S3 Snapshot issues

Elk_huh · May 11, 2020, 6:40pm

I am trying to set up S3 snapshots and i keep getting this error, anyone has any ideas ?

  "error" : {
    "root_cause" : [
      {
        "type" : "repository_verification_exception",
        "reason" : "[s3] path  is not accessible on master node"
      }
    ],
    "type" : "repository_verification_exception",
    "reason" : "[s3] path  is not accessible on master node",
    "caused_by" : {
      "type" : "i_o_exception",
      "reason" : "Unable to upload object [tests-SZM1dzKDSgicfmnjCdwcfg/master.dat] using a single upload",
      "caused_by" : {
        "type" : "sdk_client_exception",
        "reason" : "Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
        "caused_by" : {
          "type" : "s_s_l_handshake_exception",
          "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
          "caused_by" : {
            "type" : "validator_exception",
            "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
            "caused_by" : {
              "type" : "sun_cert_path_builder_exception",
              "reason" : "unable to find valid certification path to requested target"
            }
          }
        }
      }
    }
  },
  "status" : 500
}

Armin_Braun · May 11, 2020, 6:42pm

@Elk_huh are you using actual AWS S3 or are you working with a third party implementation like Minio?

It looks like your nodes have trouble validating the SSL certificate used by the S3 endpoint. If this is not AWS S3 and you're using a third party S3 implementation, then you'll have to add its certificate to the secret store used by your ES nodes to fix this.

Elk_huh · May 11, 2020, 6:53pm

I am using repository-S3 for snapshots

Elk_huh · May 11, 2020, 6:54pm

The problem is we have Zsacler in the middle doing SSl inspections , i have a slight suspicion that is part of the ossie

Armin_Braun · May 11, 2020, 7:30pm

Sorry for being unclear here, my question was rather geared at whether or not you're setting a custom endpoint setting for your S3 repository and are using something like Minio/Ceph/etc. not at the plugin itself.

Possibly, though I have to admit that I don't know anything about Zsacler so I couldn't say.

Elk_huh · May 11, 2020, 7:31pm

I am not doing anything custom. Just trying to add a access_key / secret and trying to put into the bucekt

Armin_Braun · May 11, 2020, 7:34pm

In that case Zsacler is the most likely culprit here I think (from what I could gather through a little Google you probably have to do some config work there to get the certificate used by S3 working).

system · June 8, 2020, 7:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.