Error Enabling Encrypted Communication in ElasticSearch

docker
stack-security

(Leo Baiano) #1

I'm using docker-compose and I've followed the documentation below to try to achieve my goals:

https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-tls-docker.html

After creating the certificates I run docker-compose up and receive the errors below:

elasticsearch    | org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]

elasticsearch    | Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]

elasticsearch    | 	... 6 more
elasticsearch    | Caused by: java.lang.reflect.InvocationTargetException

elasticsearch    | 	... 6 more
elasticsearch    | Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
elasticsearch    | 	at org.elasticsearch.xpack.core.ssl.PEMTrustConfig.createTrustManager(PEMTrustConfig.java:48)

elasticsearch    | 	... 6 more
elasticsearch    | Caused by: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config/certificates/ca/ca.crt

elasticsearch    | 	... 6 more
elasticsearch exited with code 1

(Ioannis Kakavas) #2

Hi there,

any specific reason you want to use 6.3 which is rather old now and not 6.7 or 7.0 ?

The error seems quite obvious:

Caused by: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config/certificates/ca/ca.crt

are there any other errors in the output that would explain why the file is not created?

What does the instances.yml file that you have created in the previous step look like ?


(Leo Baiano) #3

About the error I managed to resolve but did not see how to mark it resolved and close the topic.

The problem is that I was not sending the files to the volume.

volumes:
      - esdata01:/usr/share/elasticsearch/data
      - ./certs:$CERTS_DIR