Watcher and Shield

alerting

(Tommy Bollhofer) #1

Is the beta version of Watcher supported with Shield? Are there configuration changes in the elasticsearch.yml file in order for this to function correctly? Didn't take note of any in the getting started documentation. Receiving the following error:

java.lang.RuntimeException: http client failed to initialize the SSLContext
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:183)
at org.elasticsearch.watcher.support.http.HttpClient.doStart(HttpClient.java:73)
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
at org.elasticsearch.node.internal.InternalNode.start(InternalNode.java:238)
at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:128)
at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:216)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)
Caused by: java.lang.NullPointerException
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPath.parse(Unknown Source)
at sun.nio.fs.WindowsFileSystem.getPath(Unknown Source)
at java.nio.file.Paths.get(Unknown Source)
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:172)
... 6 more


(Martijn Van Groningen) #2

Hi Tommy,

What Shield version are you running? The minimum supported Shield version is 1.2.1, so you may need to upgrade.

Martijn


(Jay Modi) #3

Hi Tommy,

It looks like you've run into a bug with the Shield integration with watcher for SSL. We're working on fixing this in Watcher, but should be able to workaround it with some additional settings:

In your elasticsearch.yml file, I believe you may have something like:

shield.ssl.keystore.path: /path/to/keystore
shield.ssl.keystore.password: XXXXXX

If you can, please try adding these two settings:

shield.ssl.truststore.path: /path/to/keystore
shield.ssl.truststore.password: XXXXXX

The values for these settings will be the same as above. Shield actually mimics this setup internally and in the future Watcher will integrate much more cleanly.

Edit: if you have a different setup, can you share the contents of your elasticsearch.yml (sensitive items obfuscated of course)?

Jay


(Tommy Bollhofer) #4

Thanks Jay! That did the trick :smiley:


(system) #5