When you create your domain, is it important what you name it? I named it
testapi, so my endpoint looks like
And the domain ARN is then
arn:aws:es:us-west-2:577360696927:domain/testapi
On 12/8/15, 3:06 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com> wrote:
Testing using 1.1.9.Final against the AWS instance of elastic was
successful. The only thing left for me to try is the access policy.
Otherwise everything looks like it's working fine. Here is the relevant
section of my apiman.properties file, for reference:
apiman.es.protocol=https
apiman.es.host=search-apiman-elastic-sarog5jew3xacrec5szeefvdm4.us-east-1.
es.amazonaws.com
apiman.es.port=443
apiman.es.username=
apiman.es.password=
Here is some relevant curl output after my simple test:
https://gist.github.com/EricWittmann/cc02a9ba6a2dee548a60
-Eric
On 12/8/2015 1:13 PM, Paul Blair wrote:
> It isn't too complicated -- I started here
>
https://aws.amazon.com/elasticsearch-service/
>
> Basically you find "Elasticsearch Service" under the "Analytics"
section
> of the AWS dashboard, hit the "Create a new domain" button, and follow
>the
> instructions.
>
> My access policy looks like this:
>
> {
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "",
> "Effect": "Allow",
> "Principal": {
> "AWS": "*"
> },
> "Action": "es:*",
> "Resource": "arn:aws:es:us-west-2[ARN]/*",
> "Condition": {
> "IpAddress": {
> "aws:SourceIp": [
> "[IP ADDRESS 1]", "[CIDR BLOCK 2]",...
> ]
> }
> }
> }
> ]
> }
>
>
>
> On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com>
wrote:
>
>> Nope - I was worried that you were using 2.x, which we do not currently
>> support.
>>
>> Do you happen to have any instructions handy for setting up an AMZ
>> elasticsearch instance so I can try to reproduce this error?
>>
>> On 12/8/2015 12:28 PM, Paul Blair wrote:
>>> Amazon says their current version is 1.5.2. Does apiman require
>>>version
>>> 2.x?
>>>
>>> On 12/8/15, 12:21 PM, "Eric Wittmann"
<eric.wittmann(a)redhat.com>
>>>wrote:
>>>
>>>> What version of elasticsearch are you using?
>>>>
>>>> On 12/8/2015 12:12 PM, Paul Blair wrote:
>>>>> The stack trace is below. Note that the instance seems to start
>>>>>fine;
>>>>> it's
>>>>> only when I make a request to the Gateway that I get this error.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023:
>>>>> Exception handling request to /apiman-gateway/test_api/1.7:
>>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient
>>>>>Fa
>>>>> ct
>>>>> or
>>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient
>>>>>Fa
>>>>> ct
>>>>> or
>>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient
>>>>>Fa
>>>>> ct
>>>>> or
>>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFact
>>>>>or
>>>>> y.
>>>>> ja
>>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESC
>>>>>om
>>>>> po
>>>>> ne
>>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315
>>>>>)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304
>>>>>)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESReg
>>>>>is
>>>>> tr
>>>>> y.
>>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(Secure
>>>>>Re
>>>>> gi
>>>>> st
>>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Serv
>>>>>ic
>>>>> eR
>>>>> eq
>>>>> uestExecutorImpl.java:252)
>>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewaySe
>>>>>rv
>>>>> le
>>>>> t.
>>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServl
>>>>>et
>>>>> .j
>>>>> av
>>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHand
>>>>>le
>>>>> r.
>>>>> ja
>>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.hand
>>>>>le
>>>>> Re
>>>>> qu
>>>>> est(ServletSecurityRoleHandler.java:62)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
>>>>>Se
>>>>> rv
>>>>> le
>>>>> tDispatchingHandler.java:36)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.wildfly.extension.undertow.security.SecurityContextAssociationHan
>>>>>dl
>>>>> er
>>>>> .h
>>>>> andleRequest(SecurityContextAssociationHandler.java:78)
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>an
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.security.SSLInformationAssociationHandle
>>>>>r.
>>>>> ha
>>>>> nd
>>>>> leRequest(SSLInformationAssociationHandler.java:131)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.security.ServletAuthenticationCallHandle
>>>>>r.
