Thank you Bruno. I have switched to trying to use just Shield on 9300. I have
copied the latest Shield jar here:
/zeppelin/interpreter/elasticsearch/shield-2.4.4.jar and edited the
/zeppelin/elasticsearch/pom.xml dependency per:
https://www.elastic.co/guide/en/shield/current/_using_elasticsearch_java_clients_with_shield.html
I have restarted my ES interpreter with the correct shield settings
(shield.ssl.user, shield.ssl.keystore.path) - the same that my main application
uses successfully.
My issue it seems is that the Shield plugin is not being loaded. Per
zeppelin-interpreter-elasticsearch-root-ip-xx-xx-xx-xx.log
INFO [2017-01-30 16:06:29,471] ({pool-2-thread-2}
ElasticsearchInterpreter.java[open]:132)- prop={elasticsearch.result.size=10...
INFO [2017-01-30 16:06:29,572] ({pool-2-thread-2}
PluginsService.java[<init>]:180) - [Vashti] modules [], plugins [], sites []
INFO [2017-01-30 16:06:31,248] ({pool-2-thread-2}
TransportClientNodesService.java[doSample]:420) - [Vashti] failed to get node
info for {#transport#-1}{xx.xx.xx.xx}{xx.xx.xx.xx:9300}, disconnecting...
I would expect to see something in the plugins[] ^. Any additional pointers
appreciated.
Thanks, Jonathan
On 2017-01-28 15:18 (-0500), Bruno Bonnin <[email protected]> wrote:
> Hello,
>
> For the moment, in Zeppelin, the HTTP client for elasticsearch does not
> support SSL.
> If you want to use the elasticsearch transport client, maybe you should try
> to use the port 9300 and for SSL, you have to add other parameters, such as
> "shield.ssl.keystore.path" and "shield.ssl.keystore.password" (there are a
> description of some of them here:
> https://www.elastic.co/guide/en/shield/current/_using_elasticsearch_java_clients_with_shield.html
> )
>
> Bruno
>
>
> 2017-01-28 15:44 GMT+01:00 Jonathan Greenleaf <[email protected]>:
>
> > I have been able to start the server on 8443, but have not been able to
> > make a connection to my Elasticsearch data node over SSL. I verified I can
> > curl (curl --insecure -v -u user:pwd https:xx.xx.xx.xx:9200/...) the ES box
> > with the Shield credentials.
> >
> > Within the interpreter I have
> > name -> value
> > shield.user -> user:pwd
> > shield.transport.ssl -> true
> >
> > we use port 9200 and force the gets/searches to require https.
> >
> > and I don't know if this is even used but I included this dependency:
> > /zeppelin/interpreter/elasticsearch/shield-2.4.4.jar
> > based on what I read here: https://zeppelin.apache.org/
> > docs/0.7.0-SNAPSHOT/interpreter/elasticsearch.html
> >
> > /zeppelin/logs/zeppelin-root-ip-10-2-3-144.log
> > INFO [2017-01-27 20:38:44,556] ({main} AbstractConnector.java[doStart]:266)
> > - Started ServerConnector@30aba78f{SSL-HTTP/1.1}{0.0.0.0:8443}
> >
> > elasticsearch log complains:
> > [2017-01-27 21:23:18,161][WARN ][shield.transport.netty ] [esdata3]
> > received plaintext http traffic on a https channel, closing connection [id:
> > 0xf43a9b2f, /xx.xx.xx.xx:36188 => /xx.xx.xx.xx:9200]
> >
> > I built from source - 0.8.0-SNAPSHOT. I also added this to
> > /zeppelin/elasticsearch/pom.xml
> >
> > <!-- add the shield jar as a dependency -->
> > <dependency>
> > <groupId>org.elasticsearch.plugin</groupId>
> > <artifactId>shield</artifactId>
> > <version>2.4.4</version>
> > </dependency>
> >
> > I'm confused what I need to do with Shield on the Zeppelin server. Do I
> > need to copy a cert from my existing Shield setup on my data node?
> >
> > Any pointers appreciated.
> > Thanks - Jonathan
> >
>
