Elasticsearch does not work after security activation

(Rodos) #1

CentOS 7 (VDS), ELK Stack Version 6.5.3, installed on a clean system.

I installed the ELK and made the basic settings.
I activated the trial, restarted, generated passwords interactively, and installed xpack.security.enabled: true.
After rebooting, Elasticsearch ends in error.
If I install xpack.security.enabled: false, then everything works fine, I don’t know where the error is...

Disabling iptables also has no effect.

Parameters that I changed in Elasticsearch.yml:

xpack.security.enabled: true
network.host: MyIP
http.port: 9200

Systemctl status elasticsearch:

Summary

● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2019-03-01 21:07:32 MSK; 2s ago
Docs: http://www.elastic.co
Process: 2781 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=78)
Main PID: 2781 (code=exited, status=78)

Mar 01 21:07:17 elk systemd[1]: Started Elasticsearch.
Mar 01 21:07:32 elk systemd[1]: elasticsearch.service: main process exited, code=exited, status=78/n/a
Mar 01 21:07:32 elk systemd[1]: Unit elasticsearch.service entered failed state.
Mar 01 21:07:32 elk systemd[1]: elasticsearch.service failed.

journalctl | grep elasticsearch*

Summary

Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["status","plugin:elasticsearch@6.5.3","info"],"pid":3632,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","admin"],"pid":3632,"message":"Request error, retrying\nPUT http://MyIP:9200/_template/.management-beats => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","admin"],"pid":3632,"message":"Request error, retrying\nHEAD http://MyIP:9200/ => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"No living connections"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","admin"],"pid":3632,"message":"No living connections"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["status","plugin:elasticsearch@6.5.3","error"],"pid":3632,"state":"red","message":"Status changed from yellow to red - Unable to connect to Elasticsearch at http://MyIP:9200/.","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"error","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","process"],"pid":3632,"level":"error","error":{"message":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)","name":"UnhandledPromiseRejectionWarning","stack":"UnhandledPromiseRejectionWarning: Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)\n at emitWarning (internal/process/promises.js:65:17)\n at emitPendingUnhandledRejections (internal/process/promises.js:109:11)\n at process._tickCallback (internal/process/next_tick.js:190:7)"},"message":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"error","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","process"],"pid":3632,"level":"error","error":{"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)","name":"UnhandledPromiseRejectionWarning","stack":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickCallback (internal/process/next_tick.js:181:9)"},"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["error","elasticsearch","data"],"pid":3632,"message":"Request error, retrying\nGET http://MyIP:9200/_xpack => connect ECONNREFUSED MyIP:9200"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","data"],"pid":3632,"message":"Unable to revive connection: http://MyIP:9200/"}
Mar 01 21:11:16 elk kibana[3632]: {"type":"log","@timestamp":"2019-03-01T18:11:16Z","tags":["warning","elasticsearch","data"],"pid":3632,"message":"No living connections"}

(David Pilato) #2

You should share elasticsearch logs (formatted please as it's barely readable without code formatting).
If there are no logs at all it might indicate a formatting issue in your elasticsearch.yml file (like a space a tab...h

1 Like
(Rodos) #3

Where can I get these logs? And how to format them?

(David Pilato) #4

In elasticsearch logs dir. it depends on how you installed it. Documentation says where they are depending on the package you installed.

Re format your code, logs or configuration files:

Use </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

1 Like
(Rodos) #5

The problem was solved, it was necessary to include the parameter specified in the logs, I apologize for the inconvenience, I did not think to see /var/log/elasticsearch/, I thought that everything was written in journalctl... My mistake.

[1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
(system) closed #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.