Activate x-pack

how to activate the x-pack? and where i should access to activate the x-pack?

Which version are you using? Are you using the default distribution?

1 Like

v10, yes im using default. free and basic

Is that version 7.10? Which features are you looking to configure/enable?

yes 7.10

a elastic security, i want to have login form at kibana and alerting

you can go through this https://www.elastic.co/guide/en/elasticsearch/reference/7.4/get-started-enable-security.html

1 Like

yeah i know it, but it failed when i try because at my organization's access system is closed. now I want to know to activate this x-pack, is elastic there is access anywhere so I can ask to whitelist?

I don't understand what you meant.

Please tell what exact version you downloaded, what are the settings you changed, what are the error messages, ...

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

And to answer your question:

You don't have to activate xpack. All the features are built-in the default distribution. You just have to use the features you need.
Read the documentation about the feature you are looking for.

i used version 7.10. okay let me give you my elasticsearch.yml. is there something wrong?

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: 10.194.11.67
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true

# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 10.194.11.67
#
# Set a custom port for HTTP:
#
#http.port: 9200
http.port: 9200

##
# For more information, consult the network module documentation.

# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.seed_hosts: ["10.194.11.67", "[::1]"]
#
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: [10.194.11.67]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

#xpack
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12

It looks good.

then i got error like this

> ● elasticsearch.service - Elasticsearch
>    Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
>    Active: failed (Result: exit-code) since Thu 2021-04-08 11:51:19 WIB; 13s ago
>      Docs: https://www.elastic.co
>   Process: 6921 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
> Main PID: 6921 (code=exited, status=1/FAILURE)
> 
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: <<<truncated>>>
> Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: For complete error details, refer to the log at /var/log/elasticsearch/elasticsearch.log
> Apr 08 11:51:19 bdi-uat-els systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
> Apr 08 11:51:19 bdi-uat-els systemd[1]: Failed to start Elasticsearch.
> Apr 08 11:51:19 bdi-uat-els systemd[1]: Unit elasticsearch.service entered failed state.
> Apr 08 11:51:19 bdi-uat-els systemd[1]: elasticsearch.service failed.

Could you share elasticsearch logs?

[2021-04-08T01:30:00,000][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] triggering scheduled [ML] maintenance tasks
[2021-04-08T01:30:00,006][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Deleting expired data
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [bdi-uat-els] Successfully deleted [0] unused stats documents
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Completed deletion of expired ML data
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2021-04-08T08:30:00,000][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] starting SLM retention snapshot cleanup task
[2021-04-08T08:30:00,002][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2021-04-08T10:58:43,955][INFO ][o.e.n.Node               ] [bdi-uat-els] stopping ...
[2021-04-08T10:58:43,962][INFO ][o.e.x.w.WatcherService   ] [bdi-uat-els] stopping watch service, reason [shutdown initiated]
[2021-04-08T10:58:43,963][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [bdi-uat-els] [controller/29792] [Main.cc@154] ML controller exiting
[2021-04-08T10:58:43,963][INFO ][o.e.x.m.p.NativeController] [bdi-uat-els] Native controller process has stopped - no new native processes can be started
[2021-04-08T10:58:43,963][INFO ][o.e.x.w.WatcherLifeCycleService] [bdi-uat-els] watcher has stopped and shutdown
[2021-04-08T10:58:44,337][INFO ][o.e.n.Node               ] [bdi-uat-els] stopped
[2021-04-08T10:58:44,337][INFO ][o.e.n.Node               ] [bdi-uat-els] closing ...
[2021-04-08T10:58:44,349][INFO ][o.e.n.Node               ] [bdi-uat-els] closed
[2021-04-08T11:47:33,845][INFO ][o.e.n.Node               ] [10.194.11.67] version[7.10.1], pid[6491], build[default/rpm/1c34507e66d7db1211f66f3513706fdf548736aa/2020-12-05T01:00:33.671820Z], OS[Linux/3.10.0-1127.el7.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2021-04-08T11:47:33,848][INFO ][o.e.n.Node               ] [10.194.11.67] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-04-08T11:47:33,848][INFO ][o.e.n.Node               ] [10.194.11.67] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-539247061516994380, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-04-08T11:47:35,798][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [aggs-matrix-stats]
[2021-04-08T11:47:35,798][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [analysis-common]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [constant-keyword]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [flattened]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [frozen-indices]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-common]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-geoip]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-user-agent]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [kibana]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-expression]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-mustache]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-painless]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [mapper-extras]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [mapper-version]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [parent-join]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [percolator]

Could you share the full elasticsearch logs please?

If too big for this forum, please share them on gist.github.com and add the link here.

that's the full i can get

There is nothing after this line?

[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [percolator]

yes David

I don't understand as this part should be in your logs.
Could you check again ?

  at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:149) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.node.Node.<init>(Node.java:406) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) [elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) [elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) [elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) [elasticsearch-cli-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.10.1.jar:7.10.1]
[2021-04-14T14:45:06,179][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [10.194.11.67] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [pack.security.http.ssl.keystore.path] did you mean any of [xpack.security.http.ssl.keystore.path, xpack.security.http.ssl.keystore.type, xpack.security.http.ssl.truststore.path, xpack.security.http.ssl.keystore.password, xpack.security.http.ssl.keystore.algorithm, xpack.security.transport.ssl.keystore.path, xpack.security.http.ssl.keystore.key_password, xpack.security.http.ssl.truststore.type, xpack.http.ssl.keystore.path, xpack.security.http.ssl.certificate, xpack.security.http.ssl.truststore.password, xpack.security.http.ssl.key_passphrase, xpack.security.http.ssl.keystore.secure_password, xpack.security.http.ssl.truststore.algorithm]?
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.10.1.jar:7.10.1]
        at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.10.1.jar:7.10.1]
Caused by: java.lang.IllegalArgumentException: unknown setting [pack.security.http.ssl.keystore.path] did you mean any of [xpack.security.http.ssl.keystore.path, xpack.security.http.ssl.keystore.type, xpack.security.http.ssl.truststore.path, xpack.security.http.ssl.keystore.password, xpack.security.http.ssl.keystore.algorithm, xpack.security.transport.ssl.keystore.path, xpack.security.http.ssl.keystore.key_password, xpack.security.http.ssl.truststore.type, xpack.http.ssl.keystore.path, xpack.security.http.ssl.certificate, xpack.security.http.ssl.truststore.password, xpack.security.http.ssl.key_passphrase, xpack.security.http.ssl.keystore.secure_password, xpack.security.http.ssl.truststore.algorithm]?
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:544) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:489) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:460) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:431) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:149) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.node.Node.<init>(Node.java:406) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.1.jar:7.10.1]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.1.jar:7.10.1]

is it okay?

Did you mean that you did not share the whole logs when I asked?

Anyway, this is the problem:

Caused by: java.lang.IllegalArgumentException: unknown setting [pack.security.http.ssl.keystore.path]

It should be xpack.security.http.ssl.keystore.path.

BTW this does not reflect the elasticsearch.yml file you shared.