Hi all,
I have a bit of a problem. I implemented TLS im my stack as per the instructions.
Hoewever - now elasticsearch wont start, and it's throwing this exception:
java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
Im using openjdk 11.0.11
what should i do?
thanks
Based on the JDK issue, the support for HmacPBESHA256 starts from JDK 11.0.12
So one option is to upgrade your JDK. Which elasticsearch version are you using? Also are you using the bundled JDK? It is recommended.
I use ES 7.13, and i think i dont use the bundled JDK.
Will using the bundled JDK solve this? if so, how do i change to it?
meanwhile i am trying to upgrade my JDK, which proves to be more bothersome than anticipated
The current recommend way for 7.12+ is to set a ES_JAVA_HOME environment variable to point to the bundled JDK (you can find it under your eliastcsearch installation directory). Alternatively, you can just unset JAVA_HOME which makes elasticsearch use the bundle JDK by default.
is the ES_JAVA_HOME variable part of the elasticseach user enviroment? because i dont see it when i run printenv
Ohh right I need to set the ES_JAVA_HOME
OK ill do it
Ok so Iv'e created ES_JAVA_HOME and pointed it to the bundled JDK and did an unset for JAVA_HOME but the problem persists
Any help would be appreciated
It would be helpful to diagnose the problem if you can share the elasticsearch logs from booting all the way up leading to the error.
Hi,
here is the log(minus the module loading messages due to character count):
[2021-08-03T17:04:49,418][INFO ][o.e.n.Node ] [mvs-es04] version[7.13.2], pid[11572], build[default/deb/4d960a0733be83dd2543ca018aa4ddc42e956800/2021-06-10T21:01:55.251515791Z], OS[Linux/4.15.0-151-generic/amd64], JVM[Ubuntu/OpenJDK 64-Bit Server VM/11.0.11/11.0.11+9-Ubuntu-0ubuntu2.18.04]
[2021-08-03T17:04:49,423][INFO ][o.e.n.Node ] [mvs-es04] JVM home [/usr/lib/jvm/java-11-openjdk-amd64], using bundled JDK [false]
[2021-08-03T17:04:49,423][INFO ][o.e.n.Node ] [mvs-es04] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -Xms15g, -Xmx15g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-1294293600820470431, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -XX:MaxDirectMemorySize=8053063680, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=deb, -Des.bundled_jdk=true]
[2021-08-03T17:04:53,617][INFO ][o.e.e.NodeEnvironment ] [mvs-es04] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [68gb], net total_space [78.6gb], types [ext4]
[2021-08-03T17:04:53,618][INFO ][o.e.e.NodeEnvironment ] [mvs-es04] heap size [14.9gb], compressed ordinary object pointers [true]
[2021-08-03T17:04:54,418][INFO ][o.e.n.Node ] [mvs-es04] node name [mvs-es04], node ID [ZtBmYN-qRiewI_tF9brDaQ], cluster name [SIEM_CLUSTER], roles [master, remote_cluster_client, ml, ingest]
[2021-08-03T17:05:00,996][ERROR][o.e.b.Bootstrap ] [mvs-es04] Exception
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:530) ~[?:?]
at java.util.HashMap.forEach(HashMap.java:1336) ~[?:?]
at java.util.Collections$UnmodifiableMap.forEach(Collections.java:1505) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:526) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:144) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:454) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:298) ~[?:?]
at org.elasticsearch.node.Node.lambda$new$18(Node.java:605) ~[elasticsearch-7.13.2.jar:7.13.2]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.elasticsearch.node.Node.<init>(Node.java:609) ~[elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.node.Node.<init>(Node.java:278) ~[elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217) ~[elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217) ~[elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397) [elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) [elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) [elasticsearch-cli-7.13.2.jar:7.13.2]
at org.elasticsearch.cli.Command.main(Command.java:79) [elasticsearch-cli-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.13.2.jar:7.13.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) [elasticsearch-7.13.2.jar:7.13.2]
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:75) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
... 26 more
Caused by: java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1479) ~[?:?]
at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:98) ~[?:?]
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:66) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
... 26 more
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at javax.crypto.Mac.getInstance(Mac.java:191) ~[?:?]
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1479) ~[?:?]
at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:98) ~[?:?]
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:66) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
... 26 more
Whatever steps you took to switch to the bundled JVM didn't work.
You're still using 11.0.11
Without knowing your environment it's hard to give concrete steps to resolve that, but this is where you need to focus your attention. This issue should be resolved if we can get you on to the bundled JDK.
I managed to change to the bundled JVM
turns out i had an enviroment file in /etc/defualt that pointeed to the 11.0.11
Changed it and im good to go
Well, on the elasticsearch side, now I need to figure out how to reconnect kibana
thanks for the help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.