Error at startup:Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

I already checked a similar thread that was closed with the link to the configuration page for TLS.

I have already checked that and modified my config several times to test which one works.. but it does not seems to.
I applied a non-prod license to this new setup but it reports production license in logs:
My Config:

.......
node.master: true
node.data: true
node.max_local_storage_nodes: 3
path.data: /var/es/data
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
network.host: x.y.z.142
http.port: 9200
discovery.zen.ping.unicast.hosts: ["x.y.z.141", "x.y.z.142", "x.y.z.143"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.fd.ping_timeout: 30s
path.repo: ["/var/es/backup"]
#############################
http.max_content_length: 500mb
############# X-PACK FEATURE CONFIGURATION GOES BELOW #################
xpack.security.enabled: true
xpack.security.authc.accept_default_password: true
#xpack.security.audit.enabled: true
#xpack.monitoring.enabled: true
xpack.watcher.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/ca.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/certs.p12

Created CA cert on node1 and then node 1 cert,
copied ca cert and cert to node 2 and node 3
trying to start node 1 first, getting the following error immediately:

Starting elasticsearch: tailf me        Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /etc/elasticsearch/certs/ca.p12
Likely root cause: java.nio.file.AccessDeniedException: /etc/elasticsearch/certs/ca.p12
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
        at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
        at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
        at java.nio.file.Files.readAttributes(Files.java:1737)
        at java.nio.file.FileTreeWalker.getAttributes(FileTreeWalker.java:225)
        at java.nio.file.FileTreeWalker.visit(FileTreeWalker.java:276)
        at java.nio.file.FileTreeWalker.next(FileTreeWalker.java:372)
        at java.nio.file.Files.walkFileTree(Files.java:2706)
        at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:147)
        at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:119)
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:291)
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121)
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85)
Refer to the log for complete error details.
.l
                                                           [FAILED]
[root@ashapld00022la elasticsearch]# tailf dev.log
[2018-04-15T15:39:20,447][INFO ][o.e.t.TransportService   ] [dev1] publish_address {100.126.49.141:9300}, bound_addresses {100.126.49.141:9300}
[2018-04-15T15:39:20,469][INFO ][o.e.b.BootstrapChecks    ] [dev1] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-04-15T15:39:20,477][ERROR][o.e.b.Bootstrap          ] [dev1] node validation exception
[1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
[2018-04-15T15:39:20,479][INFO ][o.e.n.Node               ] [dev1] stopping ...
[2018-04-15T15:39:20,508][INFO ][o.e.n.Node               ] [dev1] stopped
[2018-04-15T15:39:20,508][INFO ][o.e.n.Node               ] [dev1] closing ...
[2018-04-15T15:39:20,515][INFO ][o.e.n.Node               ] [dev1] closed
[2018-04-15T15:39:20,517][INFO ][o.e.x.m.j.p.NativeController] Native controller process has stopped - no new native processes can be started
^C

Please advise what am i doing wrong here.
Elastic/ kibana/ x-pack - 6.2.3

Hi

The error is that it cannot read the keystore file that you have defined in the configuration:

Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /etc/elasticsearch/certs/ca.p12

You need to set the correct permissions on that file so that the user you run Elasticsearch as, can read it.

Yeah i looked at that too.
I had reset the permissions as 644 on these files and parent folder.
Also this and the parent config folder is owned by root:elasticsearch, the same way /etc/elasticsearch is.

What else i could be missing here.

Can you please verify the permissions ? If they are set as you indicate, then you wouldn't get that exception

Can you copy the output from ls -l for the aforementioned file and /etc/elasticsearch ? Also, which user are you starting elasticsearch as ? Are they members of the elasticsearch group ?

644 on the folder? That excludes search. Make the folder 755.

Thanks.
That fixed it.
Thanks a ton @Badger @ikakavas !!!

Thanks @Badger, I totally missed that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.