Hi All,
We run elasticsearch in a clustered mode and recently upgraded from 5 through to version 8.2.0
I tried to enable security TLS and minimal security by following these guides
Resulting in the following elasticsearch.yml
cluster.name: es-cluster
node.name: node-main-1
path.data: "/var/lib/elasticsearch"
path.logs: "/var/log/elasticsearch"
path.home: "/usr/share/elasticsearch"
thread_pool.search.size: 200
thread_pool.search.queue_size: 20000
network.host:
- _ec2_
- _local_
discovery.ec2.groups: elk-access, elk-cluster
discovery.seed_providers: ec2
cluster.initial_master_nodes: node-main-1
node.roles:
- master
- data
- data_content
- data_hot
- data_warm
- data_cold
- data_frozen
- ingest
- ml
- remote_cluster_client
- transform
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Problem is when i tried to reset the elastic and kibana_system users i'm met with the following error
/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic
ERROR: unable to determine default URL from settings, please use the -u option to explicitly provide the url
I also tried to create an admin user on this particular node and it worked but wasn't propagated to other nodes so the admin user doesn't work on other nodes
output of cluster health
{
"cluster_name": "es-cluster",
"status": "green",
"timed_out": false,
"number_of_nodes": 3,
"number_of_data_nodes": 3,
"active_primary_shards": 731,
"active_shards": 1462,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100.0
}