"certificate verify failed" during plugin installs in logstash container
devfire opened this issue · 2 comments
devfire commented
Something happened recently that is preventing logstash containers from installing plugins:
Running
docker build -t logstash-cert .
gives this output:
Sending build context to Docker daemon 20.99kB
Step 1/2 : FROM docker.elastic.co/logstash/logstash:6.5.3
---> 58d24eebe215
Step 2/2 : RUN bin/logstash-plugin install --version 2.0.11 logstash-input-kinesis && bin/logstash-plugin install --version 0.0.2 logstash-codec-cloudwatch_logs
---> Running in 190176dea518
ERROR: Something went wrong when installing logstash-input-kinesis, message: certificate verify failed
The command '/bin/sh -c bin/logstash-plugin install --version 2.0.11 logstash-input-kinesis && bin/logstash-plugin install --version 0.0.2 logstash-codec-cloudwatch_logs' returned a non-zero code: 1
Using this Dockerfile
FROM docker.elastic.co/logstash/logstash:6.5.3
# Install plugins
RUN bin/logstash-plugin install --version 2.0.11 logstash-input-kinesis && \
bin/logstash-plugin install --version 0.0.2 logstash-codec-cloudwatch_logs
I think the issue is with ruby/jruby but I'm not sure where.
Can somebody assist please?
Thank you.
devfire commented
Quick update with ENV DEBUG=1
in Dockerfile
:
docker build --no-cache -t logstash-cert .
Sending build context to Docker daemon 20.99kB
Step 1/3 : FROM docker.elastic.co/logstash/logstash:6.5.3
---> 58d24eebe215
Step 2/3 : ENV DEBUG=1
---> Running in 38ed96cd6581
Removing intermediate container 38ed96cd6581
---> 731fd51e35e6
Step 3/3 : RUN bin/logstash-plugin install --version 2.0.11 logstash-input-kinesis && bin/logstash-plugin install --version 0.0.2 logstash-codec-cloudwatch_logs
---> Running in 41e94abd2031
Using GEM_HOME=/usr/share/logstash/vendor/bundle/jruby/2.3.0
Using GEM_PATH=/usr/share/logstash/vendor/bundle/jruby/2.3.0
DEBUG: exec /usr/share/logstash/vendor/jruby/bin/jruby /usr/share/logstash/lib/pluginmanager/main.rb install --version 2.0.11 logstash-input-kinesis
Looking if package named: logstash-input-kinesis exists at https://artifacts.elastic.co/downloads/logstash-plugins/logstash-input-kinesis/logstash-input-kinesis-6.5.3.zip
OpenSSL::SSL::SSLError: certificate verify failed
connect_nonblock at org/jruby/ext/openssl/SSLSocket.java:276
connect at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/net/http.rb:938
do_start at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/net/http.rb:868
start at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/net/http.rb:857
start at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/net/http.rb:585
start at /usr/share/logstash/lib/pluginmanager/utils/http_client.rb:14
remote_file_exist? at /usr/share/logstash/lib/pluginmanager/utils/http_client.rb:32
get_installer_for at /usr/share/logstash/lib/pluginmanager/pack_fetch_strategy/repository.rb:32
block in create at /usr/share/logstash/lib/pluginmanager/install_strategy_factory.rb:23
each at org/jruby/RubyArray.java:1734
create at /usr/share/logstash/lib/pluginmanager/install_strategy_factory.rb:22
execute at /usr/share/logstash/lib/pluginmanager/install.rb:29
run at /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:67
execute at /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/subcommand/execution.rb:11
run at /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:67
run at /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:132
<main> at /usr/share/logstash/lib/pluginmanager/main.rb:48
The command '/bin/sh -c bin/logstash-plugin install --version 2.0.11 logstash-input-kinesis && bin/logstash-plugin install --version 0.0.2 logstash-codec-cloudwatch_logs' returned a non-zero code: 1
devfire commented
Update 2: I think we have a company egress proxy that's hijacking outbound SSL traffic. :(
Closing this issue. Sorry.