[Apiman-user] Having trouble connecting to Amazon Elasticsearch service

Eric Wittmann eric.wittmann at redhat.com
Tue Dec 8 15:06:12 EST 2015


Testing using 1.1.9.Final against the AWS instance of elastic was 
successful.  The only thing left for me to try is the access policy. 
Otherwise everything looks like it's working fine.  Here is the relevant 
section of my apiman.properties file, for reference:

apiman.es.protocol=https
apiman.es.host=search-apiman-elastic-sarog5jew3xacrec5szeefvdm4.us-east-1.es.amazonaws.com
apiman.es.port=443
apiman.es.username=
apiman.es.password=

Here is some relevant curl output after my simple test:

https://gist.github.com/EricWittmann/cc02a9ba6a2dee548a60

-Eric

On 12/8/2015 1:13 PM, Paul Blair wrote:
> It isn't too complicated -- I started here
> https://aws.amazon.com/elasticsearch-service/
>
> Basically you find "Elasticsearch Service" under the "Analytics" section
> of the AWS dashboard, hit the "Create a new domain" button, and follow the
> instructions.
>
> My access policy looks like this:
>
> {
>    "Version": "2012-10-17",
>    "Statement": [
>      {
>        "Sid": "",
>        "Effect": "Allow",
>        "Principal": {
>          "AWS": "*"
>        },
>        "Action": "es:*",
>        "Resource": "arn:aws:es:us-west-2[ARN]/*",
>        "Condition": {
>          "IpAddress": {
>            "aws:SourceIp": [
>              "[IP ADDRESS 1]", "[CIDR BLOCK 2]",...
>            ]
>          }
>        }
>      }
>    ]
> }
>
>
>
> On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>
>> Nope - I was worried that you were using 2.x, which we do not currently
>> support.
>>
>> Do you happen to have any instructions handy for setting up an AMZ
>> elasticsearch instance so I can try to reproduce this error?
>>
>> On 12/8/2015 12:28 PM, Paul Blair wrote:
>>> Amazon says their current version is 1.5.2. Does apiman require version
>>> 2.x?
>>>
>>> On 12/8/15, 12:21 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>>>
>>>> What version of elasticsearch are you using?
>>>>
>>>> On 12/8/2015 12:12 PM, Paul Blair wrote:
>>>>> The stack trace is below. Note that the instance seems to start fine;
>>>>> it's
>>>>> only when I make a request to the Gateway that I get this error.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023:
>>>>> Exception handling request to /apiman-gateway/test_api/1.7:
>>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFactor
>>>>> y.
>>>>> ja
>>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESCom
>>>>> po
>>>>> ne
>>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>> io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304)
>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegis
>>>>> tr
>>>>> y.
>>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRe
>>>>> gi
>>>>> st
>>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Servic
>>>>> eR
>>>>> eq
>>>>> uestExecutorImpl.java:252)
>>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServ
>>>>> le
>>>>> t.
>>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet
>>>>> .j
>>>>> av
>>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandle
>>>>> r.
>>>>> ja
>>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handle
>>>>> Re
>>>>> qu
>>>>> est(ServletSecurityRoleHandler.java:62)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Se
>>>>> rv
>>>>> le
>>>>> tDispatchingHandler.java:36)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandl
>>>>> er
>>>>> .h
>>>>> andleRequest(SecurityContextAssociationHandler.java:78)
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.
>>>>> ha
>>>>> nd
>>>>> leRequest(SSLInformationAssociationHandler.java:131)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.
>>>>> ha
>>>>> nd
>>>>> leRequest(ServletAuthenticationCallHandler.java:57)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequ
>>>>> es
>>>>> t(
>>>>> AbstractConfidentialityHandler.java:46)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintH
>>>>> an
>>>>> dl
>>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReq
>>>>> ue
>>>>> st
>>>>> (AuthenticationMechanismsHandler.java:58)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler
>>>>> .h
>>>>> an
>>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Secu
>>>>> ri
>>>>> ty
>>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handl
>>>>> eR
>>>>> eq
>>>>> uest(JACCContextIdHandler.java:61)
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan
>>>>> dl
>>>>> er
>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(S
>>>>> er
>>>>> vl
>>>>> etInitialHandler.java:261)
>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Serv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:248) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletIn
>>>>> it
>>>>> ia
>>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Serv
>>>>> le
>>>>> tI
>>>>> nitialHandler.java:167) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:761
>>>>> )
>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>     at
>>>>>
>>>>>
>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja
>>>>> va
>>>>> :1
>>>>> 142) [rt.jar:1.8.0_25]
>>>>>     at
>>>>>
>>>>>
>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j
>>>>> av
>>>>> a:
>>>>> 617) [rt.jar:1.8.0_25]
>>>>>     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
>>>>> Caused by: org.apache.http.NoHttpResponseException:
>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHt
>>>>> tp
>>>>> Re
>>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePars
>>>>> er
>>>>> .j
>>>>> ava:261) [httpcore-4.4.1.jar:4.4.1]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader
>>>>> (D
>>>>> ef
>>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.j
>>>>> av
>>>>> a:
>>>>> 167) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequ
>>>>> es
>>>>> tE
>>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecuto
>>>>> r.
>>>>> ja
>>>>> va:124) [httpcore-4.4.1.jar:4.4.1]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.ja
>>>>> va
>>>>> :2
>>>>> 71) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:1
>>>>> 84
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>>>>> [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:1
>>>>> 10
>>>>> )
>>>>> [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:184) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:82) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>>
>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl
>>>>> ie
>>>>> nt
>>>>> .java:107) [httpclient-4.5.jar:4.5]
>>>>>     at
>>>>>
>>>>> io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:50)
>>>>> [jest-0.1.6.jar:]
>>>>>     at
>>>>>
>>>>>
>>>>> io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClientFa
>>>>> ct
>>>>> or
>>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>     ... 39 more
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 12/8/15, 11:48 AM, "Eric Wittmann" <eric.wittmann at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> You definitely need to set the protocol to 'https', for the record.
>>>>>> Beyond that I'm not quite sure.  Do you have a full stack trace or
>>>>>> just
>>>>>> that part of it?
>>>>>>
>>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote:
>>>>>>> Not quite sure what to make of this: I'm getting
>>>>>>>
>>>>>>>         org.apache.http.NoHttpResponseException: [endpoint_URI]:443
>>>>>>> failed
>>>>>>> to respond
>>>>>>>
>>>>>>> But if I do:
>>>>>>>
>>>>>>> curl https://[endpont_URI]:443
>>>>>>>
>>>>>>> I get a response from Elasticsearch‹this is because I have the
>>>>>>> Amazon
>>>>>>> Elasticsearch instance permissioned to accept any connections from
>>>>>>> the
>>>>>>> IP address where apiman is running.
>>>>>>>
>>>>>>> The apiman configurations look like this:
>>>>>>>
>>>>>>> apiman.es.protocol=http
>>>>>>> apiman.es.host=[endpoint_URI]
>>>>>>> apiman.es.port=443
>>>>>>> apiman.es.username=
>>>>>>> apiman.es.password=
>>>>>>>
>>>>>>> Changing protocol from http to https doesn't appear to help, nor
>>>>>>> does
>>>>>>> removing the username and password properties entirely. Any
>>>>>>> suggestions?
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Apiman-user mailing list
>>>>>>> Apiman-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>>
>>>>>
>>>
>


More information about the Apiman-user mailing list