We are using elastic search 5.2.2 along with search guard pluging for DB indexing, where we are using hte self signed certificate of the nodes for ssl.transport during clustering. And java is openjdk 1.8 of build 151.
Our setup is working with out any issues in non prod and when we moved to prod we are getting below error when we are starting the elastic search service, anyany has any approach please help me.
Note: I tried updaing the JAVAOPTS for overridding the search guard policy instead of the default jvm java policy as mentioned another forum but of no luck.
[2018-02-22T11:51:06,146][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively
.... CROPPING MIDDLE ONES DUE TO LIMITATION ON THE CHARS TO BE POSTED.
... 6 more
Caused by: java.security.AccessControlException: access denied ("java.security.SecurityPermission" "getProperty.ssl.KeyManagerFactory.algorithm")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_151]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_151]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_151]
at java.security.Security.getProperty(Security.java:760) ~[?:1.8.0_151]
at io.netty.handler.ssl.SslContext.buildKeyManagerFactory(SslContext.java:1078) ~[?:?]
at io.netty.handler.ssl.JdkSslServerContext.newSSLContext(JdkSslServerContext.java:245) ~[?:?]
at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:226) ~[?:?]
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:409) ~[?:?]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:402) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore$1.run(DefaultSearchGuardKeyStore.java:657) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore$1.run(DefaultSearchGuardKeyStore.java:654) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_151]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.buildSSLContext0(DefaultSearchGuardKeyStore.java:654) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.buildSSLServerContext(DefaultSearchGuardKeyStore.java:588) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:254) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:147) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:192) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_151]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:373) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:336) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:132) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.node.Node.<init>(Node.java:297) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.node.Node.<init>(Node.java:232) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Bootstrap$6.<init>(Bootstrap.java:241) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:241) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-5.2.2.jar:5.2.2]
... 6 more
testuser@dummyhostname[PRD][elasticsearch] $