Elasticsearch does not start CentOS7

vassiliy.vins · November 9, 2022, 1:40pm

my elasticsearch.yml looks like this right now -
cluster.name: my-application
node.name: dlx-prd-dal-search-11-p
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
xpack.security.enabled: 'true'

tatdat · November 9, 2022, 1:55pm

seem like you did not enable https in ES, try curl command with http instead of https in URL

leandrojmp · November 9, 2022, 1:59pm

So, you do not have https configured, you need then to make the request using http.

curl -X POST "http://your-es-host:9200/_security/service/elastic/kibana/credential/token/kibanatoken?pretty" -u elastic:PASSWORD

vassiliy.vins · November 9, 2022, 2:07pm

run with http instead of https got output

{
  "error" : "no handler found for uri [/_security/service/elastic/kibana/credential/token/kibanatoken?pretty] and method [POST]"
}

stephenb · November 9, 2022, 4:47pm

Hi @vassiliy.vins

If you did the default install your elasticsearch.yml would not look like this...

Simple question do you want security or not... above is something in between.

Do you Want Authentication and TLS on HTTPS and Transport

If you want NO security I can show you how to do that.

Also if you installed with security then you are trying to reduce / change that it will cause problemts...

So starting from the beginning What are Trying to Do?

a) Install Elasticsearch 8.x with Default Security Enable : This Means Authentication and TLS on HTTPS and Transport Layers

b) Install Elasticsearch 8.x with No security : No Auth No TLS

Seems like you are trying to do something in between.

vassiliy.vins · November 9, 2022, 4:51pm

OK, let's do from the very beginning
I removed previous installation and will go with new installation from scratch
I want to have full security - after testing on test bed it will go to production so I will need full security

vassiliy.vins · November 9, 2022, 4:55pm

I did
yum remove elasticsearch
yum remove kibana
and deleted all inside the elasticsearch and kibana folders in /etc and /usr/share
should I delete smth elase?

vassiliy.vins · November 9, 2022, 4:59pm

created elasticsearch.repo and kibana.repo

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

[kibana-8.x]
name=Kibana repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

I'm ready to install elasticsearch and kibana
should I go or need to verify smth else?

vassiliy.vins · November 9, 2022, 5:24pm

reinstalled elasticsearch and got message:

--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : r_rjljduM70YD27wPdrl

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with 
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with 
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with 
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

stephenb · November 9, 2022, 9:07pm

And?

Yes you need to delete the data directory... if not that will cause issues...

data The location of the data files of each index / shard allocated on the node. /var/lib/elasticsearch path.data

So I suspect you are not cleaning up the data directory

I will do a quick fresh install on CentOS and see what I see.

vassiliy.vins · November 9, 2022, 9:16pm

actually I cleaned /var/lib both for elasticsearch and kibana .
The message I provided exactly matches elasticsearch Docs after elasticsearch installation
now the question is - should I run the commands on this output? for enrollment token for Kibana and for Elasticsearch nodes?

stephenb · November 9, 2022, 9:45pm

Good Yes you want to

Start Elasticsearch
sudo systemctl start elasticsearch.service

Run this (sudo I think is missing in the instructions)
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Keep the token, it is good for 30 mins.

Then install Kibana ...

change in kibana.yml, only change I made so I could reach Kibana from another machine.

server.host: "0.0.0.0"

Start Kibana
sudo systemctl start kibana.service

Access Kibana in browser

Paste in the Enrollement Token

run per the docs

/usr/share/kibana/bin/kibana-verification-code

paste in the verification code and you should be good!

And you should be good to go!

vassiliy.vins · November 9, 2022, 10:21pm

Yes, everything works! thank you!!! now I can see message

n a production environment, it is recommended that you configure server.publicBaseUrl.

should I change this ?

stephenb · November 10, 2022, 12:41am

Your Call Yes you can if you like. If you are going to assign a DNS name etc you can do it when you do that, if you leave it as is it is no harm.

vassiliy.vins · November 21, 2022, 3:44pm

Hello!

could you provide a link in Docs to connect filebeat to logstash?

stephenb · November 21, 2022, 4:10pm

Please open a new topic when you have questions on filebeat and logstash

vassiliy.vins · November 21, 2022, 4:54pm

OK thnx

system · December 19, 2022, 4:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.