ECE 2.1.0 ES Keystore Problem


(Rockybean) #1

Hi,
I'm testing elasticsearch keystorre feature on 2.1.0 but face a problem

I set one custom key by following api.

curl --request PATCH \
  --url https://*.*.*.*/api/v1/clusters/elasticsearch/c1ddddabc119455da62e9c3f965194f6/keystore \
  --header 'content-type: application/json' \
  --data '{
	"secrets": {
		"mykey": {
			"value": "test",
			"as_file": false
		}
	}
}'

I test on docker container and find the set key.

But when I restart the deployment, the es cannot start normally and has following error log.

[2019-02-01T11:54:09,784][WARN ][org.elasticsearch.bootstrap.ElasticsearchUncaughtExceptionHandler] [instance-0000000000] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown secure setting [mykey] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.6.0.jar:6.6.0]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.6.0.jar:6.6.0]
Caused by: java.lang.IllegalArgumentException: unknown secure setting [mykey] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:482) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:427) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:398) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:369) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:148) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.node.Node.<init>(Node.java:372) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.0.jar:6.6.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.0.jar:6.6.0]
	... 6 more

The es container keeps restarting. What is the problem about?


(Rockybean) #2

In Addition, once I delete the keystore config in deployment advanced config editor, the container can start normally.


(Alex Piggott) #3

I don't believe the "secure keystore" is an arbitrary KV store, it can be used to store specific secure settings as enumerated in the ES docs .. it will behave just like the ES YAML in terms of bootlooping if unexpected params are entered


(Rockybean) #4

Thanks for your explanation.

I just take keystore as an arbitrary KV store before :joy:


(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.