Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ElasticSearch configuration for keystore certs and keys not mapped correctly #9208

Closed
exalate-issue-sync bot opened this issue Aug 28, 2023 · 0 comments
Closed

ElasticSearch configuration for keystore certs and keys not mapped correctly #9208

exalate-issue-sync bot opened this issue Aug 28, 2023 · 0 comments
Labels
project: APIM type: bug

Comments

@exalate-issue-sync
Copy link

exalate-issue-sync bot commented Aug 28, 2023
edited

When using a self-signed certificate in the helm chart with the following configuration:

 set {
    name  = "es.ssl.keystore.type"
    value = var.graviteeio_es_ssl_keystore_type
  }
  set {
    name  = "es.ssl.keystore.certs"
    value = "{${var.graviteeio_es_ssl_keystore_cert_path}}"
  }

The generated configuration is the following:

analytics:
          type: elasticsearch
          elasticsearch:
            endpoints:
              - https://elasticdb-elasticsearch:9200
            index_mode: daily
            security:
              username: elastic
              password: xxxxxx
            ssl:
              keystore:
                type: pem
                certs: [/etc/ssl/certs/es.pem]
                keys: 
            index: graviteeio

And the error on startup is the following:

ERROR i.g.e.client.http.HttpClient - Unable to get a connection to Elasticsearch: Unable to read file at path: /opt/graviteeio-gateway
ERROR i.g.e.client.http.HttpClient - Unable to get a connection to Elasticsearch: Unable to read file at path: /opt/graviteeio-management-api

The issue preventing users from using their self-signed elastic instance is that SSL configuration doesn’t support list of certs/keys

If you use a valid list of certs/keys, Gravitee doesn’t start and only works with a String

This should work but doesn’t:

    ssl:        
      keystore:         type: pem
        certs: 
          - /path/to/crt.pem
        keys: 
          - /path/to/key.pem

This works but should not:

    ssl:        
      keystore:
        type: pem
        certs: /path/to/crt.pem
        keys: /path/to/key.pem
@exalate-issue-sync exalate-issue-sync bot changed the title Unable to connect to a self signed elasticsearch due to multiple issues ElasticSearch configuration for keystore certs and keys not mapped correctly Aug 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
project: APIM type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants