Elasticsearch does not work after security activation

Rodos · March 1, 2019, 6:18pm

CentOS 7 (VDS), ELK Stack Version 6.5.3, installed on a clean system.

I installed the ELK and made the basic settings.
I activated the trial, restarted, generated passwords interactively, and installed xpack.security.enabled: true.
After rebooting, Elasticsearch ends in error.
If I install xpack.security.enabled: false, then everything works fine, I don’t know where the error is...

Disabling iptables also has no effect.

Parameters that I changed in Elasticsearch.yml:

xpack.security.enabled: true
network.host: MyIP
http.port: 9200

Systemctl status elasticsearch:

Summary

● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2019-03-01 21:07:32 MSK; 2s ago
Docs: http://www.elastic.co
Process: 2781 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=78)
Main PID: 2781 (code=exited, status=78)

Mar 01 21:07:17 elk systemd[1]: Started Elasticsearch.
Mar 01 21:07:32 elk systemd[1]: elasticsearch.service: main process exited, code=exited, status=78/n/a
Mar 01 21:07:32 elk systemd[1]: Unit elasticsearch.service entered failed state.
Mar 01 21:07:32 elk systemd[1]: elasticsearch.service failed.

journalctl | grep elasticsearch*

Summary

Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["status","plugin:elasticsearch@6.5.3","info"],"pid":3632,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","admin"],"pid":3632,"message":"Request error, retrying\nPUT http://MyIP:9200/_template/.management-beats => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","admin"],"pid":3632,"message":"Request error, retrying\nHEAD http://MyIP:9200/ => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"No living connections"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"No living connections"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["status","plugin:elasticsearch@6.5.3","error"],"pid":3632,"state":"red","message":"Status changed from yellow to red - Unable to connect to Elasticsearch at http://MyIP:9200/.","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"error","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","process"],"pid":3632,"level":"error","error":{"message":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)","name":"UnhandledPromiseRejectionWarning","stack":"UnhandledPromiseRejectionWarning: Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)\n at emitWarning (internal/process/promises.js:65:17)\n at emitPendingUnhandledRejections (internal/process/promises.js:109:11)\n at process._tickCallback (internal/process/next_tick.js:190:7)"},"message":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"error","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","process"],"pid":3632,"level":"error","error":{"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)","name":"UnhandledPromiseRejectionWarning","stack":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)"},"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","data"],"pid":3632,"message":"Request error, retrying\nGET http://MyIP:9200/_xpack => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","data"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","data"],"pid":3632,"message":"No living connections"}

dadoonet · March 1, 2019, 6:35pm

You should share elasticsearch logs (formatted please as it's barely readable without code formatting).
If there are no logs at all it might indicate a formatting issue in your elasticsearch.yml file (like a space a tab...h

Rodos · March 1, 2019, 6:48pm

Where can I get these logs? And how to format them?

dadoonet · March 1, 2019, 7:05pm

In elasticsearch logs dir. it depends on how you installed it. Documentation says where they are depending on the package you installed.

Re format your code, logs or configuration files:

Use </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Rodos · March 1, 2019, 7:36pm

The problem was solved, it was necessary to include the parameter specified in the logs, I apologize for the inconvenience, I did not think to see /var/log/elasticsearch/, I thought that everything was written in journalctl... My mistake.

[1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

system · March 29, 2019, 7:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.