Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Elasticsearch trying to resolve YAML anchor #666

Closed
Callisto88 opened this issue Jan 21, 2020 · 3 comments
Closed

Elasticsearch trying to resolve YAML anchor #666

Callisto88 opened this issue Jan 21, 2020 · 3 comments

Comments

@Callisto88
Copy link

Callisto88 commented Jan 21, 2020
edited
Loading

Elasticsearch version

7.5.1

Role version: (If using master please specify github sha)

4fc17bd

JVM version (java -version):

# /usr/share/elasticsearch/jdk/bin/java -version
openjdk version "13.0.1" 2019-10-15
OpenJDK Runtime Environment AdoptOpenJDK (build 13.0.1+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 13.0.1+9, mixed mode, sharing)

OS version (uname -a if on a Unix-like system):

# lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 9.9 (stretch)
Release:	9.9
Codename:	stretch

Description of the problem including expected versus actual behaviour:

bootstrap.memory_lock: false
cluster.initial_master_nodes: &id001
- test-log-elasticsearch-1-1-node-1
- test-log-elasticsearch-1-1-node-2
- test-log-elasticsearch-1-1-node-3
- test-log-elasticsearch-1-1-node-4
- test-log-elasticsearch-1-1-node-5
- test-log-elasticsearch-1-1-node-6
cluster.name: test-es-01
discovery.seed_hosts: *id001

ES Logs if relevant:

[2020-01-21T16:34:56,112][WARN ][o.e.d.SeedHostsResolver  ] [test-log-elasticsearch-1-1-master-2] timed out after [5s] resolving host [id001]
[2020-01-21T16:35:01,114][WARN ][o.e.d.SeedHostsResolver  ] [test-log-elasticsearch-1-1-master-2] timed out after [5s] resolving host [id001]
@Callisto88
Copy link
Author

Found this post https://stackoverflow.com/a/51272986/12757079

@joostdecock
Copy link

joostdecock commented Jan 28, 2020
edited
Loading

It seems like YAML anchors aren't working at all (I'm running 7.5.2).

I tried the following config snippet:

xpack:
  security:
    enabled: true
    http:
      ssl:
        enabled: true
        keystore: &keystore
          path: /usr/share/elasticsearch/config/keystore.p12
          type: PKCS12
          password: ${ES_SECRET}
          key_password: ${ES_SECRET}
    transport:
      ssl:
        enabled: true
        verification_mode: certificate
        keystore: *keystore
        truststore:
          path: /usr/share/elasticsearch/config/truststore.p12
          type: PKCS12
          password: ${ES_SECRET}

Which gives me:

user.info journal: "stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [xpack.security.transport.ssl.keystore] did you mean any of [xpack.security.transport.ssl.keystore.path, xpack.security.transport.ssl.keystore.type, xpack.security.transport.ssl.key, xpack.security.transport.ssl.key_passphrase, xpack.security.transport.ssl.enabled, xpack.security.transport.ssl.keystore.password, xpack.security.transport.ssl.keystore.algorithm, xpack.security.transport.ssl.certificate, xpack.security.transport.ssl.truststore.path, xpack.security.transport.ssl.truststore.type, xpack.security.transport.ssl.keystore.key_password, xpack.security.transport.ssl.verification_mode, xpack.security.transport.ssl.truststore.password]?",

When it seems to me that, if the anchor is properly resolved, it should work just fine.
I even tried dumbing things down a bit, by only using anchors for the individual scalar values:

xpack:
  security:
    enabled: true
    http:
      ssl:
        enabled: true
        keystore: 
          path: &ks_path /usr/share/elasticsearch/config/keystore.p12
          type: &ks_type PKCS12
          password: &ks_pwd ${ES_SECRET}
          key_password: &ks_kpwd ${ES_SECRET}
    transport:
      ssl:
        enabled: true
        verification_mode: certificate
        keystore: 
          path: *ks_path
          type: *ks_type
          password: *ks_pwd
          key_password: *ks_kpwd
        truststore:
          path: /usr/share/elasticsearch/config/truststore.p12
          type: *ks_type
          password: *ks_pwd

But to no avail:

Jan 28 12:07:32 eicibll157 user.info journal: "Caused by: java.security.NoSuchAlgorithmException: ks_type KeyStore not available",

I think it's safe to assume that if you're using YAML for your configuration file, one is allowed to use YAML features such as anchors and aliases.

In practice, this does not seem to work. Whether this is expected or not is not clear to me?

@jmlrt
Copy link
Member

jmlrt commented Jan 31, 2020

Hi @Callisto88, thank you for reporting this.

YAML anchor support issue is directly related to Elasticsearch and is not specifc to this Ansible role.

This is tracked in elastic/elasticsearch#51652.

I'll close this and let you track progress on the Elasticsearch issue.

@jmlrt jmlrt closed this as completed Jan 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joostdecock @Callisto88 @jmlrt