pim-community-dev icon indicating copy to clipboard operation
pim-community-dev copied to clipboard

Published 20 hours ago verified publisher icon akeneo

Can't connect to elasticsearch with authorization

Open crashbtz opened this issue 3 years ago • 6 comments

Hello,

I have a question, I tried to go on slack but https://akeneopim-ug.herokuapp.com/ is not working. I think I misunderstood something in the configuration. We have an elasticsearch server with Basic Authorization.

This curl command works fine curl -k --location --request GET 'https://ip:9200' --header 'Authorization: Basic token' Where my token is a base_64(user:password)

But if I run php bin/console akeneo:elasticsearch:reset-indexes, I have:

No alive nodes found in your cluster

Here is my .env file: APP_INDEX_HOSTS=https://user:password@ip:9200

Thanks

crashbtz avatar Jun 22 '21 08:06 crashbtz

Hello, thanks for opening an issue.

After reading the code, it seems that you are right. To use Basic Authorization with elasticsearch, we need to call this method: https://github.com/elastic/elasticsearch-php/blob/76d042d3848af0b274ffd4bc1e5854fc22a5b34e/src/Elasticsearch/ClientBuilder.php#L429

Somewhere between those 2 lines: https://github.com/akeneo/pim-community-dev/blob/e2d9f6ea4a936d7bff0da6fbb3fa93115fee097a/src/Akeneo/Tool/Bundle/ElasticsearchBundle/Client.php#L55-L56

Also, It shouldn't be part of the url, it should be a new option here: https://github.com/akeneo/pim-community-dev/blob/e2d9f6ea4a936d7bff0da6fbb3fa93115fee097a/config/packages/akeneo_elasticsearch.yml

I wonder if I've missed something since I'm not aware of somebody with this issue before. Are we all using elasticsearch without Basic Authorization in production ? :thinking:

tseho avatar Jul 15 '21 13:07 tseho

usually on production you use the elasticsearch that's hidden behind a firewall, so auth is not necessary if secured another way. then of course there's ton of unsecure ES instances (that fail victim to meow attack, eventually). I agree, though that AkeneoElasticSeachExtension should support those, hopefully by using new env params APP_ELASTICSEARCH_USERNAME and APP_ELASTICSEARCH_PASSWORD. I'll try to see soon how complicated would that be

janmyszkier avatar Sep 02 '21 11:09 janmyszkier

Hi, any updates on this topic? I'm trying to use elastic cloud with akeneo. According to the elasticsearch-php docs it's possible to connect via cloud id or basic auth. Any plans to extend those config vars for akeneo?

veliu avatar Apr 13 '23 15:04 veliu

Will be resolved with: https://github.com/akeneo/pim-community-dev/pull/19622

veliu avatar Apr 18 '23 13:04 veliu

Up. This issue is huge blocker for some Akeneo users. The PR is already outdated so there's no longer possible to apply a composer patch for it.

Tomasz-Silpion avatar Mar 29 '24 10:03 Tomasz-Silpion

Up. This issue is huge blocker for some Akeneo users. The PR is already outdated so there's no longer possible to apply a composer patch for it.

How to fix this error in Akeneo env file? Thanks in advance

patrys666 avatar May 29 '24 20:05 patrys666