>>>>> ha
>>>>> nd
>>>>> leRequest(ServletAuthenticationCallHandler.java:57)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>an
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.security.handlers.AbstractConfidentialityHandler.handleRe
>>>>>qu
>>>>> es
>>>>> t(
>>>>> AbstractConfidentialityHandler.java:46)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.security.ServletConfidentialityConstrain
>>>>>tH
>>>>> an
>>>>> dl
>>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.security.handlers.AuthenticationMechanismsHandler.handleR
>>>>>eq
>>>>> ue
>>>>> st
>>>>> (AuthenticationMechanismsHandler.java:58)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandl
>>>>>er
>>>>> .h
>>>>> an
>>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Se
>>>>>cu
>>>>> ri
>>>>> ty
>>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>an
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.han
>>>>>dl
>>>>> eR
>>>>> eq
>>>>> uest(JACCContextIdHandler.java:61)
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>an
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>an
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest
>>>>>(S
>>>>> er
>>>>> vl
>>>>> etInitialHandler.java:261)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Se
>>>>>rv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:248)
>>>>>[undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletInitialHandler.access$000(Servlet
>>>>>In
>>>>> it
>>>>> ia
>>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Se
>>>>>rv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:167)
>>>>>[undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:7
>>>>>61
>>>>> )
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
>>>>>ja
>>>>> va
>>>>> :1
>>>>> 142) [rt.jar:1.8.0_25]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>>>>>.j
>>>>> av
>>>>> a:
>>>>> 617) [rt.jar:1.8.0_25]
>>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
>>>>> Caused by: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default
>>>>>Ht
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default
>>>>>Ht
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePa
>>>>>rs
>>>>> er
>>>>> .j
>>>>> ava:261) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHead
>>>>>er
>>>>> (D
>>>>> ef
>>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy
>>>>>.j
>>>>> av
>>>>> a:
>>>>> 167) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRe
>>>>>qu
>>>>> es
>>>>> tE
>>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecu
>>>>>to
>>>>> r.
>>>>> ja
>>>>> va:124) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
>>>>>ja
>>>>> va
>>>>> :2
>>>>> 71) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java
>>>>>:1
>>>>> 84
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java
>>>>>:1
>>>>> 10
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
>>>>>Cl
>>>>> ie
>>>>> nt
>>>>> .java:184) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>>>Cl
>>>>> ie
>>>>> nt
>>>>> .java:82) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>>>Cl
>>>>> ie
>>>>> nt
>>>>> .java:107) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>>io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:5
>>>>>0)
>>>>> [jest-0.1.6.jar:]
>>>>> at
>>>>>
>>>>>
>>>>>
>>>>>io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient
>>>>>Fa
>>>>> ct
>>>>> or
>>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> ... 39 more
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 12/8/15, 11:48 AM, "Eric Wittmann"
<eric.wittmann(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> You definitely need to set the protocol to 'https', for
the record.
>>>>>> Beyond that I'm not quite sure. Do you have a full stack
trace or
>>>>>> just
>>>>>> that part of it?
>>>>>>
>>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote:
>>>>>>> Not quite sure what to make of this: I'm getting
>>>>>>>
>>>>>>> org.apache.http.NoHttpResponseException:
>>>>>>>[endpoint_URI]:443
>>>>>>> failed
>>>>>>> to respond
>>>>>>>
>>>>>>> But if I do:
>>>>>>>
>>>>>>> curl
https://[endpont_URI]:443
>>>>>>>
>>>>>>> I get a response from Elasticsearch‹this is because I have
the
>>>>>>> Amazon
>>>>>>> Elasticsearch instance permissioned to accept any connections
from
>>>>>>> the
>>>>>>> IP address where apiman is running.
>>>>>>>
>>>>>>> The apiman configurations look like this:
>>>>>>>
>>>>>>> apiman.es.protocol=http
>>>>>>> apiman.es.host=[endpoint_URI]
>>>>>>> apiman.es.port=443
>>>>>>> apiman.es.username=
>>>>>>> apiman.es.password=
>>>>>>>
>>>>>>> Changing protocol from http to https doesn't appear to
help, nor
>>>>>>> does
>>>>>>> removing the username and password properties entirely. Any
>>>>>>> suggestions?
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Apiman-user mailing list
>>>>>>> Apiman-user(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>>
>>>>>
>>>
>