I have successfully configured minimal security in my environment and am now moving on to Basic, so that I can use fleet and SIEM. Version of Elastic I am using is 7.13.4, on a RHEL 8.0 server. I only have 1 Elasticsearch server and am wondering if I need to create a CA or can I by-pass this step in configuring the Basic security?
Thank you in advance for your support.
You will need it for Fleet, as well as using API Key Tokens elsewhere in the system.
Continuation on the Basic security configuration. I have gone through all the steps detailed in the following article: Basic Security Configuration
I checked and double checked my code as I entered it in the command line to ensure that no spelling errors or items were missed. Now When I start the Elasticsearch service I am unable to if the keystore and truststore paths are not rem'd out in the Elasticsearch.yml file.
If you'd like help then you're going to need to provide the details of the errors from your logs.
Otherwise we're only going to be guessing at what went wrong.
Thank you Tim. When I start the service after enabling the keystore and truststore paths in the Elasticsearch,yml file and then check the Elasticsearch.log file I see alot of informational lines and nothing that is an error. Here are some of the lines that I find interesting.
JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xsslm, -Djava.awt.headkess=true, -Dfile.encoding=UTF-8, Djna.nosys=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI.COMPAT, --add-opens=java.base/java.io=ALL-UNAMED, -XX:+UseGIGC, -Djava.io.tmp/elasticsearch-5125581821760876765, -XX:+HeapDumpOnOutOf MemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XXErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, Xlog:gc* ,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms7915m, -XX:MaxDirectMemorySize=4150263808, -XS:GiHeapRegionSize=4m, -XX:InitatingHeapOccupancyPercent=30, --XX:GiReservePercent=15, Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-10-18T07:7:57:00,631][INFO][o.e.p.PluginService ] [machine_name.localdomain] loaded module ......
I hope that can help to narrow down what is going on. As mentioned there is nothing that comes out and shows an [ERROR] all lines are [INFO]
Thanks for your help.
What makes you think there's a problem?
Earlier you said:
But you also say:
So, what are you seeing that makes you think you have a problem?
Well I feel that we have an error or problem because I cannot start the Elasticsearch service when I have the xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 and/or xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 enabled in my Elasticsearch.yml file,
Am I mistaken? When I look at the /var/log/Elasticsearch/Elasticsearch.log file it shows that the Basic Security it enabled.
I can't help without more details.
If there's nothing in the logs that says there is a problem, how did you determine that you can't start the Elasticsearch service? Do you get an error somewhere? What does that error say?
If you're looking for help, then exact details matter.
To answer your question Tim. I wasn't able to find any errors, all I knew is that when i enabled the Keystore and Truststore certificates and the attempted to start the Elasticsearch service it would time out and not start.
I have since kept those two lines disabled in the yml file and carried on with my installation. Everything seems to be working fine at the moment.
Thank you for your replies.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.