Version: Elasticsearch and kibana on version 8.13.4
Environment: Minikube.
While setting up xpack.security, getting following errors.
Logs from kibana pod:
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["warning","plugins","security","config"],"pid":38,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["warning","plugins","reporting","config"],"pid":38,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","plugins","ruleRegistry"],"pid":38,"message":"Write is disabled; not installing common resources shared between all indices"}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","plugins","ruleRegistry"],"pid":38,"message":"Write is disabled; not installing resources for index .alerts-observability.uptime.alerts"}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","plugins","ruleRegistry"],"pid":38,"message":"Write is disabled; not installing resources for index .alerts-observability.logs.alerts"}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","plugins","ruleRegistry"],"pid":38,"message":"Write is disabled; not installing resources for index .alerts-observability.metrics.alerts"}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","plugins","ruleRegistry"],"pid":38,"message":"Write is disabled; not installing resources for index .alerts-observability.apm.alerts"}
{"type":"log","@timestamp":"2024-09-09T14:35:51+00:00","tags":["info","savedobjects-service"],"pid":38,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-09-09T14:35:53+00:00","tags":["error","savedobjects-service"],"pid":38,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 127.0.0.1:9200"}
Extracted elastic-ssl-http.zip:
elasticsearch@elasticsearch-0:~$ unzip elasticsearch-ssl-http.zip -d .
Archive: elasticsearch-ssl-http.zip
creating: ./elasticsearch/
inflating: ./elasticsearch/README.txt
inflating: ./elasticsearch/http.p12
inflating: ./elasticsearch/sample-elasticsearch.yml
creating: ./kibana/
inflating: ./kibana/README.txt
inflating: ./kibana/elasticsearch-ca.pem
inflating: ./kibana/sample-kibana.yml
Logs from elasticsearch pod:
Elasticsearch error: Error: Read-only file system
elasticsearch@elasticsearch-0:~$ ./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
The elasticsearch keystore does not exist. Do you want to create it? [y/N]y
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp: Read-only file syste
m
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:261)
at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:482)
at java.base/java.nio.file.Files.newOutputStream(Files.java:227)
Unable to chmod on /usr/share/elasticsearch/config/ or /mnt/ folders
elasticsearch@elasticsearch-0:~$ chmod 755 /usr/share/elasticsearch/config/
chmod: changing permissions of '/usr/share/elasticsearch/config/': Read-only file system
elasticsearch@elasticsearch-0:~$ chmod 755 /mnt/
chmod: changing permissions of '/mnt/': Operation not permitted
Using securityContext as:
securityContext:
fsGroup: 1000
Read-only file system error adding password for private key.
elasticsearch@elasticsearch-0:~$ ./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
The elasticsearch keystore does not exist. Do you want to create it? [y/N]y
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp: Read-on
ly file system
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
How to set file permissions to folders in pods from container images in minikube.