Watcher and Shield

Elastic Stack Elasticsearch
1

Is the beta version of Watcher supported with Shield? Are there configuration changes in the elasticsearch.yml file in order for this to function correctly? Didn't take note of any in the getting started documentation. Receiving the following error:

java.lang.RuntimeException: http client failed to initialize the SSLContext
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:183)
at org.elasticsearch.watcher.support.http.HttpClient.doStart(HttpClient.java:73)
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
at org.elasticsearch.node.internal.InternalNode.start(InternalNode.java:238)
at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:128)
at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:216)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)
Caused by: java.lang.NullPointerException
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPath.parse(Unknown Source)
at sun.nio.fs.WindowsFileSystem.getPath(Unknown Source)
at java.nio.file.Paths.get(Unknown Source)
at org.elasticsearch.watcher.support.http.HttpClient.createSSLSocketFactory(HttpClient.java:172)
... 6 more

2

Hi Tommy,

What Shield version are you running? The minimum supported Shield version is 1.2.1, so you may need to upgrade.

Martijn

3

Hi Tommy,

It looks like you've run into a bug with the Shield integration with watcher for SSL. We're working on fixing this in Watcher, but should be able to workaround it with some additional settings:

In your elasticsearch.yml file, I believe you may have something like:

shield.ssl.keystore.path: /path/to/keystore
shield.ssl.keystore.password: XXXXXX

If you can, please try adding these two settings:

shield.ssl.truststore.path: /path/to/keystore
shield.ssl.truststore.password: XXXXXX

The values for these settings will be the same as above. Shield actually mimics this setup internally and in the future Watcher will integrate much more cleanly.

Edit: if you have a different setup, can you share the contents of your elasticsearch.yml (sensitive items obfuscated of course)?

Jay

4

Thanks Jay! That did the trick :smiley: