Authentication problems zeebe operate elasticsearch

Camunda 8 Topics Discussion & Questions
1

I am trying to get the zeebe operate helm chart working with an existing elastic search cluster. I believe it is possible. When I run the helm chart the zeebe operate pod gets up but when I look into the logging the following errors:

2021-11-01 16:46:26.671 INFO 6 — [ main] i.c.o.Application : Starting Application using Java 11.0.12 on zeebe-zeebe-operate-helm-74cf9dcd44-bhzz5 with PID 6 (/usr/local/operate/lib/operate-webapp-1.1.2-exec.jar started by root in /usr/local/operate)
2021-11-01 16:46:26.678 INFO 6 — [ main] i.c.o.Application : The following profiles are active: auth
2021-11-01 16:46:31.358 INFO 6 — [ main] o.s.b.w.e.t.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2021-11-01 16:46:31.368 INFO 6 — [ main] o.a.c.h.Http11NioProtocol : Initializing ProtocolHandler [“http-nio-8080”]
2021-11-01 16:46:31.368 INFO 6 — [ main] o.a.c.c.StandardService : Starting service [Tomcat]
2021-11-01 16:46:31.369 INFO 6 — [ main] o.a.c.c.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.48]
2021-11-01 16:46:31.493 INFO 6 — [ main] o.a.c.c.C.[.[.[/] : Initializing Spring embedded WebApplicationContext
2021-11-01 16:46:31.493 INFO 6 — [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 4636 ms
2021-11-01 16:46:32.248 INFO 6 — [ main] i.c.o.WebappModuleConfiguration : Starting module: webapp
2021-11-01 16:46:34.583 INFO 6 — [ main] i.c.o.s.SchemaStartup : SchemaStartup started.
2021-11-01 16:46:34.584 INFO 6 — [ main] i.c.o.s.SchemaStartup : SchemaStartup: validate schema.
2021-11-01 16:46:34.878 INFO 6 — [ main] i.c.o.s.SchemaStartup : SchemaStartup: schema is empty or not complete. Indices will be created.
2021-11-01 16:46:34.880 INFO 6 — [ main] i.c.o.s.ElasticsearchSchemaManager : Create default settings from ‘operate_template’ with 1 shards and 0 replicas per index.
2021-11-01 16:46:34.974 WARN 6 — [ main] i.c.o.u.RetryOperation : method [HEAD], host [https://elastic.cicd-p-az1.l12m.nl:443], URI [/_index_template/operate_template?master_timeout=30s], status line [HTTP/1.1 403 Forbidden]

it looks like camunda operate cant authenticate against the elasticsearch instance. The username and password are correct.

my config.yaml is as followed:

Operate configuration file

camunda.operate:

ELS instance to store Operate data

elasticsearch:
# Cluster name
clusterName: elastic
# Host
host: elastic.cicd-p-az1.l12m.nl
# Transport port
port: 443
# Elasticsearch full url
url: https://elastic.cicd-p-az1.l12m.nl:443
# username
username: swf_fluentd_service_account
# password
password: ***********

Zeebe instance

zeebe:
# Broker contact point
brokerContactPoint: zeebe-zeebe-gateway:26500

ELS instance to export Zeebe data to

zeebeElasticsearch:
# Cluster name
clusterName: elastic
# Host
host: Same as above
# Transport port
port: 443
# Index prefix, configured in Zeebe Elasticsearch exporter
prefix: zeebe-record
# Elasticsearch full url
url: same as above
# username
username: swf_fluentd_service_account
# password
password: *********
logging:
level:
ROOT: INFO
org.camunda.operate: ERROR
#Spring Boot Actuator endpoints to be exposed
management.endpoints.web.exposure.include: health,info,conditions,configprops,prometheus

Is there someone who knows how to handle this?

2

You need to use a compatible version of ElasticSearch. Check the version installed by the Helm charts. If you try to connect to an incompatible version of ElasticSearch, it won’t work.

3

Problem solved, we didn’t have the right to create indexes in our elastic search.

4