I'm trying to get datahub v0.8.10 talking to Elastic via SSL, but it doesn't want to pick up the certs I've configured. I've got

ELASTICSEARCH_USE_SSL=true

as well as all the various

ELASTICSEARCH_SSL_*

env vars specified by the docker env file. Any suggestions or troubleshooting I can do? I have confirmed that the certs work to connect to ES.

@wonderful-quill-11255 might be able to help here

@blue-megabyte-68048 are you using kubernetes or docker? Also, is it not picking up in the gms pod?

Hm. And also - you are not deploying the MAE consumer pod separately, right?

I'm on k8s and I can verify that the files are all on the pod, readable by gms and I just double-checked that all the paths are correct. I don't see any error logs on startup and I only get them in the stacktrace returned from a failed call. The stacktrace is just the response from the elastic's nginx saying that the required certs are missing. I can use these same certs in a curl call, so I know that they are valid.

It's not necessarily a bad idea, just more places to configure for speaking with elastic

If I disable all the SSL env vars, I still get the same result

The ssl setup is done here https://github.com/linkedin/datahub/blob/2c5edd88abfeafa4400b2601f7debc5cde5a1bfb/[…]linkedin/gms/factory/common/ElasticsearchSSLContextFactory.java

Yep, that's exactly what I've been looking at

they both use the same factory, so it should lead to the same error

Yeah, I think the root es error I get from the gms api is the same as from the mae consumer

thanks @blue-megabyte-68048!

oops, converted it to a draft while I check something out

u are awesome greyson. thank you for debugging this!

No problem!