ElasticSearch 8.7 initial single node setting fails

I get

elasticsearch-create-enrollment-token -s kibana
ERROR: Failed to determine the health of the cluster. Unexpected http status [401]

for

xpack:
  security:
    authc:
      realms:
        file:
          file1:
            order: 0
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
http.host: 0.0.0.0

on a single-node setting.

What's wrong?

Can you curl Elasticsearch directly?
Please share your Elasticsearch logs.

root:~/elasticsearch/cfg/certs# curl  --insecure --cacert ~/elasticsearch/cfg/certs/http_ca.crt -u elastic https://localhost:9200

Enter host password for user 'elastic':
{
  "name" : "b40literatur-test",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "xQ8VFfe2Ry-S3Z_ACgG4MA",
  "version" : {
    "number" : "8.7.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "09520b59b6bc1057340b55750186466ea715e30e",
    "build_date" : "2023-03-27T16:31:09.816451435Z",
    "build_snapshot" : false,
    "lucene_version" : "9.5.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

Log starts with

[2023-04-26T19:41:59,771][WARN ][stderr                   ] [b40literatur-test] Apr 26, 2023 7:41:59 PM org.apache.lucene.store.MemorySegmentIndexInputProvid
er <init>
[2023-04-26T19:41:59,781][INFO ][o.e.e.NodeEnvironment    ] [b40literatur-test] using [1] data paths, mounts [[/ (/dev/mapper/b40literatur--vg-root)]], net u
sable_space [26.6gb], net total_space [76.6gb], types [ext4]
[2023-04-26T19:41:59,782][INFO ][o.e.e.NodeEnvironment    ] [b40literatur-test] heap size [992mb], compressed ordinary object pointers [true]
[2023-04-26T19:41:59,900][INFO ][o.e.n.Node               ] [b40literatur-test] node name [b40literatur-test], node ID [Zc4SornfSqWdB0ryVUKkiw], cluster name
 [elasticsearch], roles [data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml, data_frozen, ingest, data_cold]
[2023-04-26T19:42:02,872][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [b40literatur-test] [controller/3302614] [Main.cc@123] controller (64 bit): Version 8.7.0
(Build e4e1c23721e58c) Copyright (c) 2023 Elasticsearch BV
[2023-04-26T19:42:03,093][INFO ][o.e.x.s.Security         ] [b40literatur-test] Security is enabled
[2023-04-26T19:42:04,368][INFO ][o.e.x.s.a.s.FileRolesStore] [b40literatur-test] parsed [2] roles from file [/etc/elasticsearch/roles.yml]
[2023-04-26T19:42:04,676][INFO ][o.e.x.s.InitialNodeSecurityAutoConfiguration] [b40literatur-test] Auto-configuration will not generate a password for the el
astic built-in superuser, as we cannot  determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-pass
word` tool to set the password for the elastic user.
[2023-04-26T19:42:04,968][INFO ][o.e.x.p.ProfilingPlugin  ] [b40literatur-test] Profiling is enabled
[2023-04-26T19:42:05,729][INFO ][o.e.t.n.NettyAllocator   ] [b40literatur-test] creating NettyAllocator with the following configs: [name=unpooled, suggested
_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=992mb}]
[2023-04-26T19:42:05,753][INFO ][o.e.i.r.RecoverySettings ] [b40literatur-test] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
[2023-04-26T19:42:05,797][INFO ][o.e.d.DiscoveryModule    ] [b40literatur-test] using discovery type [multi-node] and seed hosts providers [settings]
[2023-04-26T19:42:07,380][INFO ][o.e.n.Node               ] [b40literatur-test] initialized
[2023-04-26T19:42:07,381][INFO ][o.e.n.Node               ] [b40literatur-test] starting ...
[2023-04-26T19:42:07,397][INFO ][o.e.x.s.c.f.PersistentCache] [b40literatur-test] persistent cache index loaded
[2023-04-26T19:42:07,398][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [b40literatur-test] deprecation component started
[2023-04-26T19:42:07,518][INFO ][o.e.t.TransportService   ] [b40literatur-test] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:93
00}
[2023-04-26T19:42:07,888][WARN ][o.e.b.BootstrapChecks    ] [b40literatur-test] the default discovery settings are unsuitable for production use; at least on
e of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2023-04-26T19:42:07,890][INFO ][o.e.c.c.ClusterBootstrapService] [b40literatur-test] this node is locked into cluster UUID [xQ8VFfe2Ry-S3Z_ACgG4MA] and will
