Bootstrap.password not working

Elastic Stack Elasticsearch
1

Hi,

I'm trying to setup a new cluster with the official Ansible playbook, which I have done in previous versions 7.7 okay. However I'm trying to create another test cluster on 7.8.1 with security enabled, and the basic licence and hitting a bit of a roadblock.

The bootstrap.password is getting set correctly in the keystore with the correct password and when I manually list the contents of the keystore I can see bootstrap.password, and keystore.seed. When I try to access the elastic user via the HTTP API via the /_cluster/health endpoint I get a 401 response. The only logs are:
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

I can however use the elasticsearch-setup-passwords utility to set the passwords manually, but I'd like the initial setup to be automated using the bootstrap.password.

Here is my elasticsearch.yml

    cluster.initial_master_nodes:
    - test-01
    - test-02
    cluster.name: logging-test
    discovery.seed_hosts:
    - test-01
    - test-02
    http.port: 9200
    logger._root: debug
    network.host: test-02
    node.data: true
    node.ingest: true
    node.master: true
    node.name: test-02
    transport.port: 9300
    xpack.monitoring.collection.enabled: true
    xpack.security.authc.realms:
      native:
    native1:
      order: 0
    xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
    xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
    xpack.security.http.ssl.enabled: false
    xpack.security.http.ssl.key: /etc/elasticsearch/certs/test-02.key
    xpack.security.http.ssl.key_passphrase: removed
    xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
    xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.key: /etc/elasticsearch/certs/test-02.key
    xpack.security.transport.ssl.key_passphrase: removed
    xpack.security.transport.ssl.verification_mode: none




    #################################### Paths ####################################

    # Path to directory containing configuration (this file and logging.yml):

    path.data: /var/lib/elasticsearch

    path.logs: /var/log/elasticsearch


    action.auto_create_index: true

    xpack.security.enabled: true
2

I managed to fix this by removing the xpack.security.authc.realms setting as I don't need it for my basic instance. I'm not really sure why this works, however I tried adding the file realm to no effect. I tried adding a "reserved" realm but then Elastic wouldn't start so I'm not sure what the correct fix is here if it was required.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.