search

gravitee-io / issues

Gravitee.io - API Platform - Issues
65 stars 26 forks source link

[gateway] Cannot find SSL keys and certs #3589

Closed Nmaw closed 4 years ago

Nmaw commented 4 years ago

APIM and Gateway cannot find or read keys and certificate for connect to Elasticsearch cluster.

Logs

[APIM]

19:37:01.776 [graviteeio-node] INFO i.g.m.r.p.RepositoryPluginHandler - Repository [ANALYTICS] loaded by elasticsearch --   | 19:37:02.386 [graviteeio-node] WARN o.s.c.a.AnnotationConfigApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'analyticsRepository': Unsatisfied dependency expressed through field 'client'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'client': Invocation of init method failed; nested exception is io.vertx.core.VertxException: io.vertx.core.file.FileSystemException: java.nio.file.NoSuchFileException: /opt/graviteeio-management-api/${analytics.elasticsearch.ssl.keystore.keys}   | 19:37:02.471 [graviteeio-node] ERROR i.g.p.c.i.PluginContextFactoryImpl - Unable to refresh plugin context   | org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'analyticsRepository': Unsatisfied dependency expressed through field 'client'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'client': Invocation of init method failed; nested exception is io.vertx.core.VertxException: io.vertx.core.file.FileSystemException: java.nio.file.NoSuchFileException: /opt/graviteeio-management-api/${analytics.elasticsearch.ssl.keystore.keys}

[Gateway]

22:30:11.798 [graviteeio-node] [] INFO i.g.n.p.s.h.ServicePluginHandler - Install plugin: sync [io.gravitee.gateway.services.sync.ScheduledSyncService] 22:30:11.824 [graviteeio-node] [] INFO i.g.n.p.s.h.ServicePluginHandler - Install plugin: hearbeat [io.gravitee.gateway.services.hearbeat.HeartbeatService] 22:30:11.842 [graviteeio-node] [] INFO i.g.p.c.internal.PluginEventListener - Installing REPORTER plugins... 22:30:11.842 [graviteeio-node] [] INFO i.g.n.r.plugin.ReporterPluginHandler - Install plugin: file [io.gravitee.reporter.file.FileReporter] 22:30:11.916 [graviteeio-node] [] INFO i.g.n.r.plugin.ReporterPluginHandler - Install plugin: elastic [io.gravitee.reporter.elasticsearch.ElasticsearchReporter] 22:30:12.056 [graviteeio-node] [] WARN o.s.c.a.AnnotationConfigApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'io.gravitee.reporter.elasticsearch.ElasticsearchReporter ': Unsatisfied dependency expressed through field 'client'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'httpClient': Invocation of init method failed; nested exception is io.vertx.core.VertxException: io.vertx.core.file.FileSystemException: java.nio.file.NoSuchFileException: E:\gravitee\graviteeio-gateway-1.30.8\bin\${reporters.elasticsearch.ssl.keystore.keys} 22:30:12.060 [vert.x-eventloop-thread-0] [] INFO i.g.g.s.vertx.ReactorVerticle - Stopping HTTP Server... 22:30:12.062 [vert.x-eventloop-thread-0] [] INFO i.g.g.s.vertx.ReactorVerticle - HTTP Server has been correctly stopped 22:30:12.062 [vert.x-eventloop-thread-4] [] INFO i.g.g.s.vertx.ReactorVerticle - Stopping HTTP Server... 22:30:12.062 [vert.x-eventloop-thread-4] [] INFO i.g.g.s.vertx.ReactorVerticle - HTTP Server has been correctly stopped 22:30:12.065 [graviteeio-node] [] ERROR i.g.p.c.i.PluginContextFactoryImpl - Unable to refresh plugin context org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'io.gravitee.reporter.elasticsearch.ElasticsearchReporter': Unsatisfied dependency expressed through field 'client'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'httpClient': Invocation of init method failed; nested exception is io.vertx.core.VertxException: io.vertx.core.file.FileSystemException: java.nio.file.NoSuchFileException: E:\gravitee\graviteeio-gateway-1.30.8\bin\${reporters.elasticsearch.ssl.keystore.keys} at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.j ava:596)