 not attempt further cluster bootstrapping
[2023-04-26T19:42:07,898][INFO ][o.e.c.c.ClusterBootstrapService] [b40literatur-test] no discovery configuration found, will perform best-effort cluster boot
strapping after [3s] unless existing master is discovered
[2023-04-26T19:42:08,064][INFO ][o.e.c.s.MasterService    ] [b40literatur-test] elected-as-master ([1] nodes joined)[_FINISH_ELECTION_, {b40literatur-test}{Z
c4SornfSqWdB0ryVUKkiw}{-LEmOhQfQTqI6xhEcXkDkw}{b40literatur-test}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.7.0} completing election], term: 12, version: 110
, delta: master node changed {previous [], current [{b40literatur-test}{Zc4SornfSqWdB0ryVUKkiw}{-LEmOhQfQTqI6xhEcXkDkw}{b40literatur-test}{127.0.0.1}{127.0.0
.1:9300}{cdfhilmrstw}{8.7.0}]}
[2023-04-26T19:42:08,114][INFO ][o.e.c.s.ClusterApplierService] [b40literatur-test] master node changed {previous [], current [{b40literatur-test}{Zc4SornfSq
WdB0ryVUKkiw}{-LEmOhQfQTqI6xhEcXkDkw}{b40literatur-test}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.7.0}]}, term: 12, version: 110, reason: Publication{term=1
2, version=110}
[2023-04-26T19:42:08,156][INFO ][o.e.r.s.FileSettingsService] [b40literatur-test] starting file settings watcher ...
[2023-04-26T19:42:08,167][INFO ][o.e.h.AbstractHttpServerTransport] [b40literatur-test] publish_address {193.174.113.160:9200}, bound_addresses {[::]:9200}
[2023-04-26T19:42:08,168][INFO ][o.e.n.Node               ] [b40literatur-test] started {b40literatur-test}{Zc4SornfSqWdB0ryVUKkiw}{-LEmOhQfQTqI6xhEcXkDkw}{b
40literatur-test}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.7.0}{xpack.installed=true, ml.allocated_processors_double=2.0, ml.max_jvm_size=1040187392, ml.all
ocated_processors=2, ml.machine_memory=2079178752}
[2023-04-26T19:42:08,171][INFO ][o.e.c.c.NodeJoinExecutor ] [b40literatur-test] node-join: [{b40literatur-test}{Zc4SornfSqWdB0ryVUKkiw}{-LEmOhQfQTqI6xhEcXkDk
w}{b40literatur-test}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.7.0}] with reason [completing election]
[2023-04-26T19:42:08,181][INFO ][o.e.r.s.FileSettingsService] [b40literatur-test] file settings service up and running [tid=58]
[2023-04-26T19:42:08,291][INFO ][o.e.l.LicenseService     ] [b40literatur-test] license [b6a91650-5997-4170-a128-2abf355c6d3a] mode [basic] - valid
[2023-04-26T19:42:08,292][INFO ][o.e.x.s.a.Realms         ] [b40literatur-test] license mode is [basic], currently licensed security realms are [reserved/res
erved,native/default_native,file/file1]
[2023-04-26T19:42:08,296][INFO ][o.e.g.GatewayService     ] [b40literatur-test] recovered [1] indices into cluster_state
[2023-04-26T19:42:08,624][INFO ][o.e.h.n.s.HealthNodeTaskExecutor] [b40literatur-test] Node [{b40literatur-test}{Zc4SornfSqWdB0ryVUKkiw}] is selected as the
current health node.
[2023-04-26T19:42:08,713][INFO ][o.e.c.r.a.AllocationService] [b40literatur-test] current.health="GREEN" message="Cluster health status changed from [RED] to
 [GREEN] (reason: [shards started [[.security-7][0]]])." previous.health="RED" reason="shards started [[.security-7][0]]"
[2023-04-26T19:42:11,301][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38670}
[2023-04-26T19:42:11,301][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38666}
[2023-04-26T19:42:11,309][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38686}
[2023-04-26T19:42:11,311][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38690}
[2023-04-26T19:42:16,223][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38706}
[2023-04-26T19:42:16,225][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38722}
[2023-04-26T19:42:16,227][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38730}
[2023-04-26T19:42:16,229][WARN ][o.e.h.n.Netty4HttpServerTransport] [b40literatur-test] received plaintext http traffic on an https channel, closing connecti
on Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:38742}

when the service is starting.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.