search

openzipkin / zipkin

Zipkin is a distributed tracing system
https://zipkin.io/
Apache License 2.0
17.02k stars 3.09k forks source link

Support unverified Elasticsearch SSL connections #3079

Closed AbdessamadHALLAL closed 4 years ago

AbdessamadHALLAL commented 4 years ago

Hello, I want to link zipkin with kafka as collector and elasticsearch as storage. I deployed zipkin on kubenetes and used the last image image: 'openzipkin / zipkin: latest' here is the deployment file:

spec: 
  containers: 
    - name: zipkin
      image: 'openzipkin/zipkin:latest'
      ports:
        - containerPort: 9411
          protocol: TCP
      env:
        - name: KAFKA_BOOTSTRAP_SERVERS
          value: '192.14.20.1:9091'
        - name: STORAGE_TYPE
          value: elasticsearch
        - name: ES_HOSTS
          value: 'https://elastic.k8s-cloud.com:443'
        - name: ES_INDEX
          value: zipkin-distributed-tracing
        - name: ES_USERNAME
          value: elasicUser
        - name: ES_PASSWORD
          value: elasicPass

Kafka collector works well without problem but elastisearch does not work

here is zipkin's health:

{
  "status": "DOWN",
  "zipkin": {
    "status": "DOWN",
    "details": {
      "ElasticsearchStorage{initialEndpoints=https://elastic.k8s-cloud.com:443, index=zipkin-distributed-tracing}": {
        "status": "DOWN",
        "details": {
          "error": "java.lang.IllegalStateException: couldn't connect any of [Endpoint{elastic.k8s-cloud.com:443, ipAddr=192.14.20.2, weight=1000}]"
        }
      },
      "KafkaCollector{bootstrapServers=192.14.20.1:9091, topic=zipkin}": {
        "status": "UP"
      }
    }
  }
}

Do I have to modify the variables, knowing that the elastisearch host uses self-signed SSL? Is there a way to disable SSL validation?

Thank you

codefromthecrypt commented 4 years ago

hmm I don't think we have a knob to disable TLS validation for ES at the moment.. do we @anuraaga ?

anuraaga commented 4 years ago

Nope sounds good to add one

AbdessamadHALLAL commented 4 years ago

Hi, Good, I deactivate SSL in elasticsearch server Thanks.

prune998 commented 4 years ago

IS this really hard? Will it be added at some point ? thanks

codefromthecrypt commented 4 years ago

@prune998 this is a volunteer project, most things are less about hard or not rather someone available or not. then, if that someone available or not knows how to do the work etc.

We just had a lot of work going on in other projects, so things like this which have been the same for 3 or 4 years seem less urgent than finishing larger projects.

It is good to express interest, as usually things without 3 people asking for it don't get prioritized. This is definitely a feature worth doing. If you have hands to try it, it could be a fun way to learn about the tools used. Otherwise, we'll ping back this issue when done. shouldn't be too long. cheers!

codefromthecrypt commented 4 years ago

@hanahmily you have time to give this a try?

prune998 commented 4 years ago

Thanks @adriancole

codefromthecrypt commented 4 years ago

https://github.com/openzipkin/zipkin/pull/3100