search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.16k stars 911 forks source link

Search engine seems down error on VM #7948

Closed AyushTripathi07 closed 4 weeks ago

AyushTripathi07 commented 1 month ago

Description

Facing this error during the manual setup and with Docker setup as well . Working on VM (linux)

{"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500},"message":"Search engine seems down","name":"CONFIGURATION_ERROR","stack":"CONFIGURATION_ERROR: Search engine seems down\n at error (/home/ayush/new-opencti/opencti/build/src/config/errors.js:8:10)\n at ConfigurationError (/home/ayush/new-opencti/opencti/build/src/config/errors.js:76:53)\n at /home/ayush/new-opencti/opencti/build/src/database/engine.js:240:15\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at searchEngineVersion (/home/ayush/new-opencti/opencti/build/src/database/engine.js:236:22)\n at searchEngineInit (/home/ayush/new-opencti/opencti/build/src/database/engine.js:322:27)\n at checkSystemDependencies (/home/ayush/new-opencti/opencti/build/src/initialization.js:32:3)\n at platformStart (/home/ayush/new-opencti/opencti/build/src/boot.js:14:7)"},{"message":"connect ECONNREFUSED 127.0.0.1:9200","name":"ConnectionError","stack":"ConnectionError: connect ECONNREFUSED 127.0.0.1:9200\n at ClientRequest.onError (/home/ayush/new-opencti/opencti/build/node_modules/@opensearch-project/opensearch/lib/Connection.js:129:16)\n at ClientRequest.emit (node:events:519:28)\n at Socket.socketErrorListener (node:_http_client:500:9)\n at Socket.emit (node:events:519:28)\n at emitErrorNT (node:internal/streams/destroy:169:8)\n at emitErrorCloseNT (node:internal/streams/destroy:128:3)\n at processTicksAndRejections (node:internal/process/task_queues:82:21)"}],"level":"error","message":"Search engine seems down","source":"backend","timestamp":"2024-08-02T22:11:01.782Z","version":"6.2.11"}

Environment

  1. OS : { Ubuntu Server 22.04 LTS - x64 Gen2 Azure VM}
  2. OpenCTI version: OpenCTI 6.2.11
  3. Other environment details: Size : Standard B2ms vCPUs : 2 RAM : 8 GiB

Reproducible Steps

Steps to create the smallest reproducible scenario: : Manual Installation Once Node.js is setup, you can build and run with (from inside opencti folder): yarn install yarn build yarn serv (after yarn serv)

Expected Output

Application should start ruuning

Actual Output

ayush@opencti-dev:~/new-opencti/opencti$ yarn serv {"category":"APP","environment":"production","level":"info","message":"[OPENCTI] Starting platform","source":"backend","timestamp":"2024-08-02T22:11:01.750Z","version":"6.2.11"} {"category":"APP","level":"info","message":"[OPENCTI] Checking dependencies statuses","source":"backend","timestamp":"2024-08-02T22:11:01.752Z","version":"6.2.11"} {"category":"APP","level":"info","message":"[CHECK] checking if Search engine is alive","source":"backend","timestamp":"2024-08-02T22:11:01.752Z","version":"6.2.11"} {"category":"APP","level":"info","message":"[SEARCH] Engine client not specified, trying to discover it with opensearch client","source":"backend","timestamp":"2024-08-02T22:11:01.761Z","version":"6.2.11"} {"category":"APP","cause":{"_error":{},"_showLocations":false,"_showPath":false,"data":{"cause":{"meta":{"body":null,"headers":null,"meta":{"aborted":false,"attempts":3,"connection":{"_openRequests":0,"deadCount":4,"headers":{},"id":"http://localhost:9200/","resurrectTimeout":1722637141779,"roles":{"data":true,"ingest":true},"status":"dead","url":"http://localhost:9200/"},"context":null,"name":"opensearch-js","request":{"id":1,"options":{},"params":{"body":null,"headers":{"user-agent":"opensearch-js/2.11.0 (linux 6.5.0-1025-azure-x64; Node.js v20.16.0)"},"method":"GET","path":"/","querystring":"","timeout":30000}}},"statusCode":null},"name":"ConnectionError"},"genre":"TECHNICAL","http_status":500},"internalData":{},"name":"CONFIGURATION_ERROR","time_thrown":"2024-08-02T22:11:01.779Z"},"level":"error","message":"[OPENCTI] System dependencies check failed","source":"backend","timestamp":"2024-08-02T22:11:01.779Z","version":"6.2.11"} {"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500},"message":"Search engine seems down","name":"CONFIGURATION_ERROR","stack":"CONFIGURATION_ERROR: Search engine seems down\n at error (/home/ayush/new-opencti/opencti/build/src/config/errors.js:8:10)\n at ConfigurationError (/home/ayush/new-opencti/opencti/build/src/config/errors.js:76:53)\n at /home/ayush/new-opencti/opencti/build/src/database/engine.js:240:15\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at searchEngineVersion (/home/ayush/new-opencti/opencti/build/src/database/engine.js:236:22)\n at searchEngineInit (/home/ayush/new-opencti/opencti/build/src/database/engine.js:322:27)\n at checkSystemDependencies (/home/ayush/new-opencti/opencti/build/src/initialization.js:32:3)\n at platformStart (/home/ayush/new-opencti/opencti/build/src/boot.js:14:7)"},{"message":"connect ECONNREFUSED 127.0.0.1:9200","name":"ConnectionError","stack":"ConnectionError: connect ECONNREFUSED 127.0.0.1:9200\n at ClientRequest.onError (/home/ayush/new-opencti/opencti/build/node_modules/@opensearch-project/opensearch/lib/Connection.js:129:16)\n at ClientRequest.emit (node:events:519:28)\n at Socket.socketErrorListener (node:_http_client:500:9)\n at Socket.emit (node:events:519:28)\n at emitErrorNT (node:internal/streams/destroy:169:8)\n at emitErrorCloseNT (node:internal/streams/destroy:128:3)\n at processTicksAndRejections (node:internal/process/task_queues:82:21)"}],"level":"error","message":"Search engine seems down","source":"backend","timestamp":"2024-08-02T22:11:01.782Z","version":"6.2.11"}

