Elasticsearch is not starting after installing X-Pack

itspecialistsimon · February 7, 2018, 9:16am

Hi everyone,

I'm trying to get elasticsearch run with x-pack.
I adhered strictly to the official guide Installing X-Pack in Elasticsearch

Here the logfile's extract:

[2018-02-07T09:43:52,972][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [eStack] publish_address {10.56.80.26:9200}, bound_addresses {10.56.80.26:9200}
[2018-02-07T09:43:52,972][INFO ][o.e.n.Node               ] [eStack] started
[2018-02-07T09:43:53,816][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [eStack] caught exception while handling client http traffic, closing connection [id: 0x20b2f522, L:0.0.0.0/0.0.0.0:9200 ! R:/10.56.80.26:39830]
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 48454144202f20485454502f312e310d0a486f73743a2031302e35362e38302e32363a393230300d0a436f6e74656e742d4c656e6774683a20300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
        at java.lang.Thread.run(Unknown Source) [?:1.8.0_161]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 48454144202f20485454502f312e310d0a486f73743a2031302e35362e38302e32363a393230300d0a436f6e74656e742d4c656e6774683a20300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1103) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
        ... 15 more

My elasticsearch.yml config:
grep "^[^#;]" elasticsearch.yml

node.name: eStack
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.56.80.26
http.port: 9200
action.auto_create_index: .*
xpack.ssl.keystore.path: /etc/elasticsearch/x-pack/elastic-certificates.p12
xpack.ssl.truststore.path: /etc/elasticsearch/x-pack/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.http.ssl.enabled: true

So what is my problem?
Can anybody help me?

Thank's in advance

Best regards
Simon

spinscale · February 7, 2018, 9:21am

is there another node/system trying to connect to elasticsearch using plaintext HTTP instead of HTTPS?

TimV · February 7, 2018, 9:35am

I don't see any evidence there that Elasticsearch is failing to start.
It's starting Ok, but then some sort of HTTP client is connecting to port 9200 using a clear text http connection instead of https.

If you point curl or a web browser at https://localhost:9200/ you should connect Ok, but get a security error (since you need a password).

itspecialistsimon · February 7, 2018, 9:37am

Kibana runs on the same system.
Here my kibana.yml config:

elasticsearch.url: "http://10.56.80.26:9200"
logging.verbose: true

Here my setup:

Logstash-->Elasticsearch <-- Kibana

I'm about to install x-pack on all applications.

itspecialistsimon · February 7, 2018, 9:48am

Ok. You're right.

itspecialistsimon · February 7, 2018, 9:50am

I stopped Logstash and now there is no warning anymore.

I go ahead with the x-pack installation.

Thank you guys for your support!

system · March 7, 2018, 9:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.