[Apiman-user] Having trouble connecting to Amazon Elasticsearch service
Eric Wittmann
eric.wittmann at redhat.com
Tue Dec 8 14:47:32 EST 2015
Update: I have set up ES in AWS without issue. I tested using the
latest (master) version of apiman and everything worked fine. The only
difference is that I didn't restrict access based on IP address.
I'm going to try testing in 1.1.9.Final next. If that works OK then
I'll try adding the IP address restriction.
-Eric
On 12/8/2015 1:13 PM, Paul Blair wrote:
> It isn't too complicated -- I started here
> https://aws.amazon.com/elasticsearch-service/
>
> Basically you find "Elasticsearch Service" under the "Analytics" section
> of the AWS dashboard, hit the "Create a new domain" button, and follow the
> instructions.
>
> My access policy looks like this:
>
> {
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "",
> "Effect": "Allow",
> "Principal": {
> "AWS": "*"
> },
> "Action": "es:*",
> "Resource": "arn:aws:es:us-west-2[ARN]/*",
> "Condition": {
> "IpAddress": {
> "aws:SourceIp": [
> "[IP ADDRESS 1]", "[CIDR BLOCK 2]",...
> ]
> }
> }
> }
> ]
> }
>
>
>
> On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>
>> Nope - I was worried that you were using 2.x, which we do not currently
>> support.
>>
>> Do you happen to have any instructions handy for setting up an AMZ
>> elasticsearch instance so I can try to reproduce this error?
>>
>> On 12/8/2015 12:28 PM, Paul Blair wrote:
>>> Amazon says their current version is 1.5.2. Does apiman require version
>>> 2.x?
>>>
>>> On 12/8/15, 12:21 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>>>
>>>> What version of elasticsearch are you using?
>>>>
>>>> On 12/8/2015 12:12 PM, Paul Blair wrote:
>>>>> The stack trace is below. Note that the instance seems to start fine;
>>>>> it's
>>>>> only when I make a request to the Gateway that I get this error.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023:
>>>>> Exception handling request to /apiman-gateway/test_api/1.7:
>>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFactor
>>>>> y.
>>>>> ja
>>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESCom
>>>>> po
>>>>> ne
>>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegis
>>>>> tr
>>>>> y.
>>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRe
>>>>> gi
>>>>> st
>>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Servic
>>>>> eR
>>>>> eq
>>>>> uestExecutorImpl.java:252)
>>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServ
>>>>> le
>>>>> t.
>>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet
>>>>> .j
>>>>> av
>>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandle
>>>>> r.
>>>>> ja
>>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handle
>>>>> Re
>>>>> qu
>>>>> est(ServletSecurityRoleHandler.java:62)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Se
>>>>> rv
>>>>> le
>>>>> tDispatchingHandler.java:36)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandl
>>>>> er
>>>>> .h
>>>>> andleRequest(SecurityContextAssociationHandler.java:78)
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.
>>>>> ha
>>>>> nd
>>>>> leRequest(SSLInformationAssociationHandler.java:131)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.
>>>>> ha
>>>>> nd
>>>>> leRequest(ServletAuthenticationCallHandler.java:57)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequ
>>>>> es
>>>>> t(
>>>>> AbstractConfidentialityHandler.java:46)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintH
>>>>> an
>>>>> dl
>>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReq
>>>>> ue
>>>>> st
>>>>> (AuthenticationMechanismsHandler.java:58)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler
>>>>> .h
>>>>> an
>>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Secu
>>>>> ri
>>>>> ty
>>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handl
>>>>> eR
>>>>> eq
>>>>> uest(JACCContextIdHandler.java:61)
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(S
>>>>> er
>>>>> vl
>>>>> etInitialHandler.java:261)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Serv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:248) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletIn
>>>>> it
>>>>> ia
>>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Serv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:167) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:761
>>>>> )
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>> at
>>>>>
>>>>>
>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja
>>>>> va
>>>>> :1
>>>>> 142) [rt.jar:1.8.0_25]
>>>>> at
>>>>>
>>>>>
>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j
>>>>> av
>>>>> a:
>>>>> 617) [rt.jar:1.8.0_25]
>>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
>>>>> Caused by: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePars
>>>>> er
>>>>> .j
>>>>> ava:261) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader
>>>>> (D
>>>>> ef
>>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.j
>>>>> av
>>>>> a:
>>>>> 167) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequ
>>>>> es
>>>>> tE
>>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecuto
>>>>> r.
>>>>> ja
>>>>> va:124) [httpcore-4.4.1.jar:4.4.1]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.ja
>>>>> va
>>>>> :2
>>>>> 71) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:1
>>>>> 84
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:1
>>>>> 10
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:184) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:82) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:107) [httpclient-4.5.jar:4.5]
>>>>> at
>>>>>
>>>>> io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:50)
>>>>> [jest-0.1.6.jar:]
>>>>> at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>> ... 39 more
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 12/8/15, 11:48 AM, "Eric Wittmann" <eric.wittmann at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> You definitely need to set the protocol to 'https', for the record.
>>>>>> Beyond that I'm not quite sure. Do you have a full stack trace or
>>>>>> just
>>>>>> that part of it?
>>>>>>
>>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote:
>>>>>>> Not quite sure what to make of this: I'm getting
>>>>>>>
>>>>>>> org.apache.http.NoHttpResponseException: [endpoint_URI]:443
>>>>>>> failed
>>>>>>> to respond
>>>>>>>
>>>>>>> But if I do:
>>>>>>>
>>>>>>> curl https://[endpont_URI]:443
>>>>>>>
>>>>>>> I get a response from Elasticsearch‹this is because I have the
>>>>>>> Amazon
>>>>>>> Elasticsearch instance permissioned to accept any connections from
>>>>>>> the
>>>>>>> IP address where apiman is running.
>>>>>>>
>>>>>>> The apiman configurations look like this:
>>>>>>>
>>>>>>> apiman.es.protocol=http
>>>>>>> apiman.es.host=[endpoint_URI]
>>>>>>> apiman.es.port=443
>>>>>>> apiman.es.username=
>>>>>>> apiman.es.password=
>>>>>>>
>>>>>>> Changing protocol from http to https doesn't appear to help, nor
>>>>>>> does
>>>>>>> removing the username and password properties entirely. Any
>>>>>>> suggestions?
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Apiman-user mailing list
>>>>>>> Apiman-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>>
>>>>>
>>>
>
More information about the Apiman-user
mailing list