Can't connect to elasticsearch over ssl

I’m not able to connect to elasticsearch over https. The temporal helm chart has a property for scheme which makes it seem like https would be supported, but my services won’t start up because they hang on wait_for_es in the start script.

Looking at how the client is created in temporal I think https would probably work there, but looking in I see that http is hard coded in some places. I think this is a bug, but I wanted to make sure there wasn’t anything I was missing :slight_smile:


Hey Kyle,

Thank you for the report. Your analysis makes perfect sense, thank you!

I created a github issue for this –

and prepared code changes:

I tested that the scheme setting actually takes effect, but I have yet to test that httpS connections actually succeed (I didn’t have an instance of ElasticSearch + https handy).

If you get a chance to try this, I would be interested if this works for you!

Thank you!

Well, at least initially, this seems to be failing. The start script does work. Checking elasticsearch I can see it created an index. But Temporal crashes on startup with this error:

2020/07/20 22:38:15 error creating elastic search client: context deadline exceeded

{"acknowledged":true}{"error":{"root_cause":[{"type":"resource_already_exists_exception","reason":"index [temporal-visibility-dev/ItLz16j-QJOxwYEhlLm0Mg] already exists","index_uuid":"ItLz16j-QJOxwYEhlLm0Mg","index":"temporal-visibility-dev"}],"type":"resource_already_exists_exception","reason":"index [temporal-visibility-dev/ItLz16j-QJOxwYEhlLm0Mg] already exists","index_uuid":"ItLz16j-QJOxwYEhlLm0Mg","index":"temporal-visibility-dev"},"status":400}

I’m still troubleshooting it, I’ll let you know if I find anything. I’m having trouble getting the config or environment of my container because it keeps dying.

1 Like