Re: [Apiman-user] Having trouble connecting to Amazon Elasticsearch service

When you create your domain, is it important what you name it? I named it testapi, so my endpoint looks like search-testapi-6ygyetc5y43j6xhuwhc24nwwzu.us-west-2.es.amazonaws.com And the domain ARN is then arn:aws:es:us-west-2:577360696927:domain/testapi On 12/8/15, 3:06 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt; wrote: > Testing using 1.1.9.Final against the AWS instance of elastic was > successful. The only thing left for me to try is the access policy. > Otherwise everything looks like it's working fine. Here is the relevant > section of my apiman.properties file, for reference: > > apiman.es.protocol=https > apiman.es.host=search-apiman-elastic-sarog5jew3xacrec5szeefvdm4.us-east-1. > es.amazonaws.com > apiman.es.port=443 > apiman.es.username= > apiman.es.password= > > Here is some relevant curl output after my simple test: > > https://gist.github.com/EricWittmann/cc02a9ba6a2dee548a60 > > -Eric > > On 12/8/2015 1:13 PM, Paul Blair wrote: >> It isn't too complicated -- I started here >> https://aws.amazon.com/elasticsearch-service/ >> >> Basically you find "Elasticsearch Service" under the "Analytics" section >> of the AWS dashboard, hit the "Create a new domain" button, and follow >> the >> instructions. >> >> My access policy looks like this: >> >> { >> "Version": "2012-10-17", >> "Statement": [ >> { >> "Sid": "", >> "Effect": "Allow", >> "Principal": { >> "AWS": "*" >> }, >> "Action": "es:*", >> "Resource": "arn:aws:es:us-west-2[ARN]/*", >> "Condition": { >> "IpAddress": { >> "aws:SourceIp": [ >> "[IP ADDRESS 1]", "[CIDR BLOCK 2]",... >> ] >> } >> } >> } >> ] >> } >> >> >> >> On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt; wrote: >> >>> Nope - I was worried that you were using 2.x, which we do not currently >>> support. >>> >>> Do you happen to have any instructions handy for setting up an AMZ >>> elasticsearch instance so I can try to reproduce this error? >>> >>> On 12/8/2015 12:28 PM, Paul Blair wrote: >>>> Amazon says their current version is 1.5.2. Does apiman require >>>> version >>>> 2.x? >>>> >>>> On 12/8/15, 12:21 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt; >>>> wrote: >>>> >>>>> What version of elasticsearch are you using? >>>>> >>>>> On 12/8/2015 12:12 PM, Paul Blair wrote: >>>>>> The stack trace is below. Note that the instance seems to start >>>>>> fine; >>>>>> it's >>>>>> only when I make a request to the Gateway that I get this error. >>>>>> >>>>>> Thanks! >>>>>> >>>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023: >>>>>> Exception handling request to /apiman-gateway/test_api/1.7: >>>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException: >>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient >>>>>> Fa >>>>>> ct >>>>>> or >>>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient >>>>>> Fa >>>>>> ct >>>>>> or >>>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient >>>>>> Fa >>>>>> ct >>>>>> or >>>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFact >>>>>> or >>>>>> y. >>>>>> ja >>>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESC >>>>>> om >>>>>> po >>>>>> ne >>>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315 >>>>>> ) >>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304 >>>>>> ) >>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESReg >>>>>> is >>>>>> tr >>>>>> y. >>>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(Secure >>>>>> Re >>>>>> gi >>>>>> st >>>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Serv >>>>>> ic >>>>>> eR >>>>>> eq >>>>>> uestExecutorImpl.java:252) >>>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewaySe >>>>>> rv >>>>>> le >>>>>> t. >>>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServl >>>>>> et >>>>>> .j >>>>>> av >>>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:] >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) >>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) >>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHand >>>>>> le >>>>>> r. >>>>>> ja >>>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.hand >>>>>> le >>>>>> Re >>>>>> qu >>>>>> est(ServletSecurityRoleHandler.java:62) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest( >>>>>> Se >>>>>> rv >>>>>> le >>>>>> tDispatchingHandler.java:36) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.wildfly.extension.undertow.security.SecurityContextAssociationHan >>>>>> dl >>>>>> er >>>>>> .h >>>>>> andleRequest(SecurityContextAssociationHandler.java:78) >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH >>>>>> an >>>>>> dl >>>>>> er >>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandle >>>>>> r. >>>>>> ha >>>>>> nd >>>>>> leRequest(SSLInformationAssociationHandler.java:131) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandle >>>>>> r. >>>>>> ha >>>>>> nd >>>>>> leRequest(ServletAuthenticationCallHandler.java:57) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH >>>>>> an >>>>>> dl >>>>>> er >>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRe >>>>>> qu >>>>>> es >>>>>> t( >>>>>> AbstractConfidentialityHandler.java:46) >>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstrain >>>>>> tH >>>>>> an >>>>>> dl >>>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleR >>>>>> eq >>>>>> ue >>>>>> st >>>>>> (AuthenticationMechanismsHandler.java:58) >>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandl >>>>>> er >>>>>> .h >>>>>> an >>>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Se >>>>>> cu >>>>>> ri >>>>>> ty >>>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH >>>>>> an >>>>>> dl >>>>>> er >>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.han >>>>>> dl >>>>>> eR >>>>>> eq >>>>>> uest(JACCContextIdHandler.java:61) >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH >>>>>> an >>>>>> dl >>>>>> er >>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH >>>>>> an >>>>>> dl >>>>>> er >>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest >>>>>> (S >>>>>> er >>>>>> vl >>>>>> etInitialHandler.java:261) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Se >>>>>> rv >>>>>> le >>>>>> tI >>>>>> nitialHandler.java:248) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(Servlet >>>>>> In >>>>>> it >>>>>> ia >>>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Se >>>>>> rv >>>>>> le >>>>>> tI >>>>>> nitialHandler.java:167) >>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) >>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:7 >>>>>> 61 >>>>>> ) >>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. >>>>>> ja >>>>>> va >>>>>> :1 >>>>>> 142) [rt.jar:1.8.0_25] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor >>>>>> .j >>>>>> av >>>>>> a: >>>>>> 617) [rt.jar:1.8.0_25] >>>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25] >>>>>> Caused by: org.apache.http.NoHttpResponseException: >>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default >>>>>> Ht >>>>>> tp >>>>>> Re >>>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default >>>>>> Ht >>>>>> tp >>>>>> Re >>>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePa >>>>>> rs >>>>>> er >>>>>> .j >>>>>> ava:261) [httpcore-4.4.1.jar:4.4.1] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHead >>>>>> er >>>>>> (D >>>>>> ef >>>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy >>>>>> .j >>>>>> av >>>>>> a: >>>>>> 167) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRe >>>>>> qu >>>>>> es >>>>>> tE >>>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecu >>>>>> to >>>>>> r. >>>>>> ja >>>>>> va:124) [httpcore-4.4.1.jar:4.4.1] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec. >>>>>> ja >>>>>> va >>>>>> :2 >>>>>> 71) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java >>>>>> :1 >>>>>> 84 >>>>>> ) >>>>>> [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) >>>>>> [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java >>>>>> :1 >>>>>> 10 >>>>>> ) >>>>>> [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp >>>>>> Cl >>>>>> ie >>>>>> nt >>>>>> .java:184) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp >>>>>> Cl >>>>>> ie >>>>>> nt >>>>>> .java:82) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp >>>>>> Cl >>>>>> ie >>>>>> nt >>>>>> .java:107) [httpclient-4.5.jar:4.5] >>>>>> at >>>>>> >>>>>> >>>>>> io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:5 >>>>>> 0) >>>>>> [jest-0.1.6.jar:] >>>>>> at >>>>>> >>>>>> >>>>>> >>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient >>>>>> Fa >>>>>> ct >>>>>> or >>>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:] >>>>>> ... 39 more >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 12/8/15, 11:48 AM, "Eric Wittmann" <eric.wittmann(a)redhat.com&gt; >>>>>> wrote: >>>>>> >>>>>>> You definitely need to set the protocol to 'https', for the record. >>>>>>> Beyond that I'm not quite sure. Do you have a full stack trace or >>>>>>> just >>>>>>> that part of it? >>>>>>> >>>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote: >>>>>>>> Not quite sure what to make of this: I'm getting >>>>>>>> >>>>>>>> org.apache.http.NoHttpResponseException: >>>>>>>> [endpoint_URI]:443 >>>>>>>> failed >>>>>>>> to respond >>>>>>>> >>>>>>>> But if I do: >>>>>>>> >>>>>>>> curl https://[endpont_URI]:443 >>>>>>>> >>>>>>>> I get a response from Elasticsearch‹this is because I have the >>>>>>>> Amazon >>>>>>>> Elasticsearch instance permissioned to accept any connections from >>>>>>>> the >>>>>>>> IP address where apiman is running. >>>>>>>> >>>>>>>> The apiman configurations look like this: >>>>>>>> >>>>>>>> apiman.es.protocol=http >>>>>>>> apiman.es.host=[endpoint_URI] >>>>>>>> apiman.es.port=443 >>>>>>>> apiman.es.username= >>>>>>>> apiman.es.password= >>>>>>>> >>>>>>>> Changing protocol from http to https doesn't appear to help, nor >>>>>>>> does >>>>>>>> removing the username and password properties entirely. Any >>>>>>>> suggestions? >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Apiman-user mailing list >>>>>>>> Apiman-user(a)lists.jboss.org >>>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>>>>>>> >>>>>> >>>> >>