ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration

[kabutosan]

I see from logs that workers and connectors are returning always ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration. The platform is up and running but OpenCTI API is not reachable.

I tried to change to the latest - to align the versions and add the networks (now commented), but nothing. I also tried to connect Alienvault.... with the same result.

worker_1 | INFO:pycti.entities:Listing Threat-Actors with filters null. worker_1 | Traceback (most recent call last): worker_1 | File "/opt/opencti-worker/worker.py", line 522, in worker_1 | worker = Worker() worker_1 | File "", line 6, in init worker_1 | File "/opt/opencti-worker/worker.py", line 430, in post_init worker_1 | self.api = OpenCTIApiClient( worker_1 | File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 197, in init__ worker_1 | raise ValueError( worker_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... worker_1 | INFO:pycti.entities:Listing Threat-Actors with filters null. worker_1 | Traceback (most recent call last): worker_1 | File "/opt/opencti-worker/worker.py", line 522, in worker_1 | worker = Worker() worker_1 | File "", line 6, in init worker_1 | File "/opt/opencti-worker/worker.py", line 430, in __post_init worker_1 | self.api = OpenCTIApiClient( worker_1 | File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 197, in init worker_1 | raise ValueError( worker_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

connector-import-file-stix_1 | Error: unable to import required numpy module. connector-import-document_1 | {"timestamp": "2023-03-03T20:08:33.716687Z", "level": "INFO", "name": "pycti.entities", "message": "Listing Threat-Actors with filters null."} opencti-docker_worker_1 exited with code 1 connector-import-document_1 | Traceback (most recent call last): connector-import-document_1 | File "/opt/opencti-connector-import-document/main.py", line 7, in connector-import-document_1 | connector = ReportImporter() connector-import-document_1 | File "/opt/opencti-connector-import-document/reportimporter/core.py", line 39, in init connector-import-document_1 | self.helper = OpenCTIConnectorHelper(config) connector-import-document_1 | File "/usr/local/lib/python3.10/site-packages/pycti/connector/opencti_connector_helper.py", line 590, in init connector-import-document_1 | self.api = OpenCTIApiClient( connector-import-document_1 | File "/usr/local/lib/python3.10/site-packages/pycti/api/opencti_api_client.py", line 197, in init connector-import-document_1 | raise ValueError( connector-import-document_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... connector-import-document_1 | Terminated

Environment

1. OS Ubuntu 22
2. OpenCTI version:latest
3. OpenCTI client: latest
4. Other environment details:

version: '3' services: redis: image: redis:7.0.8 restart: always volumes:

• redisdata:/data elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.6.1 volumes:
• esdata:/usr/share/elasticsearch/data environment:

  Comment out the line below for single-node

• discovery.type=single-node

  Uncomment line below below for a cluster of multiple nodes

  - cluster.name=docker-cluster

• xpack.ml.enabled=false
• xpack.security.enabled=false
• "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}" restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 minio: image: minio/minio:RELEASE.2023-01-31T02-24-19Z volumes:
• s3data:/data ports:
• "9000:9000" environment: MINIO_ROOT_USER: ${MINIO_ROOT_USER} MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
  command: server /data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 restart: always rabbitmq: image: rabbitmq:3.11-management environment:
• RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
• RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} volumes:
• amqpdata:/var/lib/rabbitmq restart: always opencti: image: opencti/platform:latest environment:
• NODE_OPTIONS=--max-old-space-size=8096
• APP__PORT=8080
• APP__BASE_URL=${OPENCTI_BASE_URL}
• APPADMINEMAIL=${OPENCTI_ADMIN_EMAIL}
• APPADMINPASSWORD=${OPENCTI_ADMIN_PASSWORD}
• APPADMINTOKEN=${OPENCTI_ADMIN_TOKEN}
• APP__APP_LOGS__LOGS_LEVEL=error
• REDIS__HOSTNAME=redis
• REDIS__PORT=6379
• ELASTICSEARCH__URL=http://elasticsearch:9200
• MINIO__ENDPOINT=minio
• MINIO__PORT=9000
• MINIO__USE_SSL=false
• MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
• MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
• RABBITMQ__HOSTNAME=rabbitmq
• RABBITMQ__PORT=5672
• RABBITMQ__PORT_MANAGEMENT=15672
• RABBITMQ__MANAGEMENT_SSL=false
• RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
• RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
• SMTP__HOSTNAME=${SMTP_HOSTNAME}
• SMTP__PORT=25
• PROVIDERSLOCALSTRATEGY=LocalStrategy ports:
• "8080:8080" depends_on:
• redis
• elasticsearch
• minio
• rabbitmq restart: always worker: image: opencti/worker:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• WORKER_LOG_LEVEL=info depends_on:
• opencti deploy: mode: replicated replicas: 3 restart: always connector-export-file-stix: image: opencti/connector-export-file-stix:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileStix2
• CONNECTOR_SCOPE=application/json
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-export-file-csv: image: opencti/connector-export-file-csv:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileCsv
• CONNECTOR_SCOPE=text/csv
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-export-file-txt: image: opencti/connector-export-file-txt:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_TXT_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileTxt
• CONNECTOR_SCOPE=text/plain
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-import-file-stix: image: opencti/connector-import-file-stix:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_STIX_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
• CONNECTOR_NAME=ImportFileStix
• CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
• CONNECTOR_SCOPE=application/json,text/xml
• CONNECTOR_AUTO=true # Enable/disable auto-import of file
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-import-document: image: opencti/connector-import-document:latest environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_IMPORT_DOCUMENT_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
• CONNECTOR_NAME=ImportDocument
• CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
• CONNECTOR_SCOPE=application/pdf,text/plain,text/html
• CONNECTOR_AUTO=true # Enable/disable auto-import of file
• CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info
• IMPORT_DOCUMENT_CREATE_INDICATOR=true restart: always depends_on:
• opencti

