Cannot install a [platinum] license unless TLS is configured or security is disabled

(Harry) #1

Hi

i couldnt able to update platinum license on the kibana console. shows * Error encountered uploading license: Cannot install a [GOLD] license unless TLS is configured or security is disabled

so i tried to generate certs in elasticsearch server. my configuration below:

discovery.seed_hosts: ["192.168.x.x", "192.168.x.x", "192.168.x.x"]
cluster.initial_master_nodes: ["192.168.x.x", "192.168.x.x", "192.168.x.x"]
#xpack.security.enabled: true

xpack.ssl.key: /etc/elasticsearch/certs/elastic/elastic.key
xpack.ssl.certificate: /etc/elasticsearch/certs/elastic/elastic.crt
xpack.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca/ca.crt" ]
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

restart the elasticsearch service , failed to start.

elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2019-05-16 04:33:04 +08; 3min 58s ago
Docs: http://www.elastic.co
Process: 10270 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 10270 (code=exited, status=1/FAILURE)

May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.cli.Command.main(Command.java:90)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
May 16 04:33:04 elk-tst1 elasticsearch[10270]: Refer to the log for complete error details.
May 16 04:33:04 elk-tst1 systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
May 16 04:33:04 elk-tst1 systemd[1]: Unit elasticsearch.service entered failed state.
May 16 04:33:04 elk-tst1 systemd[1]: elasticsearch.service failed.

can help out , what i did wrong...

thanks

(Tim Vernum) #2

Please always include your Elasticsearch version (run elasticsearch --version) in your posts. Knowing which version we're dealing with helps a lot.

You need to check your elasticsearch log file. The service logs will not contain enough information to diagnose the problems.

(Harry) #3

version: elasticsearch-7.0.0-1.x86_64

after changing the file permission to 770 (elastic-certificates.p12) it works.

thanks

(Harry) #4

Hi

after i copied "elastic-certificates.p12" from elasticsearch node1 to elasticsearch node 2 server. elasticsearch clustering doesnt work.
each elastic servers running individually. doesnt communicate each other.

other options i tried on the elasticsearch node2 server. generate node cert and restart elasticsearch service. still the same.

is there anything i missed out...

thanks

(Tim Vernum) #5

Since you haven't provided a list of the exact steps you followed, it's impossible for us to say.

If you want assistance, then it is in your interests to provide all necessary information so that we can try and work out what's going wrong. We need things like:

  • Copies of any error message
  • Relevant samples from log files
  • A precise list of steps that you took
(Harry) #6

elasticsearch node1 logs:
[2019-05-17T01:45:56,792][WARN ][o.e.c.c.ClusterFormationFailureHelper] [node-1] master not discovered or elected yet, an election requires a node with id [CSUtQdiGRN2ojeOE87-XQw], have discovered [{node-2}{CSUtQdiGRN2ojeOE87-XQw}{OQOPYaLFS4-olmyCvcvkjg}{192.168.x.x}{192.168.x.x:9300}{ml.machine_memory=1912078336, ml.max_open_jobs=20, xpack.installed=true}] which is a quorum; discovery will continue using [192.168.x.x:9300] from hosts providers and [{node-1}{TwzkNUqhQFWBYxf-gVEqBw}{bttbwCP1T2Cvv_uC82zmyw}{192.168.x.x}{192.168.136.155:9300}{ml.machine_memory=1912078336, xpack.installed=true, ml.max_open_jobs=20}] from last-known cluster state; node term 22, last-accepted version 30 in term 18

elasticsearch node2 log:

[2019-05-17T01:38:27,600][INFO ][o.e.c.s.ClusterApplierService] [node-2] added {{node-1}{TwzkNUqhQFWBYxf-gVEqBw}{bttbwCP1T2Cvv_uC82zmyw}{192.168.x.x}{192.168.136.155:9300}{ml.machine_memory=1912078336, ml.max_open_jobs=20, xpack.installed=true},}, term: 22, version: 1431, reason: Publication{term=22, version=1431}
[2019-05-17T01:38:27,659][WARN ][o.e.g.G.InternalReplicaShardAllocator] [node-2] [.kibana_task_manager][0]: failed to list shard for shard_store on node [TwzkNUqhQFWBYxf-gVEqBw]

elasticsearch cluster couldnt able to discover master node.