Error when configuring multiple ElasticSearch nodes

[srilumpa]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Debian stretch
TheHive version / git hash	2.13.2-1
Package Type	DEB

Problem Description

When setting multiple ES hosts in TheHive configuration, an error occurs once the application starts.

Steps to Reproduce

1. Set the search.host directive in /etc/thehive/application to contain several ElasticSearch servers
2. Restart TheHive: sudo systemctl restart

Complementary information

TheHive configuration

[...]
# ElasticSearch
search {
  # Name of the index
  index = the_hive
  # Name of the ElasticSearch cluster
  cluster = ES_CLUSTER
  # Address of the ElasticSearch instance
  host = ["es-server1:9300", "es-server2:9300", es-server3:9300", "es-server4:9300"]
  # Scroll keepalive
  keepalive = 1m
  # Size of the page for scroll
  pagesize = 50
}
[...]

Logs

Here is a partial dump from /var/log/thehive/application.conf logs

2017-12-01 12:01:06,678 [INFO] from org.reflections.Reflections in main - Reflections took 138 ms to scan 5 urls, producing 104 keys and 1098 values 
2017-12-01 12:01:06,723 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel
2017-12-01 12:01:06,723 [INFO] from module in main - Loading model class models.CaseTemplateModel
2017-12-01 12:01:06,724 [INFO] from module in main - Loading model class models.AuditModel
2017-12-01 12:01:06,724 [INFO] from module in main - Loading model class models.AlertModel
2017-12-01 12:01:06,724 [INFO] from module in main - Loading model class models.LogModel
2017-12-01 12:01:06,724 [INFO] from module in main - Loading model class models.UserModel
2017-12-01 12:01:06,724 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel
2017-12-01 12:01:06,725 [INFO] from module in main - Loading model class models.CaseModel
2017-12-01 12:01:06,725 [INFO] from module in main - Loading model class models.TaskModel
2017-12-01 12:01:06,725 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2017-12-01 12:01:06,725 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2017-12-01 12:01:06,725 [INFO] from module in main - Loading model class models.ArtifactModel
2017-12-01 12:01:07,750 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-3 - Slf4jLogger started
2017-12-01 12:01:08,869 [ERROR] from akka.actor.OneForOneStrategy in application-akka.actor.default-dispatcher-4 - Unable to provision, see the following errors:

1) Error injecting constructor, java.lang.RuntimeException: Invalid hosts/ports es-server1:9300,elasticsearch://es-server2:9300,elasticsearch://es-server3:9300,elasticsearch://es-server4:9300
  at org.elastic4play.database.DBConfiguration.<init>(DBConfiguration.scala:56)
  at org.elastic4play.database.DBConfiguration.class(DBConfiguration.scala:41)
  while locating org.elastic4play.database.DBConfiguration
    for the 1st parameter of org.elastic4play.services.SequenceSrv.<init>(SequenceSrv.scala:10)
  at org.elastic4play.services.SequenceSrv.class(SequenceSrv.scala:10)
  while locating org.elastic4play.services.SequenceSrv
    for the 5th parameter of models.CaseModel.<init>(Case.scala:59)
  at models.CaseModel.class(Case.scala:58)
  while locating models.CaseModel
    for the 1st parameter of models.ArtifactModel.<init>(Artifact.scala:48)
  at models.ArtifactModel.class(Artifact.scala:46)
  while locating models.ArtifactModel
    for the 1st parameter of connectors.cortex.models.JobModel.<init>(Job.scala:36)
  at connectors.cortex.models.JobModel.class(Job.scala:36)
  while locating connectors.cortex.models.JobModel
    for the 2nd parameter of connectors.cortex.services.CortexSrv.<init>(CortexSrv.scala:91)
  at connectors.cortex.services.CortexSrv.class(CortexSrv.scala:90)
  while locating connectors.cortex.services.CortexSrv
    for the 1st parameter of connectors.cortex.services.JobReplicateActor.<init>(CortexSrv.scala:63)
  at connectors.cortex.services.JobReplicateActor.class(CortexSrv.scala:62)
  while locating connectors.cortex.services.JobReplicateActor
Caused by: java.lang.RuntimeException: Invalid hosts/ports es-server1:9300,elasticsearch://es-server2:9300,elasticsearch://es-server3:9300,elasticsearch://es-server4:9300
        at scala.sys.package$.error(package.scala:27)
        at com.sksamuel.elastic4s.ElasticsearchClientUri$.$anonfun$apply$2(ElasticsearchClientUri.scala:23)
        at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:234)
        at scala.collection.IndexedSeqOptimized.foreach(IndexedSeqOptimized.scala:32)
        at scala.collection.IndexedSeqOptimized.foreach$(IndexedSeqOptimized.scala:29)
        at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:191)
        at scala.collection.TraversableLike.map(TraversableLike.scala:234)
        at scala.collection.TraversableLike.map$(TraversableLike.scala:227)
        at scala.collection.mutable.ArrayOps$ofRef.map(ArrayOps.scala:191)
        at com.sksamuel.elastic4s.ElasticsearchClientUri$.apply(ElasticsearchClientUri.scala:21)
        at org.elastic4play.database.DBConfiguration.<init>(DBConfiguration.scala:73)
        at org.elastic4play.database.DBConfiguration.<init>(DBConfiguration.scala:63)
[...]

[nadouani]

Thanks for finding this issue @srilumpa we will fix it in the upcoming hotfix release