Hello, I have created a ticket in JIRA to address this ( https://issues.apache.org/jira/browse/ZEPPELIN-2031), because it is not supported with this version of Shield.
Bruno 2017-01-30 17:45 GMT+01:00 Jonathan Greenleaf <[email protected]>: > Thank you Bruno. I have switched to trying to use just Shield on 9300. I > have copied the latest Shield jar here: > /zeppelin/interpreter/elasticsearch/shield-2.4.4.jar > and edited the /zeppelin/elasticsearch/pom.xml dependency per: > https://www.elastic.co/guide/en/shield/current/_using_ > elasticsearch_java_clients_with_shield.html > > I have restarted my ES interpreter with the correct shield settings > (shield.ssl.user, shield.ssl.keystore.path) - the same that my main > application uses successfully. > > My issue it seems is that the Shield plugin is not being loaded. Per > zeppelin-interpreter-elasticsearch-root-ip-xx-xx-xx-xx.log > > INFO [2017-01-30 16:06:29,471] ({pool-2-thread-2} > ElasticsearchInterpreter.java[open]:132)- prop={elasticsearch.result. > size=10... > INFO [2017-01-30 16:06:29,572] ({pool-2-thread-2} > PluginsService.java[<init>]:180) - [Vashti] modules [], plugins [], sites > [] > INFO [2017-01-30 16:06:31,248] ({pool-2-thread-2} > TransportClientNodesService.java[doSample]:420) - [Vashti] failed to get > node info for {#transport#-1}{xx.xx.xx.xx}{xx.xx.xx.xx:9300}, > disconnecting... > > I would expect to see something in the plugins[] ^. Any additional > pointers appreciated. > Thanks, Jonathan > > On 2017-01-28 15:18 (-0500), Bruno Bonnin <[email protected]> wrote: > > Hello, > > > > For the moment, in Zeppelin, the HTTP client for elasticsearch does not > > support SSL. > > If you want to use the elasticsearch transport client, maybe you should > try > > to use the port 9300 and for SSL, you have to add other parameters, such > as > > "shield.ssl.keystore.path" and "shield.ssl.keystore.password" (there are > a > > description of some of them here: > > https://www.elastic.co/guide/en/shield/current/_using_ > elasticsearch_java_clients_with_shield.html > > ) > > > > Bruno > > > > > > 2017-01-28 15:44 GMT+01:00 Jonathan Greenleaf < > [email protected]>: > > > > > I have been able to start the server on 8443, but have not been able to > > > make a connection to my Elasticsearch data node over SSL. I verified > I can > > > curl (curl --insecure -v -u user:pwd https:xx.xx.xx.xx:9200/...) the > ES box > > > with the Shield credentials. > > > > > > Within the interpreter I have > > > name -> value > > > shield.user -> user:pwd > > > shield.transport.ssl -> true > > > > > > we use port 9200 and force the gets/searches to require https. > > > > > > and I don't know if this is even used but I included this dependency: > > > /zeppelin/interpreter/elasticsearch/shield-2.4.4.jar > > > based on what I read here: https://zeppelin.apache.org/ > > > docs/0.7.0-SNAPSHOT/interpreter/elasticsearch.html > > > > > > /zeppelin/logs/zeppelin-root-ip-10-2-3-144.log > > > INFO [2017-01-27 20:38:44,556] ({main} AbstractConnector.java[ > doStart]:266) > > > - Started ServerConnector@30aba78f{SSL-HTTP/1.1}{0.0.0.0:8443} > > > > > > elasticsearch log complains: > > > [2017-01-27 21:23:18,161][WARN ][shield.transport.netty ] [esdata3] > > > received plaintext http traffic on a https channel, closing connection > [id: > > > 0xf43a9b2f, /xx.xx.xx.xx:36188 => /xx.xx.xx.xx:9200] > > > > > > I built from source - 0.8.0-SNAPSHOT. I also added this to > > > /zeppelin/elasticsearch/pom.xml > > > > > > <!-- add the shield jar as a dependency --> > > > <dependency> > > > <groupId>org.elasticsearch.plugin</groupId> > > > <artifactId>shield</artifactId> > > > <version>2.4.4</version> > > > </dependency> > > > > > > I'm confused what I need to do with Shield on the Zeppelin server. Do > I > > > need to copy a cert from my existing Shield setup on my data node? > > > > > > Any pointers appreciated. > > > Thanks - Jonathan > > > > > >
