Hi,
I am trying to integrate pagerduty with es watcher. My ES 2.4 has shield enabled. While watcher get and event it is not able to trigger action event.While checking status of watcher history, i get below response:
While checking history of watcher actions using below curl-
curl -u esadmin:Y291c3RlYXUK -k -XGET 'https://localhost:9200/.watch_history*/_search?pretty' -d '{
"query" : {
"bool" : {
"must" : [
{ "match" : { "result.condition.met" : true }},
{ "range" : { "result.execution_time" : { "from" : "now-20s"}}}
]
}
}
}'
I get below payload:
condition" : {
"type" : "compare",
"status" : "success",
"met" : true,
"compare" : {
"resolved_values" : {
"ctx.payload.hits.total" : 3 } } },
"actions" : [ {
"id" : "notify-pagerduty",
"type" : "pagerduty",
"status" : "failure",
"reason" : "SSLHandshakeException[sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
arget]; nested: ValidatorException[PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
ption: unable to find valid certification path to requested target]; nested: SunCertPathBuilderException[unable to
find valid certification path to requested target]; "
} ] } } } ] } }
If i disable the shield everything works fine.
In my current elastic search yml I have provided truststore and key store as below:
watcher.http.ssl.keystore.path: /etc/elasticsearch/shield/keystore.jks
watcher.http.ssl.keystore.password: *****
watcher.http.ssl.truststore.path: /etc/elasticsearch/shield/truststore.jks
watcher.http.ssl.truststore.password: ****
watcher.http.ssl.verification_mode: certificate
shield.enabled: true
script.inline: on
script.indexed: on
shield.ssl.keystore.path: /etc/elasticsearch/shield/keystore.jks
shield.ssl.keystore.password: ****
shield.transport.ssl: true
shield.http.ssl: true
shield.ssl.truststore.path: /etc/elasticsearch/shield/truststore.jks
shield.ssl.truststore.password: ***
shield.ssl.hostname_verification: false
shield.ssl.hostname_verification.resolve_name: false
watcher.actions.pagerduty.service:
account:
my_pagerduty_account:
service_api_key: ******
event_defaults:
description: "Watch notification"
#incident_key: "error_watch"
#client: "_watcher/watch/error_watch"
#client_url: "https://localhost:9200/"
#event_type: trigger
#attach_payload: true