-
Notifications
You must be signed in to change notification settings - Fork 161
Azure extension for Elasticsearch install is failing #389
Comments
I've been hitting the same problem since last week. The following is the output in /var/logs/elasticsearch/elasticsearch.log:
Comparing /etc/elasticsearch/elasticsearch.yml to a known good version shows the certificate information missing:
Known good version:
The certificates look to exist in /etc/elasticsearch/ssl but the config isn't pointing to them. Sure, I can edit the yml manually, but the rest of the bootstrap script will not have run after the nodes came online, so I'd rather the issue was fixed. ASAP, if possible, as this is holding up some customer deployments for us. |
We ultimately decided to go with AWS managed Elasticsearch offering. We were looking to spin something up rather quickly and the azure solution seems to require a great deal of customization and troubleshooting. |
Having dug into this deeper, I found that the .p12 certificates hadn't actually been generated and elasticsearch-certutil was failing silently with the following exception: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede ...which relates to a new issue in Open JDK (Oracle). As the desired state for the ARM template gets the latest version of Open JDK, the issue is apparent on pretty much any version of the ARM template. https://bugs.openjdk.java.net/browse/JDK-8266261 I'm assuming we cannot specify the Open JDK version to install when provisioning... Can the template be updated to target a specific Open JDK version? |
FWIW, I need to target Elasticsearch 6.8.x and therefore cannot use the bundled JDK (which may not exhibit the issue):
|
Thanks for opening @ColeSiegelTR, and for the additional details and investigation @mal-clue. My apologies that it has taken some time to respond. We'll need to investigate to see what we can do to mitigate this. |
Thanks @russcam - this is still very much an issue for us and we are having to work around our deployments. |
@russcam is there any progress on this? This is very much still a huge issue for us. Thanks. |
@mal-clue I no longer work on this project; I'll see if there is someone who can take a look at this. |
@mal-clue could you figure out something? We are hitting this error as well. |
@mikepetridisz Our horrible workaround involves deploying without using HTTPS for the transport (9300) or HTTP (9200). That means that elasticsearch-certutil isn't involved as it isn't required and that is what is ultimately causing the issue. We're also investigating whether we can perform a set of post-deploy steps using Azure CLI to:
elasticsearch-certutil appears to work fine when running under OpenJDK9. Essentially, we're hacking our way around this. We could possibly fork the repo and update the scripts ourselves although I'm not sure how much effort is involved in that. @russcam I'm a little concerned over the lack of support for this - is this on Elasticsearch's radar? Is this project now dead? |
I'm using ARM templates to deploy and have got my master node VMs deployed. However when I attempt to run the elasticsearch install script, I am getting error code 10 (https://raw.githubusercontent.com/elastic/azure-marketplace/master/src/scripts/elasticsearch-install.sh) using version 7.11.1
Any suggestions on how to troubleshoot this? I've seen a bunch of closed issues regarding this error stating that it was fixed but I am not sure if the root cause was the same.
The command executed by VM and result is below.
The text was updated successfully, but these errors were encountered: