Elasticsearch Security plugin exception

akr · December 19, 2019, 9:37am

I am getting error while working on ssl part of elasticsearch.
stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]"
.....
"Caused by: java.lang.reflect.InvocationTargetException",
.....
"Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]",
.....
"Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager",
......
"Caused by: java.io.IOException: Is a directory",

I used docker-compose file

version: '2.2'

services:

elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.4.2
container_name: elasticsearch
environment:
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch
- cluster.initial_master_nodes=elasticsearch
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=elastic-certificates.p12

ulimits:
  memlock:
    soft: -1
    hard: -1
volumes:
  - ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
  - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
  - esdata1:/usr/share/elasticsearch/data
ports:
  - 9200:9200

kibana:
image: docker.elastic.co/kibana/kibana:7.4.2
container_name: kibana
environment:
ELASTICSEARCH_URL: "https://elasticsearch:9200"
ELASTICSEARCH_USERNAME: "kibana"
ELASTICSEARCH_PASSWORD: "kibana"
ports:
- 5601:5601
depends_on:
- elasticsearch

volumes:
esdata1:
driver: local

Just run for elasticsearch with docker-compose up elasticsearch

I have used below command to generate the certificate
bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

and just clicked enter for password.

I want to add SSL and Https security with username password for elasticsearch.
Could you please help to find out the problem.

akr · December 20, 2019, 12:24pm

I have also tried with the configuration mentioned on the below link:
https://www.elastic.co/guide/en/elasticsearch/reference/7.5/configuring-tls-docker.html

But I am getting below error
$ docker run --rm -v es_certs:/certs --network=es_default docker.elastic.co/elasticsearch/elasticsearch:7.5.1 curl --cacert /certs/ca/ca.crt -u elastic:PleaseChangeMe https://es01:9200
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (77) Problem with the SSL CA cert (path? access rights?)

Could you please help me solve it?

system · January 17, 2020, 12:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.