All:
I am having the same error as described in this post:
In my log file I get the following:
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - access to read truststore file [/etc/pki/java/truststore.jks] is blocked; SSL resources should be placed in the [/etc/elasticsearch/dspc] directory
Followed by:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/pki/java/truststore.jks" "read")
However the elasticsearch user should have permissions to the file as shown below:
[root@dspcnode04 dspc]# ls -alt /etc/pki/java total 60 drwxr-xr-x+ 15 root root 195 May 28 15:48 .. drwxr-xr-x. 2 root root 83 May 28 15:48 . -rw-r--r-- 1 root root 2467 May 28 15:48 keystore.jks -rw-r--r-- 1 root root 3992 May 28 15:48 keystore.p12 -rw-r--r-- 1 root root 53152 May 28 15:39 truststore.jks lrwxrwxrwx. 1 root root 40 May 25 20:39 cacerts -> /etc/pki/ca-trust/extracted/java/cacerts
Add to this I can run the command:
su elasticsearch -c 'cat /etc/pki/java/truststore.jks'
And see the file. The other posts I have found similar offer no help.
I am installing this ES on an existing cluster and need to use the existing certificates and trust/key stores.
I have looked through the tutorial and not found anything helpful.
Any idea on how to even approach debugging this?
UPDATE:
I have just tried the following:
-
Linking the jks files in /etc/pki/java to /etc/elasticsearch/dspc and changing the elasticsearch.yml file to point to /etc/elasticsearch/dspc. ----- That did not work.
-
I copied the jks files to /etc/elasticsearch/dspc , left the ownership and permissions (root, 644) the same and had the elasticsearch.yml file point to them. ---- That did work.
So now my updated question:
Why does Elasticsearch 7.4 require the files to be in the configuration directory??