Briefly, this error occurs when Elasticsearch is unable to retrieve the list of instances from the AWS API. This could be due to network issues, incorrect AWS credentials, or insufficient permissions. To resolve this, you can check your network connectivity, verify your AWS credentials, or ensure that your IAM role has the necessary permissions to access the AWS API. Additionally, check if the AWS SDK version is compatible with your Elasticsearch version.
This guide will help you check for common problems that cause the log ” Exception while retrieving instance list from AWS API: {} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugins, discovery, discovery-ec2.
Overview
The process known as discovery occurs when an Elasticsearch node starts, restarts or loses contact with the master node for any reason. In those cases, the node needs to contact other nodes in the cluster to find any existing master node or initiate the election of a new master node.
How it works
Upon startup, each node looks for other nodes, firstly by contacting the IP addresses of eligible master nodes held in the previous cluster state. If they are not available, it will look for nodes based upon the seed host provider mechanisms available.
Seed host providers may be defined in 3 ways: list based, file based or plugin based. All of these methods provide a list of IP addresses or hostnames which the node should contact in order to obtain a list of master eligible nodes. The node will contact all of these addresses in turn, until either an active master is found, or failing that, until sufficient nodes can be found to elect a new master node.
Examples
The simplest form is to define a list of seed host providers in elasticsearch.yml:
discovery.seed_hosts: - 192.168.1.10:9300 - 192.168.1.11 - seeds.mydomain.com
An alternative way is to refer to a file using the following setting:
discovery.seed_providers: file
The file MUST be placed in the following filepath: $ES_PATH_CONF/unicast_hosts.txt
10.10.10.5 10.10.10.6:9305 10.10.10.5:10005 # an IPv6 address [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:9301
Note that the use of a port is optional. If not used, then the default port range of 9300-9400 will be used.
If you use AWS or GCS then you can install and use a plugin to obtain a list of seed hosts from an API. A plugin also exists for Azure but is deprecated since version 5.
AWS plugin
A typical configuration could be as follows:
discovery.seed_providers: ec2 discovery.ec2.tag.role: master discovery.ec2.tag.environment: dev discovery.ec2.endpoint: ec2.us-east-1.amazonaws.com cloud.node.auto_attributes: true cluster.routing.allocation.awareness.attributes: aws_availability_zone
The above configuration would look for all nodes with a tag called “environment” set to “dev” and a tag called “role” set to “master”, in the AWS zone us-east-1. The last two lines set up cluster routing allocation awareness based upon aws availability zones. (Not necessary, but nice to have).
GCE plugin
A typical configuration could be as follows:
discovery.seed_providers: gce cloud.gce.project_id: <your-google-project-id> cloud.gce.zone: <your-zone> discovery.gce.tags: <my-tag-name>
The above configuration would look for all virtual machines inside your project, zone and with a tag set to the tag name you provide.
Notes and good things to know
Cluster formation depends on correct setup of the network.host settings in elasticsearch.yml. Make sure that the nodes can reach each other across the network using their IP addresses / hostname, and are not getting blocked due to firewall settings on the ports required.
Log Context
Log “Exception while retrieving instance list from AWS API: {}” classname is AwsEc2SeedHostsProvider.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
// NOTE: we don't filter by security group during the describe instances request for two reasons:
// 1. differences in VPCs require different parameters during query (ID vs Name)
// 2. We want to use two different strategies: (all security groups vs. any security groups)
descInstances = SocketAccess.doPrivileged(() -> clientReference.client().describeInstances(buildDescribeInstancesRequest()));
} catch (final AmazonClientException e) {
logger.info("Exception while retrieving instance list from AWS API: {}"; e.getMessage());
logger.debug("Full exception:"; e);
return dynamicHostAddresses;
}
logger.trace("finding seed nodes...");
[ratemypost]
