ERROR: X-Pack Security is disabled by configuration. - dp

Hi All,
I have 3 nodes 7.2.1 cluster running on Ubuntu with .tar.gz distribution.

elasticsearch.yaml:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: master1.p12
xpack.security.transport.ssl.truststore.path: master1.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: master1.p12
xpack.security.http.ssl.truststore.path: master1.p12

I have enabled the X-Pack and current state is green:

1: Bad call

elastic@elkB03:~$ curl https://${HOSTNAME}:9200/_cluster/health?pretty
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
elastic@elkB03:~$

2. Good Call, with -k switch:

elastic@elkB03:~$ curl https://${HOSTNAME}:9200/_cluster/health?pretty -k
{
  "cluster_name" : "dpELK721",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 2,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

This tells me that X-PACK security is enabled.

Trouble: Setting up password:
elastic@elkB03:~$ elasticsearch/bin/elasticsearch-setup-passwords interactive

Unexpected response code [500] from calling GET https://192.168.233.193:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.

ERROR: X-Pack Security is disabled by configuration.
elastic@elkB03:~$

So what is wrong?
Is X-Pack enabled?

No it doesn't. It tells you the exact opposite. You were able to get access to the cluster health endpoint without providing any authentication, because security is not enabled.

Start here:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.