CODEWITHSUNDEEP
javadocker-composeopensearchopensearch-dashboards
Richa sharma
Richa sharma

Reputation: 1

Opensearch 2.17 error: NotSslRecordException: not an SSL/TLS record

We're migrating one of our projects from Elasticsearch 7.1.1 to Opensearch 2.17.0. I'm running into below error while executing the integration tests on my local machine as the test cases try to run the docker container for inserting the indexes. The ssl certificates are not added as we want to keep the configuration as minimum as possible while verifying the migration with local setup. The opensearch-node1 container does get initialized but it doesn't get started and throws the error.

docker container error logs:

22:39:24.430 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT: [2024-11-11T17:09:24,429][INFO ][o.o.p.PluginsService     ] [d29698dca672] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/kCsJtTTNTdyyCfps0UUZDQ]
22:39:24.463 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT: [2024-11-11T17:09:24,459][ERROR][o.o.h.n.s.SecureNetty4HttpServerTransport] [d29698dca672] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a557365722d4167656e743a204a6176612f31312e302e32330d0a486f73743a206c6f63616c686f73743a35303831340d0a4163636570743a20746578742f68746d6c2c20696d6167652f6769662c20696d6167652f6a7065672c202a3b20713d2e322c202a2f2a3b20713d2e320d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
22:39:24.465 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a557365722d4167656e743a204a6176612f31312e302e32330d0a486f73743a206c6f63616c686f73743a35303831340d0a4163636570743a20746578742f68746d6c2c20696d6167652f6769662c20696d6167652f6a7065672c202a3b20713d2e322c202a2f2a3b20713d2e320d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
22:39:24.466 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT:  at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1312) ~[netty-handler-4.1.112.Final.jar:4.1.112.Final]
22:39:24.474 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT:  at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1385) ~[netty-handler-4.1.112.Final.jar:4.1.112.Final]
22:39:24.475 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT:  at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530) ~[netty-codec-4.1.112.Final.jar:4.1.112.Final]
22:39:24.475 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT:  at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469) ~[netty-codec-4.1.112.Final.jar:4.1.112.Final]
22:39:24.475 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT:  at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[netty-codec-4.1.112.Final.jar:4.1.112.Final]
.
.
.
22:39:24.475 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT: [2024-11-11T17:09:24,460][WARN ][o.o.h.AbstractHttpServerTransport] [d29698dca672] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/172.17.0.3:9200, remoteAddress=/172.17.0.1:55068}
22:39:24.475 [docker-java-stream--288341315] INFO  com.company.proj1.integration.OpensearchAware - STDOUT: io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a557365722d4167656e743a204a6176612f31312e302e32330d0a486f73743a206c6f63616c686f73743a35303831340d0a4163636570743a20746578742f68746d6c2c20696d6167652f6769662c20696d6167652f6a7065672c202a3b20713d2e322c202a2f2a3b20713d2e320d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a

I tried disabling all Opensearch security related configurations but somehow it's making no difference in the error.

docker-compose.yml:

version: '3'

services:

  # docker build -t local_elastic .
  # docker-compose up
  opensearch-node1:
    image: opensearchproject/opensearch:latest
    container_name: opensearch-node1
    environment:
      - cluster.name=opensearch-cluster # Name the cluster
      - node.name=opensearch-node1 # Name the node that will run in this container
      - discovery.seed_hosts=opensearch-node1 # Nodes to look for when discovering the cluster
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # Set min and max JVM heap sizes to at least 50% of system RAM
      - "DISABLE_INSTALL_DEMO_CONFIG=true" # Prevents execution of bundled demo script which installs demo certificates and security configurations to OpenSearch
      - "DISABLE_SECURITY_PLUGIN=true" # Disables security plugin
      #- plugins.security.ssl.transport.enabled=true
      - plugins.security.ssl.http.enabled=false
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    volumes:
      - opensearch-data1:/usr/share/opensearch/data
      - ./opensearch.yml:/usr/share/opensearch/opensearch.yml
    ports:
      - 9200:9200
      - 9600:9600
    networks:
      - opensearch-net # All of the containers will join the same Docker bridge network

  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest
    container_name: opensearch-dashboards
    ports:
      - 5601:5601 # Map host port 5601 to container port 5601
    expose:
      - "5601" # Expose port 5601 for web access to OpenSearch Dashboards
    environment:
      - 'OPENSEARCH_HOSTS=["http://opensearch-node1:9200"]'
      - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" # disables security dashboards plugin in OpenSearch Dashboards
    networks:
      - opensearch-net

volumes:
  opensearch-data1:

networks:
  opensearch-net:

Also here's the piece of code from the integration test which is trying to start the container:

private static final CustomOpenSearchContainer opensearchContainer;

static{
    opensearchContainer = new CustomOpenSearchContainer().withLogConsumer(new Slf4jLogConsumer(log));
    opensearchContainer.start();
    setOpensearchAddress(opensearchContainer.getHttpHostAddress());
}

public static class CustomOpenSearchContainer extends GenericContainer<CustomOpenSearchContainer> {
    @Override
    protected void configure() {
        Path dockerFilePath = Paths.get("src/integration-test/resources/docker/Dockerfile");
        ImageFromDockerfile dockerImage = new ImageFromDockerfile().withDockerfile(dockerFilePath);

        setImage(dockerImage);

        log.info("Starting an opensearch container.");
        //withNetworkAliases("opensearch-" + Base58.randomString(6));
        withEnv("discovery.type", "single-node");
        withEnv("OPENSEARCH_INITIAL_ADMIN_PASSWORD", "admin");
        addExposedPorts(OPENSEARCH_DEFAULT_PORT);
        setWaitStrategy(new HttpWaitStrategy()
                .forPort(OPENSEARCH_DEFAULT_PORT)
                .forStatusCodeMatching(response -> response == HTTP_OK)
                .withStartupTimeout(Duration.ofMinutes(2)));
    }

    public String getHttpHostAddress() {
        return getHost() + ":" + getMappedPort(9200);
    }
}

opensearch.yml:

cluster.name: opensearch-cluster
node.name: opensearch-node1
path.data: /usr/share/opensearch/data
path.logs: /usr/share/opensearch/logs
network.host: 0.0.0.0
http.port: 9200

# SSL/TLS settings
#plugins.security.ssl.transport.enabled: false
#plugins.security.ssl.http.enabled: false
plugins.security.disabled: true

# Discovery settings
discovery.seed_hosts: ["opensearch-node1"]
cluster.initial_master_nodes: ["opensearch-node1"]

Upvotes: 0

Views: 492

Answers (0)

Related Questions