Config https for Elasticsearch 5.6

Derrick · December 14, 2017, 2:52pm

Hi,

we are upgrading our ES from 2 to 5.6, but cannot make https works, could someone can provide the config?

this is what we have in elasticsearcy.yml.

--------------------------------- XPack Config ------------------------------

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

xpack.security.enabled: true

xpack.ssl.keystore.path: /usr/share/elasticsearch/config/keystore.jks
xpack.ssl.keystore.password: password
xpack.ssl.keystore.key_password: password

xpack.ssl.truststore.path: /usr/share/elasticsearch/config/truststore.jks
xpack.ssl.truststore.password: changeit

xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

xpack.ssl.verification_mode: none
xpack.ssl.client_authentication: none

xpack.security.authc.realms:
realm1:
type: native
order: 3

realm2:
    type: file
    order: 1

realm3:
    type: ldap
    order: 2
    url: "ldap://ldap.service.consul"
    user_dn_templates:
        - "uid={0}, ou=ISS-FRNT OFFCE DEV-CLIENT SUPPORT CENTRE,o=Scotia Capital Markets,c=CA"
    #files:
    #  role_mapping: "/usr/share/elasticsearch/config/shield/ldap_role_mapping.yml"
    unmapped_groups_as_roles: false

dadoonet · December 14, 2017, 3:04pm

I moved this to #x-pack

Derrick · December 14, 2017, 3:32pm

now I am getting this error, please help, thanks

[2017-12-14T15:27:31,252][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [pxv-data1.dev.lbb4sd.333az.net] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchException[Failed to load plugin class [org.elasticsearch.xpack.XPackPlugin]]; nested: InvocationTargetException; nested: IllegalArgumentException[the [action.auto_create_index] setting value [.security,.monitoring*,.watches,.triggered_watches,.watcher-history*] is too restrictive. disable [action.auto_create_index] or set it to [.security,.security-6]];
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-5.6.4.jar:5.6.4]

dadoonet · December 14, 2017, 4:04pm

May be do what is written in the logs?

disable [action.auto_create_index] or set it to [.security,.security-6]

Derrick · December 20, 2017, 9:15pm

it doesn't work either.

dadoonet · December 20, 2017, 9:51pm

Exact same logs now?

Derrick · December 20, 2017, 10:02pm

Yes, same issue

dadoonet · December 20, 2017, 10:20pm

Can you share your config file, your logs?

Did you restart the nodes?

Derrick · December 20, 2017, 10:28pm

I share it in this thread, Failed to load xpackplugin, please help, urgent

Also es is being run in docker, so I restart docker.

Topic		Replies	Views
Failed to ADD xpack.security.http.ssl.enabled Elasticsearch elastic-stack-security	4	1969	November 11, 2018
ECE 2.4.2 - Error when we tried to configure elasticsearch.yml with xpack.security.http.ssl.keystore.path and xpack.security.http.ssl.truststore.path Elasticsearch elastic-stack-security , docker	4	1639	January 13, 2020
Unable to start elasticsearch after creating cert for http communication Elasticsearch elastic-stack-security	15	5716	May 3, 2019
Elasticsearch fails to start when xpack security is enabled Elasticsearch	3	1406	March 23, 2020
Elaticsearch 5 Xpack setup getting exception Elasticsearch	2	2155	July 6, 2017

Config https for Elasticsearch 5.6

--------------------------------- XPack Config ------------------------------

Related topics