search

geonetwork / core-geonetwork

GeoNetwork is a catalog application to manage spatially referenced resources. It provides powerful metadata editing and search functions as well as an interactive web map viewer. It is currently used in numerous Spatial Data Infrastructure initiatives across the world.
http://geonetwork-opensource.org/
GNU General Public License v2.0
428 stars 489 forks source link

Elasticsearch not connecting to geonetwork. Some kind of security problem #7741

Closed smrgeoinfo closed 8 months ago

smrgeoinfo commented 9 months ago

Describe the bug Build geonetwork from source. (separate issue... have to manually copy https://mvnrepository.com/artifact/org.geotools.jdbc/gt-jdbc-postgis)» 30.0 and [https://mvnrepository.com/artifact/org.geotools/gt-gml-geometry-streaming) » 30.0 into my maven .m2 because maven couldn't access 0some kind of certificate problem.) Anyway got 4.4.3 snapshot build from a local fork for core-geonetwork sync'd with main. Have installed and gotten Elastic Search 8.11.3 working with Kibana 8.11.3. had to generate and copy xpack.encryptedSavedObjects.encryptionKey, xpack.reporting.encryptionKey, and xpack.security.encryptionKey into kibana.yml, and set xpack.security.enabled: true and xpack.security.enrollment.enabled: true in ElasticSearch.yml. That seemed to get kibana workign with Elastic. Copy geonetwork.war from target dir in core-geonetwork to tomcat9.0.85 webApps folder. In Chrome clear browsing history. start tomcat, after awhile its running. Stop tomcat, put in the elastic search user and password, change protocol to https (tried http first, didn't work). in Geonetowrk, when I search or got to 'search page' get message "Query returned an error. Check the console for details."

run admin/status in geonetwork, says 'remote index OK'; 'Records in index/db = 6/23' That's odd, Kibana only see 6 records.

in the tomcat console I do see this 

2024-02-11T20:04:48,818 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor] - Read "application/json;charset=UTF-8" to ["{"from":0,"size":30,"sort":["_score"],"query":{"function_score":{"boost":"5","functions":[{"filter": (truncated)..."]
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

and in the elastic console this: [2024-02-11T13:20:03,562][WARN ][o.e.h.n.Netty4HttpServerTransport] [EMERALD] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:61335}

To Reproduce Steps to reproduce the behavior:

  1. start elasticsearch, start kibana, start tomcat (tomcat loads geonetwork from webapps)
  2. open https://localhost:9200 in browser, have to log in with ES username and passdword; get expected response from elastic search
  3. open localhost:5601 in browser, get "regular kibana page, can look at indexes"
  4. open localhost:8080/geonetwork, app opens with message "Query returned an error. Check the console for details."

What am I missing?

fxprunayre commented 9 months ago

Have installed and gotten Elastic Search 8.11.3

Elasticsearch 8 support is planned for next 4.4.3 release. See https://github.com/geonetwork/core-geonetwork/pull/7599 and https://docs.geonetwork-opensource.org/4.2/install-guide/installing-index/#elasticsearch-compatibility

smrgeoinfo commented 9 months ago

Thanks for the heads up, I was looking at https://docs.geonetwork-opensource.org/latest/install-guide/installing-index/ for 4.4.2 where it says Elasticsearch compatibility Elasticsearch Version Compatibility Elasticsearch 7.15.x minimum Elasticsearch 8.11.3 tested

and the instructions for installation start... Download: Elasticsearch 8.x

I figured tested mean that it works....

smrgeoinfo commented 9 months ago

the pom.xml in core-geonetwork repo also has 8.11.3</es.version>

smrgeoinfo commented 9 months ago

OK, got something working, here's the workflow:

checkout 4.2.x core-geonetwork branch in core-geonetwork: es>mvn install -Pes-download installs es 7.17.15 get kibana 7.17.15

update ES_JAVA_HOME to point to the one in core-geonetwork\es\elasticsearch-7.17.15\jdk run elasticsearch to get user names, passwords, follow guide for es security setup: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html Got the es passwords, autogenerated

Set up Kibana login... in kibana.yml 

elasticsearch.username: "kibana_system"

then run this to create keystore

kibana.../bin> .\kibana-keystore create
kibana.../bin> .\kibana-keystore add elasticsearch.password

Side track: try core-geonetwork>mvn clean install -DskipTests from the 4.2.x branch. It fails:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project
 gn-common: Compilation failure: Compilation failure:
[ERROR] /C:/Users/smrTu/OneDrive/Documents/GithubC/geonetwork/core-geonetwork/common/src/main/java/org/fao/geonet/utils/Xml.java:[65,22] package javax.xml.bind does not exist

try downloading https://github.com/geonetwork/core-geonetwork/archive/refs/tags/4.4.2.zip unzip to a directory go to core-geonetwork there, run core-geonetwork>mvn clean install -DskipTests It fails similarly, but later in the build sequence at 'package com.amazonaws does not exist'

so... try checkout core-geonetwork/main put the elasticsearch passwords (es.username, es.password, lines 1560-61) in core-geonetwork/pom.xml core-geonetwork>mvn clean install -DskipTests
BUILD SUCCEEDS!!! Copy geonetwork.war from core-geonetwork/web/target to tomcat9.0.85/webapps, restart tomcat, wait awhile, try localhost:8080/geonetwork, and things seem to be working. Says "Powered by GeoNetwork 4.4.3.SNAPSHOT" down in the lower left corner. Only 3 days of fooling around to get here!

smrgeoinfo commented 8 months ago

solved for now, close