  networks:

  - opencti-docker_default

  networks:

  opencti-docker_default:

  external: true

  volumes: esdata: s3data: redisdata: amqpdata:

Any insights?

[CyberKaizen]

Check the debug logs for your Elasticsearch

[kabutosan]

I'm running everything in a docker... and elastic is up and running with no errors... what should I look?

Alienvault connector has the same behavior;

connector-alienvault_1 | {"timestamp": "2023-03-04T16:41:01.790074Z", "level": "INFO", "name": "pycti.entities", "message": "Listing Threat-Actors with filters null."} connector-alienvault_1 | Traceback (most recent call last): connector-alienvault_1 | File "/opt/opencti-connector-alienvault/main.py", line 7, in connector-alienvault_1 | connector = AlienVault() connector-alienvault_1 | File "/opt/opencti-connector-alienvault/alienvault/core.py", line 161, in init connector-alienvault_1 | self.helper = OpenCTIConnectorHelper(config) connector-alienvault_1 | File "/usr/local/lib/python3.10/site-packages/pycti/connector/opencti_connector_helper.py", line 590, in init connector-alienvault_1 | self.api = OpenCTIApiClient( connector-alienvault_1 | File "/usr/local/lib/python3.10/site-packages/pycti/api/opencti_api_client.py", line 197, in init connector-alienvault_1 | raise ValueError( connector-alienvault_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... connector-alienvault_1 | Terminated

[kabutosan]

Guys.. any help here is really appreciated! Thanks!!!

[CyberKaizen]

• How much memory did you give ElasticSearch? I would like to see your env file.

Changing your docker compose file for troubleshooting (When you are staging or troubleshooting OpenCTI i recommend these stay on until production):

• For the service, "worker" change logging to debug (- WORKER_LOG_LEVEL=debug)
• For the service, "opencti:" change logging to debug (- APP__APP_LOGS__LOGS_LEVEL=debug)

What are the logs for the services saying?

I can see that you are using Docker Swarm. Which can get complex networking wise unless you have experience of managing basic docker.

[kabutosan]

I allocated 16GB to Elasticsearch

ENV file: OPENCTI_ADMIN_EMAIL=admin@mail.com OPENCTI_ADMIN_PASSWORD=changeme OPENCTI_ADMIN_TOKEN=f8d677a4-3b5c-4668-b694-191fc4fcc06b OPENCTI_BASE_URL=http://localhost:8080 MINIO_ROOT_USER=361d71dc-e236-476c-a87a-5c345ed8621b MINIO_ROOT_PASSWORD=2c16ec2b-6e6c-429e-bd01-51a2d069382c RABBITMQ_DEFAULT_USER=5b8f2e1f-bac9-4989-b2c1-8a8710e5d09f RABBITMQ_DEFAULT_PASS=aecf0acf-07e3-47b5-a2bf-5d112134a614 CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6 CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7 CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0 SMTP_HOSTNAME=localhost ELASTIC_MEMORY_SIZE=16G

For the service, "opencti:" I see the OpenCTI API ready on 8080. No other errors.

Log attached here: opencti.log

worker.log

[rocheston]

I have the same error when using dockers

[Jpsanchezasmalljob]

me to

[SamuelHassine]

Hello,

This error is just telling you that the connector is not able to reach the OpenCTI API.

Are you able to access to the UI? Are you sure tokens are matching?

Don't hesitate to join the Slack channel for further assistance.

Kind regards, Samuel

[dominictory]

Was this ever resolved? I get the same issue. I have the AlienVault connector in the same docker-compose file as everything else, I can access the UI and the token is correctly set. It keeps going (using Portainer) from created, to running, to failed, and repeats. I can see it being assigned to the same network as everything else but it just fails due to the API connection error.

[Maleick]

I am having the same issue as well.

[CreativeASAP]

I am having the same issue as well.