Can not run elastic after add keystore

AayushPatel · August 10, 2020, 6:31am

Hi
Recently trying to use elasticsearch keystore
when I trying to restart elastic service when a new key added like "mypassword" to created elasticsearch.keystore, got a weird error

Aug 10 10:08:04 debian elasticsearch[10961]: uncaught exception in thread [main]
Aug 10 10:08:04 debian elasticsearch[10961]: java.lang.IllegalArgumentException: unknown secure setting [mypassword] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:532)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:477)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:448)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:419)

any help grateful

warkolm · August 10, 2020, 6:36am

Please share the full commands you ran and their output.

AayushPatel · August 10, 2020, 11:43am

/usr/share/elasticsearch/bin/elasticsearch-keystore add mypassword

to add a value to elasticsearch.keystore
since I login as root then I type

chown root:elasticsearch /etc/elasticsearch/elasticsearch.keystore
chmod 660 /etc/elasticsearch/elasticsearch.keystore

after that, the above error appear

TimV · August 10, 2020, 1:05pm

There seems to be some confusion here.

The Elasticsearch Keystore is not a general purpose container for secrets. It is an extension of the Elasticsearch configuration mechanism for settings that should be secret. Therefore, it can only be used to store specific values that Elasticsearch expects find there.

Since mypassword is not a recognised setting in Elasticsearch, adding it to the keystore is an error.

AayushPatel · August 10, 2020, 7:08pm

do you have any reference?
Can't find anything about it
even here
https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-keystore.html

TimV · August 10, 2020, 11:56pm

That document is a command line reference. It explains how to use the tool.
If you follow the secure settings link at the top of that page you get to a reference on secure settings that says:

Only some settings are designed to be read from the keystore. However, the keystore has no validation to block unsupported settings. Adding unsupported settings to the keystore causes Elasticsearch to fail to start.

AayushPatel · August 31, 2020, 3:46am

thanks

system · September 28, 2020, 3:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to start elasticsearch after add keystore on RHEL7 Elastic Security	5	1226	November 4, 2022
I'm facing .elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: you cannot specify a keystore and key file Elasticsearch	5	289	February 12, 2024
Elasticsearch x-paxk error Elasticsearch	2	544	February 15, 2022
Elasticsearch not starting problem Elasticsearch windows	3	1398	August 11, 2021
Elastic wont start - java.io.IOException: keystore password was incorrect Elasticsearch elastic-stack-security	5	8300	November 21, 2019

Can not run elastic after add keystore

Related Topics