Hello, For the moment, in Zeppelin, the HTTP client for elasticsearch does not support SSL. If you want to use the elasticsearch transport client, maybe you should try to use the port 9300 and for SSL, you have to add other parameters, such as "shield.ssl.keystore.path" and "shield.ssl.keystore.password" (there are a description of some of them here: https://www.elastic.co/guide/en/shield/current/_using_elasticsearch_java_clients_with_shield.html )
Bruno 2017-01-28 15:44 GMT+01:00 Jonathan Greenleaf <jonathangreenl...@gmail.com>: > I have been able to start the server on 8443, but have not been able to > make a connection to my Elasticsearch data node over SSL. I verified I can > curl (curl --insecure -v -u user:pwd https:xx.xx.xx.xx:9200/...) the ES box > with the Shield credentials. > > Within the interpreter I have > name -> value > shield.user -> user:pwd > shield.transport.ssl -> true > > we use port 9200 and force the gets/searches to require https. > > and I don't know if this is even used but I included this dependency: > /zeppelin/interpreter/elasticsearch/shield-2.4.4.jar > based on what I read here: https://zeppelin.apache.org/ > docs/0.7.0-SNAPSHOT/interpreter/elasticsearch.html > > /zeppelin/logs/zeppelin-root-ip-10-2-3-144.log > INFO [2017-01-27 20:38:44,556] ({main} AbstractConnector.java[doStart]:266) > - Started ServerConnector@30aba78f{SSL-HTTP/1.1}{0.0.0.0:8443} > > elasticsearch log complains: > [2017-01-27 21:23:18,161][WARN ][shield.transport.netty ] [esdata3] > received plaintext http traffic on a https channel, closing connection [id: > 0xf43a9b2f, /xx.xx.xx.xx:36188 => /xx.xx.xx.xx:9200] > > I built from source - 0.8.0-SNAPSHOT. I also added this to > /zeppelin/elasticsearch/pom.xml > > <!-- add the shield jar as a dependency --> > <dependency> > <groupId>org.elasticsearch.plugin</groupId> > <artifactId>shield</artifactId> > <version>2.4.4</version> > </dependency> > > I'm confused what I need to do with Shield on the Zeppelin server. Do I > need to copy a cert from my existing Shield setup on my data node? > > Any pointers appreciated. > Thanks - Jonathan >
