Hi,
I setup a 3 node elasticsearch cluster on docker and enable xpack trial licence. Also setup enterprisesearch.
Enterprisesearch showing running in log side but in browser side it is not opening and showing This site can’t provide a secure connection
After running enterprisesearch getting below details:
ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "/path/to/keystore.jks" # modify this for the right path
ent_search.ssl.keystore.password: "changeme" # modify this for the right password
ent_search.ssl.keystore.key_password: "changeme" # modify this for the right password
es01 is up-to-date
Recreating es_enterprise ... done
Attaching to es_enterprise
es_enterprise | Found java executable in PATH
es_enterprise | Java version detected: 1.8.0_252 (major version: 8)
es_enterprise | Enterprise Search is starting...
es_enterprise | *** [DEPRECATION WARNING] The setting '#/ent_search/auth/source' is deprecated and will be removed in version '8.0.0'. Please use the new auth config format ent_search.auth.<auth_name>.source.
es_enterprise |
es_enterprise | --------------------------------------------------------------------------------
es_enterprise |
es_enterprise | Invalid config file (/usr/share/enterprise-search/config/enterprise-search.yml):
es_enterprise | The setting '#/ent_search/ssl/keystore/path' is not valid: error reading file 'keystore.jks'
es_enterprise |
es_enterprise | --------------------------------------------------------------------------------
es_enterprise |
es_enterprise exited with code 1
@vikram_singh can you ssh into that docker container and check that the keystore.jks file is there? I don't see that you've done anything to add a volume to your container.
If it is there, verify that the right user has read permissions for it? And if the permissions are sufficient, try using an absolute path, instead of a relative one?
Hi Sean,
After running this command keytool -genkey -alias server-alias -keyalg RSA -storepass changeme -keypass changeme -keystore keystore.jks -dname 'CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
A file name keystore.jks is created and I give it's path in configuration file (name is elastic-docker-tls.yml).
For file permission, current user is elasticuser. Below screen keystore.jks file is present and my configuration file is elastic-docker-tls.yml. I think file permission is correct.
[elasticuser@elasticsearch-centos docker-elk-masterxpack]$ ls -l
-rw-rw-r--. 1 elasticuser elasticuser 589 Jan 19 10:11 create-certs.yml
-rw-rw-r--. 1 elasticuser elasticuser 6313 Jan 29 12:12 elastic-docker-tls.yml
drwxrwxr-x. 5 elasticuser elasticuser 69 Jan 19 09:37 elasticsearch
-rw-rw-r--. 1 elasticuser elasticuser 2611 Jan 29 12:06 keystore.jks
drwxrwxr-x. 3 elasticuser elasticuser 38 Jan 28 10:55 kibana
[elasticuser@elasticsearch-centos docker-elk-masterxpack]$
Hi Sean,
For absolute path, I also tried it but getting same error.
Error:
[elasticuser@elasticsearch-centos docker-elk-masterxpack]$ docker-compose -f elastic-docker-tls.yml up enterprisesearch
es01 is up-to-date
Recreating es_enterprise ... done
Attaching to es_enterprise
es_enterprise | Found java executable in PATH
es_enterprise | Java version detected: 1.8.0_252 (major version: 8)
es_enterprise | Enterprise Search is starting...
es_enterprise | *** [DEPRECATION WARNING] The setting '#/ent_search/auth/source' is deprecated and will be removed in version '8.0.0'. Please use the new auth config format ent_search.auth.<auth_name>.source.
es_enterprise |
es_enterprise | --------------------------------------------------------------------------------
es_enterprise |
es_enterprise | Invalid config file (/usr/share/enterprise-search/config/enterprise-search.yml):
es_enterprise | The setting '#/ent_search/ssl/keystore/path' is not valid: error reading file '/home/elasticuser/mytest/docker-elk-masterxpack/keystore.jks'
es_enterprise |
es_enterprise | --------------------------------------------------------------------------------
es_enterprise |
es_enterprise exited with code 1
[elasticuser@elasticsearch-centos docker-elk-masterxpack]$
I think that the issue is that that file isn't on the docker container, it's in the working directory where your docker compose file is. The docker container doesn't automatically share a filesystem with the system that docker is mounted on. Some posts that might help explain this:
tells docker that the volume should map the local /home/elasticuser/mytest/docker-elk-masterxpack to the container /usr/share/enterprise-search.
Note that I don't know what files you have in /home/elasticuser/mytest/docker-elk-masterxpack other than the java keystore file, so you might want to give it its own directory if you don't want to mount a ton of other files.
Give those articles a read, and let me know if you're still having issues. We're going to get this working for you, I'm confident.
I change my configuration file for keystore path - ent_search.ssl.keystore.path=/usr/share/enterprisesearch/keystore.jks
and add volumes line volumes: - /home/elasticuser/mytest/docker-elk-masterxpack:/usr/share/enterprisesearch
Before doing above settings I copy keystore file from my docker-elk-masterxpack folder to /usr/share/enterprisesearch by cp keystore.kjs /usr/share/enterprisesearch
Now I am configuring kibana for enterprise search.
I update my configuration
from - ent_search.auth.source=standard to - ent_search.auth.source=elasticsearch-native
and also update my kibana.yml for enterpriseSearch.host
But now, when I open kibana it is showing Unable to connect We can’t establish a connection to Enterprise Search at the host URL: https://localhost:3002
I also tried with enterpriseSearch.host: 'https://myservername.com:3002'
But no change in error.
Docker is weird about localhost. Assuming that both your elasticsearch docker container and your enterprise search docker container are running on the same host, you should be able to use:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.