search

elastic / logstash-filter-elastic_integration

The Elastic Integrations filter for Logstash, which enables running Elastic Integrations inside of Logstash pipelines
Other
5 stars 8 forks source link

[Bug]: Plugin Fails Preflight Check When Connecting to HTTPS with SSL Disabled #164

Open DumbBoi opened 6 days ago

DumbBoi commented 6 days ago

Plugin Version

logstash-filter-elastic_integration (0.1.13)

Logstash Version

8.15.2

Java Version

No response

Host Info

Linux f36f76d13a8f 5.15.0-122-generic #132~20.04.1-Ubuntu SMP Fri Aug 30 15:50:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

What happened?

The plugin works when connecting to Elasticsearch using HTTP or with a fully configured HTTPS SSL connection, but when I try to run it with ssl_verification_mode set to none for a HTTPS configured Elasticsearch, the pre-flight check fails with the following traceback (replacing internal uri with placeholders):

[2024-09-26T14:42:54,210][ERROR][co.elastic.logstash.filters.elasticintegration.PreflightCheck][events_pipeline] Exception checking serverless: Host name '<SERVICE NAME>' does not match the certificate subject provided by the peer (CN=<INTERNAL SERVICE NAME>, OU=<ORG NAME>)

[2024-09-26T14:42:54,214][ERROR][logstash.javapipeline    ][events_pipeline] Pipeline error {:pipeline_id=>"events_pipeline", :exception=>#<LogStash::ConfigurationError: Preflight check failed: Host name '<SERVICE NAME>' does not match the certificate subject provided by the peer (CN=<INTERNAL SERVICE NAME>, OU=<ORG NAME>)>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-filter-elastic_integration-0.1.13-java/lib/logstash/filters/elastic_integration.rb:302:in  raise_config_error!'", "/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-filter-elastic_integration-0.1.13-java/lib/logstash/filters/elastic_integration.rb:416:in  serverless?'", "/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-filter-elastic_integration-0.1.13-java/lib/logstash/filters/elastic_integration.rb:346:in  initialize_elasticsearch_rest_client!'", "/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-filter-elastic_integration-0.1.13-java/lib/logstash/filters/elastic_integration.rb:133:in  register'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:75:in  register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:237:in  block in register_plugins'", "org/jruby/RubyArray.java:1981:in  each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:236:in  register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:617:in  maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:249:in  start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:194:in  run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:146:in  block in start'"], "pipeline.sources"=>["/usr/share/logstash/pipeline/events_pipeline.conf"], :thread=>"#<Thread:0x24fbea93 /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}

[2024-09-26T14:42:54,216][INFO ][logstash.javapipeline    ][events_pipeline] Pipeline terminated {"pipeline.id"=>"events_pipeline"}

[2024-09-26T14:42:54,225][ERROR][logstash.agent           ] Failed to execute action {:id=>:events_pipeline, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<events_pipeline>, action_result: false", :backtrace=>nil}

[2024-09-26T14:42:54,279][INFO ][logstash.runner          ] Logstash shut down.

[2024-09-26T14:42:54,315][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit

My Elastic Ingestion configurations are:

filter {
    elastic_integration {
      hosts   => ["https://localhost:9200"]
      username => "elastic"
      password => "<PASSWORD>"
      pipeline_name => "%{[@metadata][pipeline]}"
      ssl_verification_mode => "none"
      ssl_enabled => true
  }
}

The Elasticsearch output plugin doesn't have any similar issues. It is connected to the same HTTPS Elasticsearch with SSL disabled:

  elasticsearch {
    hosts => "https://localhost:9200"
    manage_template => false
    ilm_policy => "datastream_ilm"
    index => "processed_data" 
    action => "create"
    user => "elastic"
    password => "<PASSWORD>"
    ssl_certificate_verification => false
  }

I would really like to get this to work. So far I can't find anything wrong in my configurations or anything relevant in the documentation.

yaauie commented 22 hours ago

I can confirm.

I have a spike PR that should resolve it -> https://github.com/elastic/logstash-filter-elastic_integration/pull/165