gravitee.yml

[APIM]

  analytics:
    type: elasticsearch
    elasticsearch:
      endpoints:
        - https://${ds.elastic.host1}:${ds.elastic.port}
        - https://${ds.elastic.host2}:${ds.elastic.port}
        - https://${ds.elastic.host3}:${ds.elastic.port}
      index: project_gravitee-idx
      index_per_type: true
      security:
        enabled: true
        username: user
        password: pass
      ssl:
        enabled: true
        keystore:
          type: pem
          certs:                      # only for pems
            - ../config/ssl/es.pem
            - config/ssl/es.pem
            - ssl/es.pem
            - es.pem
          keys:                       # only for pems
            - ../config/ssl/es.key
            - config/ssl/es.key
            - ssl/es.key
            - es.key
      http:
        timeout: 10000 # in milliseconds

[Gravitee]

  reporters:
    elasticsearch:
      enable: true
      endpoints:
        - https://${ds.elastic.host1}:${ds.elastic.port}
        - https://${ds.elastic.host2}:${ds.elastic.port}
        - https://${ds.elastic.host3}:${ds.elastic.port}
      index: project_ratelimit-idx
      cluster: gravitee-es-cluster
      security:
        enabled: true
        username: user
        password: pass
      ssl:
        enabled: true
        keystore:
          type: pem
          certs:                      # only for pems
            - ../config/ssl/es.pem
            - config/ssl/es.pem
            - ssl/es.pem
            - es.pem
          keys:                       # only for pems
            - ../config/ssl/es.key
            - config/ssl/es.key
            - ssl/es.key
            - es.key

Certificate for gateway:

E:\gravitee\graviteeio-gateway-1.30.8\bin\ssl>dir Volume in drive E is Data Volume Serial Number is AA2B-6240

Directory of E:\gravitee\graviteeio-gateway-1.30.8\bin\ssl

04/16/2020 10:21 PM

. 04/16/2020 10:21 PM .. 04/16/2020 10:21 PM 1,730 es.key 04/16/2020 10:21 PM 1,272 es.pem 2 File(s) 3,002 bytes 2 Dir(s) 197,917,691,904 bytes free

E:\gravitee\graviteeio-gateway-1.30.8\bin\ssl>

Possible Solution

I can solve this issue only turn off ssl in gravitee components, but I cannot turn off ssl in Elasticsearch cluster.

Context

Docker container with APIM was crash. Gateway not crashed, but not worked correctly.

Your Environment

  • Version used: 1.30.8 (APIM and Gateway)
  • Browser Name and version: (Safari, Firefox, Chrome)
  • Operating System and version: [APIM]: Docker, [Gateway]: Docker/Windows Server 2012 R2
brasseld commented 4 years ago

Hi @Nmaw

You may probably have to provide absolute path, or, at least, use the ${gravitee.home} in front of each value.

Nmaw commented 4 years ago

@brasseld thanks for advice.

Absolute path also do not solve.

I solved this issue. Parameter ${analytics.elasticsearch.ssl.keystore.keys} has string type and cannot be list type. Correct part gravitee.yml: 

  ssl:
    enabled: true
    keystore:
      type: pem
      certs: "config/ssl/es.pem"
      keys: "config/ssl/es.key"

Please fix your docs: installation-guide-repositories-elasticsearch

brasseld commented 4 years ago

thanks for your feedback.

You can also push a Pull Request to fix the docs.

Cheers,

Nmaw commented 4 years ago

Create PR: https://github.com/gravitee-io/gravitee-docs/pull/201

brasseld commented 4 years ago

Thanks a lot