Re: [Apiman-user] Having trouble connecting to Amazon Elasticsearch service

Tuesday, 8 December 2015

Testing using 1.1.9.Final against the AWS instance of elastic was 
successful.  The only thing left for me to try is the access policy. 
Otherwise everything looks like it's working fine.  Here is the relevant 
section of my apiman.properties file, for reference:

apiman.es.protocol=https
apiman.es.host=search-apiman-elastic-sarog5jew3xacrec5szeefvdm4.us-east-1...
apiman.es.port=443
apiman.es.username=
apiman.es.password=

Here is some relevant curl output after my simple test:

https://gist.github.com/EricWittmann/cc02a9ba6a2dee548a60

-Eric

On 12/8/2015 1:13 PM, Paul Blair wrote:
...
 It isn't too complicated -- I started here
 https://aws.amazon.com/elasticsearch-service/

 Basically you find "Elasticsearch Service" under the "Analytics"
section
 of the AWS dashboard, hit the "Create a new domain" button, and follow the
 instructions.

 My access policy looks like this:

 {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "AWS": "*"
        },
        "Action": "es:*",
        "Resource": "arn:aws:es:us-west-2[ARN]/*",
        "Condition": {
          "IpAddress": {
            "aws:SourceIp": [
              "[IP ADDRESS 1]", "[CIDR BLOCK 2]",...
            ]
          }
        }
      }
    ]
 }

 On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt; wrote:

> Nope - I was worried that you were using 2.x, which we do not currently
> support.
>
> Do you happen to have any instructions handy for setting up an AMZ
> elasticsearch instance so I can try to reproduce this error?
>
> On 12/8/2015 12:28 PM, Paul Blair wrote:
>> Amazon says their current version is 1.5.2. Does apiman require version
>> 2.x?
>>
>> On 12/8/15, 12:21 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt;
wrote:
>>
>>> What version of elasticsearch are you using?
>>>
>>> On 12/8/2015 12:12 PM, Paul Blair wrote:
>>>> The stack trace is below. Note that the instance seems to start fine;
>>>> it's
>>>> only when I make a request to the Gateway that I get this error.
>>>>
>>>> Thanks!
>>>>
>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023:
>>>> Exception handling request to /apiman-gateway/test_api/1.7:
>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException:
>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>> ct
>>>> or
>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>> ct
>>>> or
>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>> ct
>>>> or
>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFactor
>>>> y.
>>>> ja
>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESCom
>>>> po
>>>> ne
>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315)
>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304)
>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegis
>>>> tr
>>>> y.
>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRe
>>>> gi
>>>> st
>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Servic
>>>> eR
>>>> eq
>>>> uestExecutorImpl.java:252)
>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServ
>>>> le
>>>> t.
>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet
>>>> .j
>>>> av
>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandle
>>>> r.
>>>> ja
>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handle
>>>> Re
>>>> qu
>>>> est(ServletSecurityRoleHandler.java:62)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Se
>>>> rv
>>>> le
>>>> tDispatchingHandler.java:36)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandl
>>>> er
>>>> .h
>>>> andleRequest(SecurityContextAssociationHandler.java:78)
>>>>     at
>>>>
>>>>
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>> dl
>>>> er
>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.
>>>> ha
>>>> nd
>>>> leRequest(SSLInformationAssociationHandler.java:131)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.
>>>> ha
>>>> nd
>>>> leRequest(ServletAuthenticationCallHandler.java:57)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>> dl
>>>> er
>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequ
>>>> es
>>>> t(
>>>> AbstractConfidentialityHandler.java:46)
>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintH
>>>> an
>>>> dl
>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReq
>>>> ue
>>>> st
>>>> (AuthenticationMechanismsHandler.java:58)
>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler
>>>> .h
>>>> an
>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Secu
>>>> ri
>>>> ty
>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>> dl
>>>> er
>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handl
>>>> eR
>>>> eq
>>>> uest(JACCContextIdHandler.java:61)
>>>>     at
>>>>
>>>>
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>> dl
>>>> er
>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>> dl
>>>> er
>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(S
>>>> er
>>>> vl
>>>> etInitialHandler.java:261)
>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Serv
>>>> le
>>>> tI
>>>> nitialHandler.java:248) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletIn
>>>> it
>>>> ia
>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Serv
>>>> le
>>>> tI
>>>> nitialHandler.java:167) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:761
>>>> )
>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>     at
>>>>
>>>>
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja
>>>> va
>>>> :1
>>>> 142) [rt.jar:1.8.0_25]
>>>>     at
>>>>
>>>>
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j
>>>> av
>>>> a:
>>>> 617) [rt.jar:1.8.0_25]
>>>>     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
>>>> Caused by: org.apache.http.NoHttpResponseException:
>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>> tp
>>>> Re
>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>> tp
>>>> Re
>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePars
>>>> er
>>>> .j
>>>> ava:261) [httpcore-4.4.1.jar:4.4.1]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader
>>>> (D
>>>> ef
>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.j
>>>> av
>>>> a:
>>>> 167) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequ
>>>> es
>>>> tE
>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecuto
>>>> r.
>>>> ja
>>>> va:124) [httpcore-4.4.1.jar:4.4.1]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.ja
>>>> va
>>>> :2
>>>> 71) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:1
>>>> 84
>>>> )
>>>> [httpclient-4.5.jar:4.5]
>>>>     at
>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>>>> [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:1
>>>> 10
>>>> )
>>>> [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpCl
>>>> ie
>>>> nt
>>>> .java:184) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>> ie
>>>> nt
>>>> .java:82) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>>
>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>> ie
>>>> nt
>>>> .java:107) [httpclient-4.5.jar:4.5]
>>>>     at
>>>>
>>>> io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:50)
>>>> [jest-0.1.6.jar:]
>>>>     at
>>>>
>>>>
>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>> ct
>>>> or
>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>     ... 39 more
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 12/8/15, 11:48 AM, "Eric Wittmann"
<eric.wittmann(a)redhat.com&gt;
>>>> wrote:
>>>>
>>>>> You definitely need to set the protocol to 'https', for the
record.
>>>>> Beyond that I'm not quite sure.  Do you have a full stack trace
or
>>>>> just
>>>>> that part of it?
>>>>>
>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote:
>>>>>> Not quite sure what to make of this: I'm getting
>>>>>>
>>>>>>         org.apache.http.NoHttpResponseException:
[endpoint_URI]:443
>>>>>> failed
>>>>>> to respond
>>>>>>
>>>>>> But if I do:
>>>>>>
>>>>>> curl https://[endpont_URI]:443
>>>>>>
>>>>>> I get a response from Elasticsearch‹this is because I have the
>>>>>> Amazon
>>>>>> Elasticsearch instance permissioned to accept any connections
from
>>>>>> the
>>>>>> IP address where apiman is running.
>>>>>>
>>>>>> The apiman configurations look like this:
>>>>>>
>>>>>> apiman.es.protocol=http
>>>>>> apiman.es.host=[endpoint_URI]
>>>>>> apiman.es.port=443
>>>>>> apiman.es.username=
>>>>>> apiman.es.password=
>>>>>>
>>>>>> Changing protocol from http to https doesn't appear to help,
nor
>>>>>> does
>>>>>> removing the username and password properties entirely. Any
>>>>>> suggestions?
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Apiman-user mailing list
>>>>>> Apiman-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>
>>>>
>>

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [Apiman-user] Having trouble connecting to Amazon Elasticsearch service