Bootstrap checks failed,

Using this repository

Getting below error, as per the error checked the configuration and its all same as expected
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.

bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/Elasticsearch/logs/multi.log

Mind posting your full Elasticsearch custom resource so we can better help debug your error?

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch

Thanks

Same error here!
Installed a cluster och four nodes (on separate centos 7 virtual machines)
Node-1: master
Node-2: data, master
Node-3: data
Node-4: ingest

All 4 nodes joined a cluster and kibana kicked in as expected.
BUT! when i proceeded with setup with a "minimu security for Elasicsearch"
Then in the first step Elasticsearch fails to start up.

`ERROR][o.e.b.Bootstrap ] [elk1] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]'

And now I'm in a loop.
If I enable xpack.security.transport.ssl then ES cluster wont start because I newer set up passwords and I can't set up passwords because ES refuse to start.

Please point me in the right direction here, what i'm i missing?

BTW, this is my Elasticsearch.yml settings (in short)
'cluster.name: virt-cluster
node.roles: [ master ]
node.name: Node-1
path.data: /var/lib/Elasticsearch
path.logs: /var/log/Elasticsearch
network.host: 192.168.1.21
discovery.seed_hosts: ["192.168.1.21", "192.168.1.22"]
#cluster.initial_master_nodes: ["Node-1", "Node-22"]
xpack.security.enabled: true'

The other nodes files are with the equal settings.

Unfortunately, I cannot reproduce this.

❯ curl -u elastic:--redact-- -sk https://localhost:9200/_cluster/health\?pretty
{
  "cluster_name" : "testing-xpack",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Resource

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: testing-xpack
spec:
  version: 7.15.1
  nodeSets:
  - name: masters
    count: 3
    config:
      node.roles: ["master", "data"]
      node.store.allow_mmap: false
      xpack.security.enabled: true

With Eck 1.8.0. Could you please give a full reproducible steps to generate the error, that would greatly assist in debugging these types of errors. Thanks.

Hello,

I kind a found my way out of the loop!
I jumped directly to "basic security" and created certificates. After that the servers ware able to talk to each other and Elasticsearch started.
With ES up and running I runned ./bin/Elasticsearch-setup-password auto (jumped back to minimum security).

Maybe it was my fault to setup SSL/TLS on a formed cluster before putting sec on everything and that's why I was stuck in a loop. I should maybe do another way around?

However this worked for me.

  1. Install 3-5 machines
  2. Install ES, Kibana, Logstash, etc och your machines
  3. Form a cluster
  4. Set up basic security for the Elastic Stack
  5. Set up minimal security for Elasticsearch
  6. Set up basic security for the Elastic Stack plus secured HTTPS traffic

BTW
I hope my explanation help's someone, sorry for hijacking/borrowing a thread.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.