Hi,
I'm trying to setup a new cluster with the official Ansible playbook, which I have done in previous versions 7.7 okay. However I'm trying to create another test cluster on 7.8.1 with security enabled, and the basic licence and hitting a bit of a roadblock.
The bootstrap.password is getting set correctly in the keystore with the correct password and when I manually list the contents of the keystore I can see bootstrap.password, and keystore.seed. When I try to access the elastic user via the HTTP API via the /_cluster/health endpoint I get a 401 response. The only logs are:
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
I can however use the elasticsearch-setup-passwords utility to set the passwords manually, but I'd like the initial setup to be automated using the bootstrap.password.
Here is my elasticsearch.yml
cluster.initial_master_nodes:
- test-01
- test-02
cluster.name: logging-test
discovery.seed_hosts:
- test-01
- test-02
http.port: 9200
logger._root: debug
network.host: test-02
node.data: true
node.ingest: true
node.master: true
node.name: test-02
transport.port: 9300
xpack.monitoring.collection.enabled: true
xpack.security.authc.realms:
native:
native1:
order: 0
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.key: /etc/elasticsearch/certs/test-02.key
xpack.security.http.ssl.key_passphrase: removed
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/test-02.key
xpack.security.transport.ssl.key_passphrase: removed
xpack.security.transport.ssl.verification_mode: none
#################################### Paths ####################################
# Path to directory containing configuration (this file and logging.yml):
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
action.auto_create_index: true
xpack.security.enabled: true