Hi,
I’m trying out Graylog for the first time. I’ve managed to install Elasticsearch, MongoDB, Graylog server and the Datanode on the same machine. I read somewhere that it’s not ideal but this is for a relatively small deployment.
Once the installation was all done, and I logged in to the Web UI and from there I created the CA bundle and then issued a certificate for the datanode that is on the same machine. But nothing happens and when I looked at the logs, I see the following:
Server log:
2025-01-07T15:24:09.517+02:00 ERROR [CertificateExchangeImpl] Failed to sign CSR for node, skipping it for now.
java.lang.RuntimeException: java.lang.NullPointerException: Cannot invoke “org.bouncycastle.pkcs.PKCS10CertificationRequest.getSubject()” because the return value of “org.graylog2.cluster.certificates.CertificateSigningRequest.request()” is null
at org.graylog.security.certutil.CaKeystore.signCertificateRequest(CaKeystore.java:75) ~[graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisionerImpl.lambda$runProvisioning$0(GraylogCertificateProvisionerImpl.java:61) ~[graylog.jar:?]
at org.graylog2.cluster.certificates.CertificateExchangeImpl.signPendingCertificateRequests(CertificateExchangeImpl.java:102) [graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisionerImpl.runProvisioning(GraylogCertificateProvisionerImpl.java:61) [graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical.doRun(GraylogCertificateProvisioningPeriodical.java:40) [graylog.jar:?]
at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:99) [graylog.jar:?]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?]
at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source) [?:?]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.base/java.lang.Thread.run(Unknown Source) [?:?]
Caused by: java.lang.NullPointerException: Cannot invoke “org.bouncycastle.pkcs.PKCS10CertificationRequest.getSubject()” because the return value of “org.graylog2.cluster.certificates.CertificateSigningRequest.request()” is null
at org.graylog.security.certutil.CaKeystore.signCertificateRequest(CaKeystore.java:67) ~[graylog.jar:?]
Datanode log:
2025-01-07T15:28:42.291+02:00 INFO [CustomCAX509TrustManager] CA changed, refreshing trust manager
2025-01-07T15:28:42.296+02:00 ERROR [graylog-eventbus] Exception thrown by subscriber method handleCertificateAuthorityChange(org.graylog.security.certutil.CertificateAuthorityChangedEvent) on subscriber org.graylog2.security.CustomCAX509TrustManager@2a99ca99 when dispatching event: CertificateAuthorityChangedEvent
java.lang.IllegalArgumentException: Illegal base64 character 22
at java.base/java.util.Base64$Decoder.decode0(Unknown Source) ~[?:?]
at java.base/java.util.Base64$Decoder.decode(Unknown Source) ~[?:?]
at java.base/java.util.Base64$Decoder.decode(Unknown Source) ~[?:?]
at java.base/java.util.Optional.map(Unknown Source) ~[?:?]
at org.graylog.security.certutil.CaPersistenceService.readFromDatabase(CaPersistenceService.java:205) ~[graylog2-server-6.1.4.jar:?]
at org.graylog.security.certutil.CaPersistenceService.loadKeyStore(CaPersistenceService.java:187) ~[graylog2-server-6.1.4.jar:?]
at org.graylog.security.certutil.CaTruststoreImpl.getTrustStore(CaTruststoreImpl.java:55) ~[graylog2-server-6.1.4.jar:?]
at org.graylog2.security.CustomCAX509TrustManager.refresh(CustomCAX509TrustManager.java:58) ~[graylog2-server-6.1.4.jar:?]
at org.graylog2.security.CustomCAX509TrustManager.handleCertificateAuthorityChange(CustomCAX509TrustManager.java:51) ~[graylog2-server-6.1.4.jar:?]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at com.google.common.eventbus.Subscriber.invokeSubscriberMethod(Subscriber.java:85) ~[guava-33.3.1-jre.jar:?]
at com.google.common.eventbus.Subscriber$SynchronizedSubscriber.invokeSubscriberMethod(Subscriber.java:142) ~[guava-33.3.1-jre.jar:?]
at com.google.common.eventbus.Subscriber.lambda$dispatchEvent$0(Subscriber.java:71) ~[guava-33.3.1-jre.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:259) [metrics-core-4.2.28.jar:4.2.28]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.base/java.lang.Thread.run(Unknown Source) [?:?]
2025-01-07T15:28:51.301+02:00 INFO [CsrRequesterImpl] Triggered certificate signing request for this datanode
Here are the configuration changes on the machine:
/etc/graylog/server/server.conf
http_bind_address = 10.1.0.16:9000
/etc/graylog/datanode/datanode.conf
bind_address = 0.0.0.0
http_publish_uri = https://10.1.0.16:9000/
-
OS Information: Ubuntu server 22.04
-
Package Version: 6.1
Any help at all will be appreciated! Thank you!
Kind regards,
Rubin