Hi i have installed elasticsearch using docker by using the link - https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls-docker.html and generated certs accordingly.
Q1 : I want to where will be the elasticsearch home directory ? I checked under usr/share/ there is no elasticsearch folder created.
Q2: So i placed certs in other folder and getting the below exception
es02 | "Caused by: java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"/apps/certs/ca/ca.crt\" \"read\")",
es02 | "at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]",
es02 | "at java.security.AccessController.checkPermission(AccessController.java:1042) ~[?:?]",
es02 | "at java.lang.SecurityManager.checkPermission(SecurityManager.java:408) ~[?:?]",
es02 | "at java.lang.SecurityManager.checkRead(SecurityManager.java:747) ~[?:?]",
es02 | "at sun.nio.fs.UnixChannelFactory.open(UnixChannelFactory.java:255) ~[?:?]",
es02 | "at sun.nio.fs.UnixChannelFactory.newFileChannel(UnixChannelFactory.java:143) ~[?:?]",
es02 | "at sun.nio.fs.UnixChannelFactory.newFileChannel(UnixChannelFactory.java:156) ~[?:?]",
es02 | "at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:217) ~[?:?]",
es02 | "at java.nio.file.Files.newByteChannel(Files.java:373) ~[?:?]",
es02 | "at java.nio.file.Files.newByteChannel(Files.java:424) ~[?:?]",
es02 | "at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]",
es02 | "at java.nio.file.Files.newInputStream(Files.java:158) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readCertificates(CertParsingUtils.java:93) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readCertificates(CertParsingUtils.java:86) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.PEMTrustConfig.createTrustManager(PEMTrustConfig.java:45) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
es02 | "at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$2(SSLService.java:426) ~[?:?]",
es02 | "at java.util.HashMap.forEach(HashMap.java:1333) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:423) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
es02 | "at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:143) ~[?:?]",
es02 | "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
es02 | "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
es02 | "at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
es02 | "at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
es02 | "at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
es02 | "at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]",
es02 | "at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]",
Below is my yml
version: '2.2'
services:
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
container_name: es02
environment:
- node.name=es02
- http.port=9205
- discovery.seed_hosts=es02
- cluster.initial_master_nodes=es02
- cluster.name=docker-cluster-test
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=trial
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=/apps/certs/es02/es02.key
- xpack.security.http.ssl.certificate_authorities=/apps/certs/ca/ca.crt
- xpack.security.http.ssl.certificate=/apps/certs/es02/es02.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- esdata01test:/opt/mad/tools/data1
#ports:
# - 9202:9202
networks:
- esnet
volumes:
esdata01test:
driver: local
networks:
esnet:
Please help me on this. Thanks!