Faraday :: SSLError for Elasticsearch
[英]Faraday::SSLError for Elasticsearch
问题描述
Currently running into an issue where my background workers which are communicating with elasticsearch via elasticsearch-client are running into SSL errors inside Faraday. 
当前遇到一个问题,我的后台工作人员通过elasticsearch-client与elasticsearch进行通信时,在Faraday内部遇到SSL错误。
The error is this: 错误是这样的:
SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure
The configuration works fine some of the time (around ~50%) and it has never failed for me inside of a console sessions. 在某些时候(大约50%左右),配置工作正常,并且在控制台会话中对我来说从来没有失败。
The trace of the command is this: curl -X GET 'https://<host>/_alias/models_write?pretty 命令的踪迹是这样的: curl -X GET 'https://<host>/_alias/models_write?pretty
The client config is this 客户端配置是这个
Thread.current[:chewy_client] ||= begin
client_configuration[:reload_on_failure] = true
client_configuration[:reload_connections] = 30
client_configuration[:sniffer_timeout] = 0.5
client_configuration[:transport_options] ||= {}
client_configuration[:transport_options][:ssl] = { :version => :TLSv1_2 }
client_configuration[:transport_options][:headers] = { content_type: 'application/json' }
client_configuration[:trace] = true
client_configuration[:logger] = Rails.logger
::Elasticsearch::Client.new(client_configuration) do |f|
f.request :aws_signers_v4,
credentials: AWS::Core::CredentialProviders::DefaultProvider.new,
service_name: 'es',
region: ENV['ES_REGION'] || 'us-west-2'
end
end
As you can see I explicitly set the ssl version to TSLv1_2, but still getting an SSLv3 error. 如您所见,我将ssl版本显式设置为TSLv1_2,但仍然收到SSLv3错误。
Thought maybe it was a race condition issue. 以为这可能是种族问题。 So ran a script spawning about 10 processes with 50 threads each and calling the sidekiq perform method inside and still not able to reproduce. 因此,运行了一个脚本,该脚本生成了大约10个进程,每个进程具有50个线程,并在内部调用sidekiq perform方法,但仍然无法复制。
I am using the managed AWS 2.3 Elasticsearch if that is at all relevant. 我正在使用托管AWS 2.3 Elasticsearch(如果有的话)。
Any help or guidance in the right direction would be greatly appreciated, I would be happy to attach as much info as needed. 朝正确方向提供的任何帮助或指导将不胜感激,我很乐意根据需要提供尽可能多的信息。
1 个解决方案
解决方案1
0 2016-08-10 02:47:58
Figured it out. 弄清楚了。 The problem was that the elasticsearch-ruby gem autoloads in an http adapter that it detects if one is not specified. 问题在于,elasticsearch-ruby gem在一个http适配器中自动加载,它会检测是否未指定适配器。 The one used in my console was not the one getting auto loaded into sidekiq. 我的控制台中使用的不是自动加载到sidekiq中的那个。
The sidekiq job was using the HTTPClient adapter which did not respect the SSL version option. sidekiq作业正在使用HTTPClient适配器,该适配器不遵守SSL版本选项。 Thus I was getting this error. 因此,我得到了这个错误。 After explicitly defining the faraday adapter it worked. 在明确定义了法拉第适配器之后,它开始工作了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.