[Apiman-user] Having trouble connecting to Amazon Elasticsearch service

Paul Blair pblair at clearme.com
Tue Dec 8 15:26:42 EST 2015


When you create your domain, is it important what you name it? I named it
testapi, so my endpoint looks like

search-testapi-6ygyetc5y43j6xhuwhc24nwwzu.us-west-2.es.amazonaws.com

And the domain ARN is then

arn:aws:es:us-west-2:577360696927:domain/testapi


On 12/8/15, 3:06 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:

>Testing using 1.1.9.Final against the AWS instance of elastic was
>successful.  The only thing left for me to try is the access policy.
>Otherwise everything looks like it's working fine.  Here is the relevant
>section of my apiman.properties file, for reference:
>
>apiman.es.protocol=https
>apiman.es.host=search-apiman-elastic-sarog5jew3xacrec5szeefvdm4.us-east-1.
>es.amazonaws.com
>apiman.es.port=443
>apiman.es.username=
>apiman.es.password=
>
>Here is some relevant curl output after my simple test:
>
>https://gist.github.com/EricWittmann/cc02a9ba6a2dee548a60
>
>-Eric
>
>On 12/8/2015 1:13 PM, Paul Blair wrote:
>> It isn't too complicated -- I started here
>> https://aws.amazon.com/elasticsearch-service/
>>
>> Basically you find "Elasticsearch Service" under the "Analytics" section
>> of the AWS dashboard, hit the "Create a new domain" button, and follow
>>the
>> instructions.
>>
>> My access policy looks like this:
>>
>> {
>>    "Version": "2012-10-17",
>>    "Statement": [
>>      {
>>        "Sid": "",
>>        "Effect": "Allow",
>>        "Principal": {
>>          "AWS": "*"
>>        },
>>        "Action": "es:*",
>>        "Resource": "arn:aws:es:us-west-2[ARN]/*",
>>        "Condition": {
>>          "IpAddress": {
>>            "aws:SourceIp": [
>>              "[IP ADDRESS 1]", "[CIDR BLOCK 2]",...
>>            ]
>>          }
>>        }
>>      }
>>    ]
>> }
>>
>>
>>
>> On 12/8/15, 12:30 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>>
>>> Nope - I was worried that you were using 2.x, which we do not currently
>>> support.
>>>
>>> Do you happen to have any instructions handy for setting up an AMZ
>>> elasticsearch instance so I can try to reproduce this error?
>>>
>>> On 12/8/2015 12:28 PM, Paul Blair wrote:
>>>> Amazon says their current version is 1.5.2. Does apiman require
>>>>version
>>>> 2.x?
>>>>
>>>> On 12/8/15, 12:21 PM, "Eric Wittmann" <eric.wittmann at redhat.com>
>>>>wrote:
>>>>
>>>>> What version of elasticsearch are you using?
>>>>>
>>>>> On 12/8/2015 12:12 PM, Paul Blair wrote:
>>>>>> The stack trace is below. Note that the instance seems to start
>>>>>>fine;
>>>>>> it's
>>>>>> only when I make a request to the Gateway that I get this error.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> 16:18:04,746 ERROR [io.undertow.request] (default task-1) UT005023:
>>>>>> Exception handling request to /apiman-gateway/test_api/1.7:
>>>>>> java.lang.RuntimeException: org.apache.http.NoHttpResponseException:
>>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient
>>>>>>Fa
>>>>>> ct
>>>>>> or
>>>>>> y.java:200) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient
>>>>>>Fa
>>>>>> ct
>>>>>> or
>>>>>> y.java:140) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESClientFactory.createJestClient(ESClient
>>>>>>Fa
>>>>>> ct
>>>>>> or
>>>>>> y.java:101) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESClientFactory.createClient(ESClientFact
>>>>>>or
>>>>>> y.
>>>>>> ja
>>>>>> va:66) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.AbstractESComponent.getClient(AbstractESC
>>>>>>om
>>>>>> po
>>>>>> ne
>>>>>> nt.java:45) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:315
>>>>>>)
>>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESRegistry.getService(ESRegistry.java:304
>>>>>>)
