Watcher and Shield

Tommy_Bollhofer · May 21, 2015, 4:25pm

Is the beta version of Watcher supported with Shield? Are there configuration changes in the elasticsearch.yml file in order for this to function correctly? Didn't take note of any in the getting started documentation. Receiving the following error:

java.lang.RuntimeException: http client failed to initialize the SSLContext
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:183)
at org.elasticsearch.watcher.support.http.HttpClient.doStart(HttpClient.java:73)
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
at org.elasticsearch.node.internal.InternalNode.start(InternalNode.java:238)
at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:128)
at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:216)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)
Caused by: java.lang.NullPointerException
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPath.parse(Unknown Source)
at sun.nio.fs.WindowsFileSystem.getPath(Unknown Source)
at java.nio.file.Paths.get(Unknown Source)
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:172)
... 6 more

mvg · May 21, 2015, 4:54pm

Hi Tommy,

What Shield version are you running? The minimum supported Shield version is 1.2.1, so you may need to upgrade.

Martijn

jaymode · May 21, 2015, 6:36pm

Hi Tommy,

It looks like you've run into a bug with the Shield integration with watcher for SSL. We're working on fixing this in Watcher, but should be able to workaround it with some additional settings:

In your elasticsearch.yml file, I believe you may have something like:

shield.ssl.keystore.path: /path/to/keystore
shield.ssl.keystore.password: XXXXXX

If you can, please try adding these two settings:

shield.ssl.truststore.path: /path/to/keystore
shield.ssl.truststore.password: XXXXXX

The values for these settings will be the same as above. Shield actually mimics this setup internally and in the future Watcher will integrate much more cleanly.

Edit: if you have a different setup, can you share the contents of your elasticsearch.yml (sensitive items obfuscated of course)?

Jay

Tommy_Bollhofer · May 21, 2015, 7:50pm

Thanks Jay! That did the trick

Topic		Replies	Views
Watcher Error (Runtime error) \| Elasticsearch Elasticsearch elastic-stack-alerting	3	483	September 30, 2019
Unable to register watcher Elasticsearch elastic-stack-alerting	3	1591	July 6, 2017
Watcher gives SSL handshake exception Elasticsearch elastic-stack-alerting	2	1113	December 25, 2018
Watcher in x-pack returns NullPointerException Elasticsearch	16	3327	July 6, 2017
Watcher with ES 2.4 shield -- SSL handshake Elasticsearch elastic-stack-alerting	6	1088	November 8, 2017

Watcher and Shield

Related Topics