Additional information

Facing same issue with Docker deployment as well .

romain-filigran commented 1 month ago

Hello @AyushTripathi07 . It seems that the elasticsearch container is not started. Can you have a look at the elasticsearch container logs ?

AyushTripathi07 commented 1 month ago

Hello @AyushTripathi07 . It seems that the elasticsearch container is not started. Can you have a look at the elasticsearch container logs ?

logs: ElasticSearch

elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:22.760Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:22.761Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:23.061Z", "log.level": "INFO", "message":"publish_address {172.18.0.5:9300}, bound_addresses {[::]:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:27.582Z", "log.level": "WARN", "message":"max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.13/_maximum_map_count_check.html]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:27.591Z", "log.level": "INFO", "message":"this node is locked into cluster UUID [cGPz_J3rQSylp4niF1JpmQ] and will not attempt further cluster bootstrapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.ClusterBootstrapService","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:27.787Z", "log.level": "INFO", "message":"elected-as-master ([1] nodes joined in term 2)[_FINISHELECTION, {cd0ddf7d1a25}{VBKfQ7Q4QWaYMQ1eFDtf0A}{0IHbbaeRTQGcLPQih03U_w}{cd0ddf7d1a25}{172.18.0.5}{172.18.0.5:9300}{cdfhilmrstw}{8.13.4}{7000099-8503000} completing election], term: 2, version: 133, delta: master node changed {previous [], current [{cd0ddf7d1a25}{VBKfQ7Q4QWaYMQ1eFDtf0A}{0IHbbaeRTQGcLPQih03U_w}{cd0ddf7d1a25}{172.18.0.5}{172.18.0.5:9300}{cdfhilmrstw}{8.13.4}{7000099-8503000}]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[cd0ddf7d1a25][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"} elasticsearch_1 | {"@timestamp":"2024-08-05T09:27:27.946Z", "log.level": "INFO", "message":"master node changed {previous [], current [{cd0ddf7d1a25}{VBKfQ7Q4QWaYMQ1eFDtf0A}{0IHbbaeRTQGcLPQih03U_w}{cd0ddf7d1a25}{172.18.0.5}{172.18.0.5:9300}{cdfhilmrstw}{8.13.4}{7000099-8503000}]}, term: 2, version: 133, reason: Publication{term=2, version=133}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[cd0ddf7d1a25][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"cd0ddf7d1a25","elasticsearch.cluster.name":"docker-cluster"}

Workers :

