search

TheHive-Project / TheHiveDocs

Documentation of TheHive
https://docs.strangebee.com/
GNU Affero General Public License v3.0
393 stars 280 forks source link

Connecting thehive to the elasticsearch #163

Closed alonek1 closed 4 years ago

alonek1 commented 4 years ago

Hello,

I'm deploying thehive on kubernetes, and i use these deployment configs:

thehive deployments:


apiVersion: apps/v1 
kind: Deployment
metadata:
  annotations:
    kompose.cmd: /snap/kompose/1/./kompose-linux-amd64 convert
    kompose.version: 1.18.0 (06a2e56)
  creationTimestamp: null
  labels:
    app: thehive
  name: thehive
spec:
  replicas: 1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: thehive
    spec:
      containers:
      - args:
        - --cortex-port
        - "9001"
        - --es-hosts
        - '["10.233.70.169:9300"]'
        image: thehiveproject/thehive:latest
        name: thehive
        resources: 
          requests:
            memory: "10Gi"
            cpu: "700m"
          limits:
            memory: "10Gi"
            cpu: "700m"
        ports:
        - containerPort: 9000
          hostIP: 0.0.0.0
      restartPolicy: Always
  selector:
    matchLabels:
      app: thehive
status: {}

elasticsearch deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: elasticsearch
  labels:
    app: elasticsearch
    env: prd
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: elasticsearch
      cmp: elasticsearch-client
      env: prd
  template:
    metadata:
      labels:
        app: elasticsearch
        cmp: elasticsearch-client
        env: prd
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - topologyKey: "kubernetes.io/hostname"
              labelSelector:
                matchLabels:
                  app: elasticsearch
                  cmp: elasticsearch-client
                  env: prd
      containers:
      - name: elasticsearch
        image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.2"
        ports:
        - containerPort: 9200
        - containerPort: 9300
        imagePullPolicy: Always
        env:
        - name: http.host
          value: 0.0.0.0
        - name: script.inline
          value: "true"
        - name: thread_pool.bulk.queue_size
          value: "100000"
        - name: thread_pool.index.queue_size
          value: "100000"
        - name: thread_pool.search.queue_size
          value: "100000"
        - name: transport.host
          value: 0.0.0.0
        - name: xpack.security.enabled
          value: "false"
        - name: xpack.security.transport.ssl.enabled
          value: "false"
        resources:
          limits:
            cpu: "1000m"
            memory: 14Gi
          requests:
            cpu: "300m"
            memory: 8Gi

status: {}

every thing works fine but i get the following error when i want to login :

 org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [{#transport#-1}{RDNPxEpmQ5CX9USnndBdSA}{10.233.70.169}{10.233.70.169:9300}]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:347)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:245)
at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:366)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408)
at org.elasticsearch.client.support.AbstractClient$IndicesAdmin.execute(AbstractClient.java:1256)
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80)
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:54)
at com.sksamuel.elastic4s.admin.IndexAdminExecutables$IndexExistsDefinitionExecutable$.apply(IndexAdminExecutables.scala:53)
at com.sksamuel.elastic4s.admin.IndexAdminExecutables$IndexExistsDefinitionExecutable$.apply(IndexAdminExecutables.scala:50)

also there are two warning that i don't know if they are related or not:

[warn] o.e.c.t.TransportClientNodesService - node {#transport#-1}{RDNPxEpmQ5CX9USnndBdSA}{10.233.70.169}{10.233.70.169:9300} not part of the cluster Cluster [hive], ignoring...

[warn] p.a.m.DefaultJWTCookieDataCodec - decode: cookie has invalid signature! message = JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.

I checked things for multiple times, but every thing seems ok don't know the wrong part.

thanks.

alonek1 commented 4 years ago

The env variable (cluster.name=hive) was missing.