python client cannot connect to Elasticsearch
瀏覽次數:1,384 次
跳到第一則未讀訊息
Robert Chen
2017年2月21日 下午5:27:342017/2/21
收件者:Search Guard
test.py is like below, when I run it, it is always ConnectionError. curl is ok. (all keys are generated with example.sh, ELK and searchguard is 5.1 version)
from elasticsearch import Elasticsearch, RequestsHttpConnection
import ssl
import ssl
# SSL client authentication using client_cert and client_key
es = Elasticsearch(
['10.8.8.246:9200'],
http_auth=('admin', 'admin'),
port=9200,
use_ssl=True,
ssl_version=ssl.PROTOCOL_TLSv1_2,
ca_certs='./ca/chain-ca.pem',
client_cert='./kirk.crtfull.pem.pem',
client_key='./kirk.key.pem'
)
['10.8.8.246:9200'],
http_auth=('admin', 'admin'),
port=9200,
use_ssl=True,
ssl_version=ssl.PROTOCOL_TLSv1_2,
ca_certs='./ca/chain-ca.pem',
client_cert='./kirk.crtfull.pem.pem',
client_key='./kirk.key.pem'
)
print(es.info())
[root@ip-10-8-8-246 example-pki-scripts]# python test.py
Traceback (most recent call last):
File "test.py", line 21, in <module>
print(es.info())
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 73, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/__init__.py", line 222, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_urllib3.py", line 123, in perform_request
raise ConnectionError('N/A', str(e), e)
elasticsearch.exceptions.ConnectionError: ConnectionError(('Connection failed.', CannotSendRequest())) caused by: ConnectionError(('Connection failed.', CannotSendRequest()))
Traceback (most recent call last):
File "test.py", line 21, in <module>
print(es.info())
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 73, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/__init__.py", line 222, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_urllib3.py", line 123, in perform_request
raise ConnectionError('N/A', str(e), e)
elasticsearch.exceptions.ConnectionError: ConnectionError(('Connection failed.', CannotSendRequest())) caused by: ConnectionError(('Connection failed.', CannotSendRequest()))
[root@ip-10-8-8-246 example-pki-scripts]# curl --insecure -E ./kirk-signed.pem --key ./kirk.key.pem https://10.8.8.246:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open mycompany-apache-2017.01.15 egQUvOtnT_O8jiEuz06Luw 5 1 4 0 80.4kb 40.2kb
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open mycompany-apache-2017.01.15 egQUvOtnT_O8jiEuz06Luw 5 1 4 0 80.4kb 40.2kb
SG
2017年2月22日 上午10:36:052017/2/22
收件者:search...@googlegroups.com
this is know to work: https://gist.github.com/floragunncom/9319a994ae09df64b2a173128f745ed2
Python (especially python 2) is a piece of .... regarding SSL/TLS support.
So we recommend python 3 and these packages:
pip3 requests
pip3 install cryptography
pip3 install pyopenssl ndg-httpsclient pyasn1
Then do a "urllib3.contrib.pyopenssl.inject_into_urllib3()" and it works like magic
see http://urllib3.readthedocs.io/en/latest/reference/urllib3.contrib.html
https://github.com/Yelp/elastalert/issues/605
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/98601f16-827c-4377-96e5-f599c696fd86%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Python (especially python 2) is a piece of .... regarding SSL/TLS support.
So we recommend python 3 and these packages:
pip3 requests
pip3 install cryptography
pip3 install pyopenssl ndg-httpsclient pyasn1
Then do a "urllib3.contrib.pyopenssl.inject_into_urllib3()" and it works like magic
see http://urllib3.readthedocs.io/en/latest/reference/urllib3.contrib.html
https://github.com/Yelp/elastalert/issues/605
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/98601f16-827c-4377-96e5-f599c696fd86%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
pixelrebel
2017年5月8日 晚上7:58:412017/5/8
收件者:Search Guard
Is there a workaround for users who are required to use python2?
pixelrebel
2017年5月12日 下午5:19:302017/5/12
收件者:Search Guard
I'm actually having a heck of a time trying to get the elasticsearch python module to work on a search-guarded cluster. I've tried both python2 and python3 without luck.
I can't get either http basic auth, nor peer certs to work. I can get both methods to work with curl and logstash, but not with the python module. I've tried the above suggested methods, but nothing seems to work. Is there a working example I can use?
I can't get either http basic auth, nor peer certs to work. I can get both methods to work with curl and logstash, but not with the python module. I've tried the above suggested methods, but nothing seems to work. Is there a working example I can use?
searchguard:
dynamic:
authc:
basic_internal_auth_domain:
enabled: true
order: 2
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
clientcert_auth_domain:
enabled: true
order: 1
http_authenticator:
type: clientcert
config:
username_attribute: cn #optional, if omitted DN becomes username
challenge: false
authentication_backend:
type: noop
ast...@fkinls.com
2017年5月19日 中午12:41:312017/5/19
收件者:Search Guard
bump
SG
2017年5月19日 下午3:14:012017/5/19
收件者:search...@googlegroups.com
maybe this helps:
https://gist.github.com/floragunncom/9319a994ae09df64b2a173128f745ed2
https://github.com/floragunncom/search-guard/issues/196
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/32614206-9dbe-4b13-b3b4-a43c14ec7aa9%40googlegroups.com.
https://gist.github.com/floragunncom/9319a994ae09df64b2a173128f745ed2
https://github.com/floragunncom/search-guard/issues/196
pixelrebel
2017年5月22日 中午12:40:592017/5/22
收件者:Search Guard
Is there an example for python2? Installing SG on my cluster broke my stackstorm pack. Stackstorm unfortunately only runs on python2.
pixelrebel
2017年5月22日 下午1:00:472017/5/22
收件者:Search Guard
Okay I actually have this working in python2! Thanks for those examples.
The crucial argument is `connection_class=RequestsHttpConnection` That seemed to kick the elasticsearch module in the butt.
Thanks!
The crucial argument is `connection_class=RequestsHttpConnection` That seemed to kick the elasticsearch module in the butt.
Thanks!
On Friday, May 19, 2017 at 12:14:01 PM UTC-7, Search Guard wrote:
回覆所有人
回覆作者
轉寄
0 則新訊息