Creating processor [set_security_user] (tag [null]) on field [_security] but authentication is not currently enabled

Logs are filled every 4 minutes with below message on a test server and there is no help on this. I am fairly new to this and wouldn't have edited any files to a big extent. There is another thread on here (discuss.elastic.co) that is closed that got the same warn, but had no successful conclusion.

Creating processor [set_security_user] (tag [null]) on field [_security] but authentication is not currently enabled on this cluster - this processor is likely to fail at runtime if it is used

My recommendation is to enable security for you cluster. Security is a free feature. It is automatically enabled with v8.0 or higher. Or you can manually configured it for previous versions.

The documentation is largely not working for me as far as I can see:

run the elasticsearch-reset-password tool.

OK I can get a password, but what do I do then?

bin/elasticsearch-create-enrollment-token -s kibana --url "https://127.0.0.1:9200"

ERROR: [xpack.security.enrollment.enabled] must be set to `true` to create an enrollment token

Do I enter this in Elasticsearch.yml

bin/elasticsearch-create-enrollment-token -s kibana --url "https://127.0.0.1:9200"

ERROR: Failed to determine the health of the cluster.

Do I try the other thing suggested on

bin/elasticsearch-create-enrollment-token -s node
Unable to create enrollment token for scope [node]

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore
bin/elasticsearch-create-enrollment-token -s kibana
Unable to create enrollment token for scope [kibana]

then it claims somewhere I have a cert directory in /etc/Elasticsearch

I don't have that directory.

Do I generate ca or http

and put it in /etc/Elasticsearch/certs
nothing changes

besides that to get a working system now I have to set

xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl.enabled: false

to get back to where I started.

I am on Ubuntu 20.04 LTS and I think I installed this via apt.

As I newbie, you give me some choices, I don't understand the difference.

Do you have some form of tldr like certbot?

These days there are 100s of programs, security updates, mails, tweets etc etc.

The whole attraction of a ready made system is to save time. Otherwise one can program it one self.

Most videos etc is for < 8.2 and one spends already a considerable amount of time chasing the changes. Security that is complicated to install is by default insecure.

I also checked out this thread

I assume you are using Elasticsearch 8.2+. When installing it on ubuntu with the pacakge manager, security is auto-configured at installation time (doc).

Since you had security disabled, I guess it's either because the installation was not a fresh install or you manually disabled security after installation.

Depending on how criticial the system is, you can either:

  1. Retry with a fresh installation then follow the instruction printed on the terminal at installation time
  2. Or you will have to configure security manually with the existing installation.

For 2, you'll have to let go the enrollment-token approach since it is designed to help auto-configuration while you are doing it manually. Please follow this page to enable basic security and followed by this one to enable TLS communication between ES and Kibana.

Using Elasticsearch 8.2.3 with Docker I get the same problem. I am stuck to this error :

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore

The documentation is not working for me as well and I find Elasticsearch 8. a lot more complex to configure than version 7.

To get the following error, I had to generate P12 keystore certificates. But that's an error as well...

ERROR: Unable to create an enrollment token for Kibana. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate
1 Like

Generally this is a test system.

Reinstalling everything seems to have worked.

In the beginning as a newbie, going off < 8.x installs manuals on the web, one has no clue that this exists at all.

It looks more like a bug : I use docker containers so the state is "reinitialized" at each run. This is a bug in the code, or a missing requirement in the documentation.

Well maybe I run into this again.

In the moment, I am trying the whole switch on switch off routine with some weird error in metric beat, before in logstash.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.