Calling Elastic search from remote server via https

Elastic Stack Elasticsearch
1

This works fine on local machine
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic: https://localhost:9200

This does not work remotely
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic: https://server.name.com:9200

The server won't start here is the configuration.

# ======================== Elasticsearch Configuration =========================
#
path.data: /var/lib/elasticsearch
#
path.logs: /var/log/elasticsearch
#
action.auto_create_index: ".ent-search-*-logs-*,-.ent-search-*,+*"
#
network.host: server.name.com
#
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.http.ssl.enabled: true
#
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
 enabled: true
 keystore.path: /etc/elasticsearch/certs/http.p12
#
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
 enabled: true
 verification_mode: certificate
 keystore.path: /etc/elasticsearch/certs/transport.p12
 truststore.path: /etc/elasticsearch/certs/transport.p12
#
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

This is the error message.

[2023-04-18T16:26:04,842][INFO ][o.e.p.PluginsService     ] [rofccs901a] loaded module [x-pack-text-structure]
[2023-04-18T16:26:04,842][INFO ][o.e.p.PluginsService     ] [rofccs901a] loaded module [x-pack-voting-only-node]
[2023-04-18T16:26:04,842][INFO ][o.e.p.PluginsService     ] [rofccs901a] loaded module [x-pack-watcher]
[2023-04-18T16:26:04,842][INFO ][o.e.p.PluginsService     ] [rofccs901a] loaded module [x-pack-write-load-forecaster]
[2023-04-18T16:26:04,842][INFO ][o.e.p.PluginsService     ] [rofccs901a] no plugins loaded
[2023-04-18T16:26:07,529][INFO ][o.e.e.NodeEnvironment    ] [rofccs901a] using [1] data paths, mounts [[/var (/dev/mapper/vg_system-lv_var)]], net usable_space [6.5gb], net total_space [9.7gb], types [ext4]
[2023-04-18T16:26:07,529][INFO ][o.e.e.NodeEnvironment    ] [rofccs901a] heap size [7.7gb], compressed ordinary object pointers [true]
[2023-04-18T16:26:07,693][INFO ][o.e.n.Node               ] [rofccs901a] node name [rofccs901a], node ID [Hdt100ybQqeo8xCaJLjnOQ], cluster name [elasticsearch], roles [ingest, data_frozen, ml, data_hot, transform, data_content, data_warm, master, remote_cluster_client, data, data_cold]
[2023-04-18T16:26:10,794][INFO ][o.e.x.s.Security         ] [rofccs901a] Security is enabled
[2023-04-18T16:26:11,030][INFO ][o.e.x.s.a.s.FileRolesStore] [rofccs901a] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
[2023-04-18T16:26:11,407][INFO ][o.e.x.s.InitialNodeSecurityAutoConfiguration] [rofccs901a] Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot  determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.
[2023-04-18T16:26:11,484][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [rofccs901a] [controller/28992] [Main.cc@123] controller (64 bit): Version 8.6.2 (Build 0d41528b670ce1) Copyright (c) 2023 Elasticsearch BV
[2023-04-18T16:26:12,057][INFO ][o.e.t.n.NettyAllocator   ] [rofccs901a] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]
[2023-04-18T16:26:12,087][INFO ][o.e.i.r.RecoverySettings ] [rofccs901a] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b                                           ]
[2023-04-18T16:26:12,135][INFO ][o.e.d.DiscoveryModule    ] [rofccs901a] using discovery type [multi-node] and seed hosts providers [settings]
[2023-04-18T16:26:13,456][INFO ][o.e.n.Node               ] [rofccs901a] initialized
[2023-04-18T16:26:13,457][INFO ][o.e.n.Node               ] [rofccs901a] starting ...
[2023-04-18T16:26:13,475][INFO ][o.e.x.s.c.f.PersistentCache] [rofccs901a] persistent cache index loaded
[2023-04-18T16:26:13,476][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [rofccs901a] deprecation component started
[2023-04-18T16:26:13,562][INFO ][o.e.t.TransportService   ] [rofccs901a] publish_address {rofccs901a.mayo.edu/10.146.73.221:9300}, bound_addresses {10.146.73.221:9300}
[2023-04-18T16:26:14,332][INFO ][o.e.b.BootstrapChecks    ] [rofccs901a] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2023-04-18T16:26:14,355][INFO ][o.e.n.Node               ] [rofccs901a] stopping ...
[2023-04-18T16:26:14,406][INFO ][o.e.n.Node               ] [rofccs901a] stopped
[2023-04-18T16:26:14,406][INFO ][o.e.n.Node               ] [rofccs901a] closing ...
[2023-04-18T16:26:14,424][INFO ][o.e.n.Node               ] [rofccs901a] closed
[2023-04-18T16:26:14,426][INFO ][o.e.x.m.p.NativeController] [rofccs901a] Native controller process has stopped - no new native processes can be started
2

There is no error there, and from what I can see Elasticsearch is starting up and running fine until something asks it to shutdown.

1 Like
3

Actually I don't think so. The http REST layer does not start. Only the Transport Layer started:

publish_address {rofccs901a.mayo.edu/10.146.73.221:9300}, bound_addresses {10.146.73.221:9300}

But indeed there is no error message which looks wrong...

4

Yep you're right, I missed that part. But it's still starting up before it's asked to shutdown.

5

Is there anything in the configuration missing?
Also role.yml is empty should there be something in there?

6

What could possible ask it to shut down? Permissions issue?

7

There's no errors in your logs, so no.

8

From systemd journal

-- Subject: Unit elasticsearch.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit elasticsearch.service has begun starting up.
Apr 18 17:48:26 rofccs901a systemd-entrypoint[116624]: bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.see
Apr 18 17:48:26 rofccs901a systemd-entrypoint[116624]: ERROR: Elasticsearch did not exit normally - check the logs at /var/log/elasticsearch/elasticsearch.log
Apr 18 17:48:28 rofccs901a systemd-entrypoint[116624]: ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
Apr 18 17:48:28 rofccs901a systemd[1]: elasticsearch.service: main process exited, code=exited, status=78/n/a
Apr 18 17:48:28 rofccs901a systemd[1]: Failed to start Elasticsearch.
-- Subject: Unit elasticsearch.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit elasticsearch.service has failed.
--
-- The result is failed.
9

If I remove this from the elastic.yml file then Elasticsearch starts fine but then I can't do a remote curl.

network.host: server.name.com
10

Could you try with the ip address instead of the name?

11

ok, I did change it to IP address and get then same error message. But this time I noticed this error message

systemd-entrypoint[72712]: bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

This is the first time I am starting Elastic search with the network.host set. This is a single instance of Elastic Search and I am not setting up a cluster.
Is this my issue? What yml settings should I add? Thanks

12

Is there verbose logging that could be done.

13

It sounds like you want to set the node into single-node discovery:

1 Like
14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.