.

I am not doing anything custom. Just trying to add a access_key / secret and trying to put into the bucekt

In that case Zsacler is the most likely culprit here I think (from what I could gather through a little Google you probably have to do some config work there to get the certificate used by S3 working).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.