Cerebro + Easysearch: A Practical Guide to Avoid Common Pitfalls

1. Cerebro Overview

Cerebro is the successor to the early Elasticsearch plugin Kopf, rewritten in Scala, Play Framework, and AngularJS, and released as an independent web application after ES 5.0 dropped Site Plugin support. It provides cluster overview, index management, shard distribution, REST client, and alias management with a lightweight footprint (~200 MB memory) and runs on JRE 11+.

2. Connecting Cerebro to Easysearch

All key settings are stored in application.conf under the Cerebro installation directory.

vi /opt/cerebro/cerebro-0.9.4/conf/application.conf

2.1 Cluster connection

hosts = [
  {
    host = "https://192.168.31.219:9200"
    name = "easysearch"
    auth = {
      username = "admin"
      password = "your-password"
    }
  }
]

Note: Do not comment out the name line, otherwise the dropdown list will be empty.

2.2 Cerebro login authentication

auth = {
  type: basic
  settings: {
    username = "admin"
    password = "admin"
  }
}

This authentication is independent of Easysearch; do not confuse the two.

2.3 Skip SSL certificate verification (for internal testing)

Easysearch uses HTTPS with a self‑signed certificate, which causes PKIX verification failures. Add the following to the end of application.conf for testing:

play.ws.ssl {
  loose {
    acceptAnyCertificate = true
    allowWeakCiphers = true
    allowWeakProtocols = true
    disableHostnameVerification = true
  }
}

In production, import the certificate into the JVM truststore instead of disabling verification.

3. Common Pitfalls and Solutions

Pitfall 1 – Startup fails with UncheckedExecutionException

Cause: Running on Java 17/21 causes cglib dynamic‑proxy conflicts with the module system.

Solution: Switch to Java 11.

apt install openjdk-11-jdk -y
update-alternatives --config java   # select Java 11
java -version                       # verify
./bin/cerebro

Pitfall 2 – Page loads but JS/CSS errors appear

Cause: High‑version Java module isolation blocks static resource loading.

Solution: Add the following JVM options to bin/cerebro (or better, use Java 11):

addJava "--add-opens=java.base/java.lang=ALL-UNNAMED"
addJava "--add-opens=java.base/java.util=ALL-UNNAMED"
addJava "--add-opens=java.base/java.lang.reflect=ALL-UNNAMED"
addJava "--add-opens=java.base/sun.net.www.protocol.file=ALL-UNNAMED"

Pitfall 3 – PKIX certificate error

Cause: Easysearch’s self‑signed certificate is not trusted by the JVM.

Solution A (recommended for production): Import the certificate into the JVM truststore.

# Retrieve the certificate
openssl s_client -connect 192.168.31.219:9200 -showcerts </dev/null 2>/dev/null \ 
  | openssl x509 -outform PEM > /tmp/easysearch.crt
# Import into truststore
java_home=$(dirname $(dirname $(readlink -f $(which java))))
keytool -import -trustcacerts \
  -alias easysearch \
  -file /tmp/easysearch.crt \
  -keystore $java_home/lib/security/cacerts \
  -storepass changeit -noprompt

Solution B (testing): Enable the loose SSL configuration shown in section 2.3.

Pitfall 4 – 401 Unauthorized errors

Cause: The auth block for the host is missing or contains wrong credentials.

Solution: Verify that the auth block in application.conf is complete and the username/password match Easysearch’s credentials. Test connectivity with curl:

curl -k -u admin:'your-password' https://192.168.31.219:9200

A successful JSON response confirms the cluster is reachable.

Pitfall 5 – Cerebro login shows “Invalid username or password”

Cause: The login uses Cerebro’s own credentials, not Easysearch’s.

Solution: Check auth.settings in application.conf for the correct username and password and use those to log in.

4. Summary

Although Cerebro has not been updated for over six years, its core functions remain fully compatible with Easysearch. In practice, cluster overview, index management, shard distribution, REST client, and alias management all work as expected. Most issues stem from three areas: Java version, SSL certificates, and the separation of Cerebro’s authentication from Easysearch’s. Remember these points to avoid prolonged troubleshooting.

After adjusting the configuration, restart Cerebro: pkill -f cerebro && ./bin/cerebro If you need a lightweight cluster management tool, Cerebro is sufficient. For advanced analytics, dashboards, or alerting, consider INFINI Console or Kibana, each serving distinct purposes.