worker_1 | {"timestamp": "2024-08-05T09:27:35.550540Z", "level": "ERROR", "name": "api", "message": "HTTPConnectionPool(host='opencti', port=8080): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b26d5ac7bc0>: Failed to establish a new connection: [Errno 111] Connection refused'))", "exc_info": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connection.py\", line 196, in _new_conn\n sock = connection.create_connection(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py\", line 85, in create_connection\n raise err\n File \"/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py\", line 73, in create_connection\n sock.connect(sa)\nConnectionRefusedError: [Errno 111] Connection refused\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py\", line 789, in urlopen\n response = self._make_request(\n ^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py\", line 495, in _make_request\n conn.request(\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connection.py\", line 398, in request\n self.endheaders()\n File \"/usr/local/lib/python3.12/http/client.py\", line 1331, in endheaders\n self._send_output(message_body, encode_chunked=encode_chunked)\n File \"/usr/local/lib/python3.12/http/client.py\", line 1091, in _send_output\n self.send(msg)\n File \"/usr/local/lib/python3.12/http/client.py\", line 1035, in send\n self.connect()\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connection.py\", line 236, in connect\n self.sock = self._new_conn()\n ^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connection.py\", line 211, in _new_conn\n raise NewConnectionError(\nurllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7b26d5ac7bc0>: Failed to establish a new connection: [Errno 111] Connection refused\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/requests/adapters.py\", line 667, in send\n resp = conn.urlopen(\n ^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py\", line 843, in urlopen\n retries = retries.increment(\n ^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py\", line 519, in increment\n raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nurllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='opencti', port=8080): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b26d5ac7bc0>: Failed to establish a new connection: [Errno 111] Connection refused'))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/pycti/api/opencti_api_client.py\", line 403, in health_check\n test = self.query(\n ^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/pycti/api/opencti_api_client.py\", line 336, in query\n r = self.session.post(\n ^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/requests/sessions.py\", line 637, in post\n return self.request(\"POST\", url, data=data, json=json, kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/requests/sessions.py\", line 589, in request\n resp = self.send(prep, send_kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/requests/sessions.py\", line 703, in send\n r = adapter.send(request, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/requests/adapters.py\", line 700, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPConnectionPool(host='opencti', port=8080): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b26d5ac7bc0>: Failed to establish a new connection: [Errno 111] Connection refused'))", "taskName": null} worker_1 | Traceback (most recent call last): worker_1 | File "/opt/opencti-worker/worker.py", line 466, in worker_1 | worker = Worker() worker_1 | ^^^^^^^^ worker_1 | File "", line 6, in init worker_1 | File "/opt/opencti-worker/worker.py", line 385, in post_init__ worker_1 | self.api = OpenCTIApiClient( worker_1 | ^^^^^^^^^^^^^^^^^ worker_1 | File "/usr/local/lib/python3.12/site-packages/pycti/api/opencti_api_client.py", line 203, in init__ worker_1 | raise ValueError( worker_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... worker_3 | self.api = OpenCTIApiClient( worker_3 | ^^^^^^^^^^^^^^^^^ worker_3 | File "/usr/local/lib/python3.12/site-packages/pycti/api/opencti_api_client.py", line 203, in init worker_3 | raise ValueError( worker_3 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

manual installation Log error :

root@opencti:/home/ayush/opencti-test/opencti/logs# cat error.log.2024-08-01 {"category":"APP","cause":{"_error":{},"_showLocations":false,"_showPath":false,"data":{"cause":{"meta":{"body":null,"headers":null,"meta":{"aborted":false,"attempts":3,"connection":{"_openRequests":0,"deadCount":4,"headers":{},"id":"http://localhost:9200/","resurrectTimeout":1722504400051,"roles":{"data":true,"ingest":true},"status":"dead","url":"http://localhost:9200/"},"context":null,"name":"opensearch-js","request":{"id":1,"options":{},"params":{"body":null,"headers":{"user-agent":"opensearch-js/2.8.0 (linux 6.5.0-1024-azure-x64; Node.js v20.11.1)"},"method":"GET","path":"/","querystring":"","timeout":30000}}},"statusCode":null},"name":"ConnectionError"},"genre":"TECHNICAL","http_status":500},"internalData":{},"name":"CONFIGURATION_ERROR","time_thrown":"2024-08-01T09:18:40.051Z"},"level":"error","message":"[OPENCTI] System dependencies check failed","source":"backend","timestamp":"2024-08-01T09:18:40.051Z","version":"6.2.6"} {"category":"APP","cause":{"_error":{},"_showLocations":false,"_showPath":false,"data":{"cause":{"meta":{"body":null,"headers":null,"meta":{"aborted":false,"attempts":3,"connection":{"_openRequests":0,"deadCount":4,"headers":{},"id":"http://localhost:9200/","resurrectTimeout":1722504631093,"roles":{"data":true,"ingest":true},"status":"dead","url":"http://localhost:9200/"},"context":null,"name":"opensearch-js","request":{"id":1,"options":{},"params":{"body":null,"headers":{"user-agent":"opensearch-js/2.8.0 (linux 6.5.0-1024-azure-x64; Node.js v20.11.1)"},"method":"GET","path":"/","querystring":"","timeout":30000}}},"statusCode":null},"name":"ConnectionError"},"genre":"TECHNICAL","http_status":500},"internalData":{},"name":"CONFIGURATION_ERROR","time_thrown":"2024-08-01T09:22:31.093Z"},"level":"error","message":"[OPENCTI] System dependencies check failed","source":"backend","timestamp":"2024-08-01T09:22:31.094Z","version":"6.2.6"}