Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker-Compose ElasticSearch incompatibility #1140

Closed
milesflo opened this issue Oct 10, 2019 · 15 comments
Closed

Docker-Compose ElasticSearch incompatibility #1140

milesflo opened this issue Oct 10, 2019 · 15 comments
Labels
bug
Milestone
3.4.1

Comments

@milesflo
Copy link

Docker-Compose ElasticSearch incompatibility

Request Type

Bug

Work Environment

Question Answer
OS version (server) N/A (Only local testing)
OS version (client) OSX
TheHive version / git hash c44df9d (latest master at time of writing)
Package Type Docker (docker-compose)
Browser type & version If applicable

Problem Description

The docker compose file creates an ElasticSearch container that is incompatible with the rest of the deployment.

Steps to Reproduce

  1. Pull/clone from master
  2. cd to ./docker/thehive
  3. run docker-compose up in this directory
  4. Wait for ElasticSearch-related errors to appear.

Possible Solutions

Potentially, reverting this PR will remediate the issue. According to the docs, this project uses ElasticSearch5.0 for stateless storage. Despite this spec, the file was altered to have a major version bump.

Either way, the Docker file and documentation are out of sync.

Complementary information

Sample error. One of many, but I'm cropping out any PII.

cortex_1         | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_4/_search?
cortex_1         | StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
cortex_1         |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,null,None)),None)
@milesflo
Copy link
Author

Experimenting with this hypothesis now

milesflo referenced this issue Oct 10, 2019
@To-om
#623 Update docker entrypoint
2ef0838
@milesflo milesflo mentioned this issue Oct 10, 2019
Closed
@milesflo
Copy link
Author

Reverting seems pretty fruitless

@arnydo
Copy link

arnydo commented Oct 11, 2019

It looks like Cortex 3.0.0 and TheHive 3.4.0 are "supposed" to be compatible with ES 6+.
But following those versions along with the migration guide (to know what the configuration is supposed to look like) I still get the errors on a fresh install.

https://blog.thehive-project.org/2019/09/11/thehive-3-4-0-cortex-3-0-0-released/
https://github.com/TheHive-Project/TheHiveDocs/blob/master/migration-guide.md

@arnydo
Copy link

arnydo commented Oct 11, 2019

I was able to get it running with the following compose file (Removed the RC tags and used the latest stable versions).
I did end up deleting the index for TheHive after spinning up because it kept failing. After deleting the index and restarting the container I got right in and was able to run the "update database" process.

version: "2"
services:
  elasticsearch:
    image: elasticsearch:6.8.0
    environment:
      - http.host=0.0.0.0
      - cluster.name=hive
      - thread_pool.index.queue_size=100000
      - thread_pool.search.queue_size=100000
      - thread_pool.bulk.queue_size=100000
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
  cortex:
    image: thehiveproject/cortex:3.0.0
    ports:
      - "0.0.0.0:9001:9001"
  thehive:
    image: thehiveproject/thehive:3.4.0
    depends_on:
      - elasticsearch
      - cortex
   ports:
     - "0.0.0.0:9000:9000"

@milesflo
Copy link
Author

@arnydo Nice. Would it be worth investigating a way to run a script to do this automatically on ElasticSearch container creation?

@arnydo
Copy link

arnydo commented Oct 11, 2019 via email

@milesflo
Copy link
Author

milesflo commented Oct 11, 2019
edited
Loading

@arnydo Is this it?

curl -X DELETE "http://172.18.0.2:9200/thehive"

EDIT:
Can you make this same request from within the new ES container itself? ex:

curl -X DELETE "http://localhost:9200/thehive"

@arnydo
Copy link

arnydo commented Oct 11, 2019 via email

@milesflo
Copy link
Author

milesflo commented Oct 11, 2019
edited
Loading

Hmm... What makes it 15?

It is hardcoded somewhere in the project? Is it the 15th container on your environment?

@arnydo
Copy link

arnydo commented Oct 11, 2019 via email

@milesflo
Copy link
Author

Yeah, looks to be the hardcoded name they're going with. It's not immediately clear what the 15 signifies though. I'll take a stab at this and if it works I'll make a PR.

The subject of this ticket has changed, should I edit the original post or leave as is?

@aacgood
Copy link

aacgood commented Oct 11, 2019 via email

@milesflo
Copy link
Author

milesflo commented Oct 15, 2019
edited
Loading

Got back to this. Strange behavior when cUrl'ing from TheHive's container

➜  thehive git:(master) docker exec -it thehive_thehive_1 /bin/bash
daemon@bd0453c89034:/opt/thehive$ curl -X DELETE http://172.18.0.2:9200/the_hive_15
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"the_hive_15","index_uuid":"_na_","index":"the_hive_15"}],"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"the_hive_15","index_uuid":"_na_","index":"the_hive_15"},"status":404}

@milesflo
Copy link
Author

Logs of starting up the compose and opening hxxp://localhost[:]9000/

thehive_1        | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/the_hive_15/_search?
thehive_1        | StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
thehive_1        |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,null,None)),None)
thehive_1        | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/the_hive_15/_search?
thehive_1        | StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
thehive_1        |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,null,None)),None)
thehive_1        | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/the_hive_15/_search?
thehive_1        | StringEntity({"version":"true","query":{"ids":{"values":["init"]}},"size":1},Some(application/json))
thehive_1        |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,null,None)),None)
thehive_1        | [info] o.e.ErrorHandler - GET /api/user/current returned 520
thehive_1        | org.elastic4play.IndexNotFoundException$: null
thehive_1        |      at org.elastic4play.IndexNotFoundException$.<clinit>(Errors.scala)
thehive_1        |      at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:145)
thehive_1        |      at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:303)
thehive_1        |      at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
thehive_1        |      at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
thehive_1        |      at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
thehive_1        |      at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
thehive_1        |      at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
thehive_1        |      at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
thehive_1        |      at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
thehive_1        | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/the_hive_15/_search?scroll=60000ms
thehive_1        | StringEntity({"version":"true","query":{"bool":{"must":[{"term":{"relations":{"value":"dblist"}}},{"term":{"dblist":{"value":"ui_settings"}}}]}},"from":0,"sort":[{"_id":{"order":"desc"}}]},Some(application/json))
thehive_1        |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,null,None)),None)
cortex_1         | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_4/_search?
cortex_1         | StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
cortex_1         |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,null,None)),None)
cortex_1         | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_4/_search?
cortex_1         | StringEntity({"version":"true","query":{"ids":{"values":["init"]}},"size":1},Some(application/json))
cortex_1         |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(cortex_4),None,null,None)),None)
cortex_1         | [info] o.t.c.s.ErrorHandler - GET /api/user/current returned 520
cortex_1         | org.elastic4play.IndexNotFoundException$: null
cortex_1         |      at org.elastic4play.IndexNotFoundException$.<clinit>(Errors.scala)
cortex_1         |      at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:145)
cortex_1         |      at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
cortex_1         |      at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
cortex_1         |      at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
cortex_1         |      at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
cortex_1         |      at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
cortex_1         |      at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
cortex_1         |      at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
cortex_1         |      at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
thehive_1        | [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/the_hive_15/_search?
thehive_1        | StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
thehive_1        |  => ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,List(ElasticError(index_not_found_exception,no such index,Some(_na_),Some(the_hive_15),None,null,None)),None)
thehive_1        | [info] o.e.ErrorHandler - GET /api/stream/yOFqxsWI8csB5B7SkIRD returned 401
thehive_1        | org.elastic4play.AuthenticationError: Authentication header not found
thehive_1        |      at org.elastic4play.controllers.Authenticated.$anonfun$getFromApiKey$1(Authenticated.scala:143)
thehive_1        |      at scala.Option.fold(Option.scala:158)
thehive_1        |      at org.elastic4play.controllers.Authenticated.getFromApiKey(Authenticated.scala:143)
thehive_1        |      at controllers.StreamCtrl.$anonfun$get$1(StreamCtrl.scala:99)
thehive_1        |      at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:488)
thehive_1        |      at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:486)
thehive_1        |      at play.api.mvc.ActionBuilder$$anon$10.apply(Action.scala:425)
thehive_1        |      at play.api.mvc.Action.$anonfun$apply$2(Action.scala:97)
thehive_1        |      at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:183)
thehive_1        |      at scala.util.Try$.apply(Try.scala:209)

@milesflo
Copy link
Author

PR: #1144

@To-om To-om added this to the 3.4.1 milestone Apr 7, 2020
@To-om To-om added the bug label Apr 7, 2020
To-om added a commit that referenced this issue Apr 7, 2020
@To-om
#1140 Update docker compose file
26d22b6
@To-om To-om closed this as completed Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
4 participants
@arnydo @milesflo @To-om @aacgood