>>>>>> [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESReg
>>>>>>is
>>>>>> tr
>>>>>> y.
>>>>>> java:189) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(Secure
>>>>>>Re
>>>>>> gi
>>>>>> st
>>>>>> ryWrapper.java:97) [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(Serv
>>>>>>ic
>>>>>> eR
>>>>>> eq
>>>>>> uestExecutorImpl.java:252)
>>>>>> [apiman-gateway-engine-core-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewaySe
>>>>>>rv
>>>>>> le
>>>>>> t.
>>>>>> java:236) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServl
>>>>>>et
>>>>>> .j
>>>>>> av
>>>>>> a:82) [apiman-gateway-platforms-servlet-1.1.9.Final.jar:]
>>>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHand
>>>>>>le
>>>>>> r.
>>>>>> ja
>>>>>> va:86) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.hand
>>>>>>le
>>>>>> Re
>>>>>> qu
>>>>>> est(ServletSecurityRoleHandler.java:62)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
>>>>>>Se
>>>>>> rv
>>>>>> le
>>>>>> tDispatchingHandler.java:36)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.wildfly.extension.undertow.security.SecurityContextAssociationHan
>>>>>>dl
>>>>>> er
>>>>>> .h
>>>>>> andleRequest(SecurityContextAssociationHandler.java:78)
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>>an
>>>>>> dl
>>>>>> er
>>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.security.SSLInformationAssociationHandle
>>>>>>r.
>>>>>> ha
>>>>>> nd
>>>>>> leRequest(SSLInformationAssociationHandler.java:131)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.security.ServletAuthenticationCallHandle
>>>>>>r.
>>>>>> ha
>>>>>> nd
>>>>>> leRequest(ServletAuthenticationCallHandler.java:57)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>>an
>>>>>> dl
>>>>>> er
>>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.security.handlers.AbstractConfidentialityHandler.handleRe
>>>>>>qu
>>>>>> es
>>>>>> t(
>>>>>> AbstractConfidentialityHandler.java:46)
>>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.security.ServletConfidentialityConstrain
>>>>>>tH
>>>>>> an
>>>>>> dl
>>>>>> er.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.security.handlers.AuthenticationMechanismsHandler.handleR
>>>>>>eq
>>>>>> ue
>>>>>> st
>>>>>> (AuthenticationMechanismsHandler.java:58)
>>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandl
>>>>>>er
>>>>>> .h
>>>>>> an
>>>>>> dleRequest(CachedAuthenticatedSessionHandler.java:70)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.security.handlers.SecurityInitialHandler.handleRequest(Se
>>>>>>cu
>>>>>> ri
>>>>>> ty
>>>>>> InitialHandler.java:76) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>>an
>>>>>> dl
>>>>>> er
>>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.han
>>>>>>dl
>>>>>> eR
>>>>>> eq
>>>>>> uest(JACCContextIdHandler.java:61)
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>>an
>>>>>> dl
>>>>>> er
>>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateH
>>>>>>an
>>>>>> dl
>>>>>> er
>>>>>> .java:43) [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest
>>>>>>(S
>>>>>> er
>>>>>> vl
>>>>>> etInitialHandler.java:261)
>>>>>> [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Se
>>>>>>rv
>>>>>> le
>>>>>> tI
>>>>>> nitialHandler.java:248)
>>>>>>[undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletInitialHandler.access$000(Servlet
>>>>>>In
>>>>>> it
>>>>>> ia
>>>>>> lHandler.java:77) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Se
>>>>>>rv
>>>>>> le
>>>>>> tI
>>>>>> nitialHandler.java:167)
>>>>>>[undertow-servlet-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>> 
>>>>>>io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>> 
>>>>>>io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:7
>>>>>>61
>>>>>> )
>>>>>> [undertow-core-1.1.8.Final.jar:1.1.8.Final]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
>>>>>>ja
