Bootstrap checks failed,

manu_john · October 26, 2021, 10:09am

Using this repository

Getting below error, as per the error checked the configuration and its all same as expected
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.

bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/Elasticsearch/logs/multi.log

Michael_Montgomery · November 8, 2021, 3:27pm

Mind posting your full Elasticsearch custom resource so we can better help debug your error?

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch

Thanks

bikeman · November 21, 2021, 9:26pm

Same error here!
Installed a cluster och four nodes (on separate centos 7 virtual machines)
Node-1: master
Node-2: data, master
Node-3: data
Node-4: ingest

All 4 nodes joined a cluster and kibana kicked in as expected.
BUT! when i proceeded with setup with a "minimu security for Elasicsearch"
Then in the first step Elasticsearch fails to start up.

`ERROR][o.e.b.Bootstrap ] [elk1] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]'

And now I'm in a loop.
If I enable xpack.security.transport.ssl then ES cluster wont start because I newer set up passwords and I can't set up passwords because ES refuse to start.

Please point me in the right direction here, what i'm i missing?

BTW, this is my Elasticsearch.yml settings (in short)
'cluster.name: virt-cluster
node.roles: [ master ]
node.name: Node-1
path.data: /var/lib/Elasticsearch
path.logs: /var/log/Elasticsearch
network.host: 192.168.1.21
discovery.seed_hosts: ["192.168.1.21", "192.168.1.22"]
#cluster.initial_master_nodes: ["Node-1", "Node-22"]
xpack.security.enabled: true'

The other nodes files are with the equal settings.

Michael_Montgomery · November 23, 2021, 7:04pm

Unfortunately, I cannot reproduce this.

❯ curl -u elastic:--redact-- -sk https://localhost:9200/_cluster/health\?pretty
{
  "cluster_name" : "testing-xpack",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Resource

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: testing-xpack
spec:
  version: 7.15.1
  nodeSets:
  - name: masters
    count: 3
    config:
      node.roles: ["master", "data"]
      node.store.allow_mmap: false
      xpack.security.enabled: true

With Eck 1.8.0. Could you please give a full reproducible steps to generate the error, that would greatly assist in debugging these types of errors. Thanks.

bikeman · November 24, 2021, 4:59pm

Hello,

I kind a found my way out of the loop!
I jumped directly to "basic security" and created certificates. After that the servers ware able to talk to each other and Elasticsearch started.
With ES up and running I runned ./bin/Elasticsearch-setup-password auto (jumped back to minimum security).

Maybe it was my fault to setup SSL/TLS on a formed cluster before putting sec on everything and that's why I was stuck in a loop. I should maybe do another way around?

However this worked for me.

Install 3-5 machines
Install ES, Kibana, Logstash, etc och your machines
Form a cluster
Set up basic security for the Elastic Stack
Set up minimal security for Elasticsearch
Set up basic security for the Elastic Stack plus secured HTTPS traffic

BTW
I hope my explanation help's someone, sorry for hijacking/borrowing a thread.

system · December 22, 2021, 4:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.