Open vklimovs opened 5 years ago
The same holds true to truststore:
elasticsearch {
hosts => ["https://elasticsearch-03"]
index => "radius-%{+YYYY-MM-dd}"
user => logstash_system
password => "PASSWORD"
ssl => true
ssl_certificate_verification => true
truststore => "/etc/logstash/config/certs/ca.p12"
truststore_password => ''
#template => "/usr/share/logstash/templates/logstash-radius.json"
#template_overwrite => true
#template_name => "logstash-radius"
}
Without truststore_password, I get the same error.
I ran into this today when troubleshooting a Logstash certificate connectivity issue.
I would propose the output plugin defaults to a keystore_password value of "changeit", which would match the default keystore password used by Java, the logstash dockerhub container, etc.
Logstash (7.2.0) with following configuration
input { beats { port => 5044 } }
output { elasticsearch { hosts => [ 'https://host:9200' ] keystore => '/etc/ssl/logstash/host.p12' cacert => '/etc/ssl/logstash/ca.crt' } }
Fails to start with following errors:
[ERROR] 2019-09-02 22:00:56.754 [[main]-pipeline-manager] javapipeline - Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<NoMethodError: undefined method"}
[ERROR] 2019-09-02 22:00:56.764 [Converge PipelineAction::Create] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
toCharArray' for nil:NilClass>, :backtrace=>["/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:692:in
block in get_store'", "org/jruby/RubyKernel.java:1885:intap'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:690:in
get_store'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:647:insetup_key_store'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:622:in
ssl_socket_factory_from_options'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:397:inpool_builder'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:405:in
pool'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:209:ininitialize'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:26:in
initialize'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:282:inbuild_adapter'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:286:in
build_pool'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:ininitialize'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:in
create_http_client'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:inbuild'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch.rb:238:in
build_client'", "/opt/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:25:inregister'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:106:in
register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:48:inregister'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:192:in
block in register_plugins'", "org/jruby/RubyArray.java:1792:ineach'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:191:in
register_plugins'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:462:inmaybe_setup_out_plugins'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:204:in
start_workers'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:146:inrun'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:105:in
block in start'"], :thread=>"#adding
keystore_password => ''
to configuration allows Logstash to start successfully.
Logstash should assume that if no password is specified it's an empty password.