>>>>>> va
>>>>>> :1
>>>>>> 142) [rt.jar:1.8.0_25]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>>>>>>.j
>>>>>> av
>>>>>> a:
>>>>>> 617) [rt.jar:1.8.0_25]
>>>>>>     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
>>>>>> Caused by: org.apache.http.NoHttpResponseException:
>>>>>> search-testapi-....us-west-2.es.amazonaws.com:443 failed to respond
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default
>>>>>>Ht
>>>>>> tp
>>>>>> Re
>>>>>> sponseParser.java:143) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(Default
>>>>>>Ht
>>>>>> tp
>>>>>> Re
>>>>>> sponseParser.java:57) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessagePa
>>>>>>rs
>>>>>> er
>>>>>> .j
>>>>>> ava:261) [httpcore-4.4.1.jar:4.4.1]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHead
>>>>>>er
>>>>>> (D
>>>>>> ef
>>>>>> aultBHttpClientConnection.java:165) [httpcore-4.4.1.jar:4.4.1]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy
>>>>>>.j
>>>>>> av
>>>>>> a:
>>>>>> 167) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRe
>>>>>>qu
>>>>>> es
>>>>>> tE
>>>>>> xecutor.java:272) [httpcore-4.4.1.jar:4.4.1]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecu
>>>>>>to
>>>>>> r.
>>>>>> ja
>>>>>> va:124) [httpcore-4.4.1.jar:4.4.1]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
>>>>>>ja
>>>>>> va
>>>>>> :2
>>>>>> 71) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java
>>>>>>:1
>>>>>> 84
>>>>>> )
>>>>>> [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>>>>>> [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java
>>>>>>:1
>>>>>> 10
>>>>>> )
>>>>>> [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
>>>>>>Cl
>>>>>> ie
>>>>>> nt
>>>>>> .java:184) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>>>>Cl
>>>>>> ie
>>>>>> nt
>>>>>> .java:82) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>>>>Cl
>>>>>> ie
>>>>>> nt
>>>>>> .java:107) [httpclient-4.5.jar:4.5]
>>>>>>     at
>>>>>>
>>>>>> 
>>>>>>io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:5
>>>>>>0)
>>>>>> [jest-0.1.6.jar:]
>>>>>>     at
>>>>>>
>>>>>>
>>>>>> 
>>>>>>io.apiman.gateway.engine.es.ESClientFactory.initializeClient(ESClient
>>>>>>Fa
>>>>>> ct
>>>>>> or
>>>>>> y.java:193) [apiman-gateway-engine-es-1.1.9.Final.jar:]
>>>>>>     ... 39 more
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 12/8/15, 11:48 AM, "Eric Wittmann" <eric.wittmann at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> You definitely need to set the protocol to 'https', for the record.
>>>>>>> Beyond that I'm not quite sure.  Do you have a full stack trace or
>>>>>>> just
>>>>>>> that part of it?
>>>>>>>
>>>>>>> On 12/8/2015 11:19 AM, Paul Blair wrote:
>>>>>>>> Not quite sure what to make of this: I'm getting
>>>>>>>>
>>>>>>>>         org.apache.http.NoHttpResponseException:
>>>>>>>>[endpoint_URI]:443
>>>>>>>> failed
>>>>>>>> to respond
>>>>>>>>
>>>>>>>> But if I do:
>>>>>>>>
>>>>>>>> curl https://[endpont_URI]:443
>>>>>>>>
>>>>>>>> I get a response from Elasticsearch‹this is because I have the
>>>>>>>> Amazon
>>>>>>>> Elasticsearch instance permissioned to accept any connections from
>>>>>>>> the
>>>>>>>> IP address where apiman is running.
>>>>>>>>
>>>>>>>> The apiman configurations look like this:
>>>>>>>>
>>>>>>>> apiman.es.protocol=http
>>>>>>>> apiman.es.host=[endpoint_URI]
>>>>>>>> apiman.es.port=443
>>>>>>>> apiman.es.username=
>>>>>>>> apiman.es.password=
>>>>>>>>
>>>>>>>> Changing protocol from http to https doesn't appear to help, nor
>>>>>>>> does
>>>>>>>> removing the username and password properties entirely. Any
>>>>>>>> suggestions?
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Apiman-user mailing list
>>>>>>>> Apiman-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>>>
>>>>>>
>>>>
>>




More information about the Apiman-user mailing list