Elasticsearch doesn't start anymore after x-pack settings

(bus) #1

Hello, I try to install X-pack in ElasticSearch following this link : https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html

When I add these 5 lines (See photo) to my elasticsearch.yml configuration file, elasticsearch crashes when it restarts (see photo). If I uncomment these lines, it works properly

elasticsearch.yml :

service fail to load :

I don't understand this issue because I think I did the right thing :

bin/x-pack/certutil ca
output file : elastic-stack-ca.p12
password for this file : test

bin/x-pack/certutil cert --ca elastic-stack-ca.p12
desired output file : cert.p12
password for this file : test

And i've finally copyed elastic-stack-ca.p12 and cert.p12 into /etc/elasticsearch/certs.


This is the issue on elasticsearch log :

[2018-02-09T10:24:07,081][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-6.2.0.jar:6.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-6.2.0.jar:6.2.0]
Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:543) ~[elasticsearch-6.2.0.jar:6.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:485) ~[elasticsearch-6.2.0.jar:6.2.0]
... 6 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
... 6 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:72) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:412) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:448) ~[?:?]
... 6 more
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/certs/cert.p12
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214) ~[?:?]

Someone could help me ?

(Mark Harwood) #2

Moved to the x-pack forum

(Tim Vernum) #3

Please provide configuration files and log messages as text, not screenshots.

What are the permissions on the /etc/elasticsearch/certs/cert.p12 file?

(bus) #4

I just add chown 666 and it's good ! thx u :smiley:

(Alexander Reelsen) #5

great you got it working!

you should probably not make it writable for everyone, though. Or even readable, and just allow the elasticsearch user to read it!

(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.