Hello Team,
I had elasticsearch:7.16.2 version with xpack security based login enabled, So today i had changed elasticsearch and kibna versions to 8.6.1 in my docker-compose file, but it fails with below errors when i start the elasticsearch container.
elasticsearch | {"@timestamp":"2023-02-04T07:59:23.518Z", "log.level":"ERROR", "message":"fatal exception while booting Elasticsearch", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster","error.type":"org.elasticsearch.ElasticsearchSecurityException","error.message":"failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/share/elasticsearch/config/elastic-stack-ca.p12] does not contain any trusted certificate entries","error.stack_trace":"org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/share/elasticsearch/config/elastic-stack-ca.p12] does not contain any trusted certificate entries\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:605)\n\tat java.base/java.util.HashMap.forEach(HashMap.java:1429)\n\tat java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1553)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:601)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:465)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:314)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.node.Node.lambda$new$16(Node.java:721)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.plugins.PluginsService.lambda$flatMap$0(PluginsService.java:252)\n\tat java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)\n\tat java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)\n\tat java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722)\n\tat java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)\n\tat java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)\n\tat java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)\n\tat java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)\n\tat java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)\n\tat java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)\n\tat java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.node.Node.<init>(Node.java:736)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.node.Node.<init>(Node.java:322)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67)\nCaused by: org.elasticsearch.common.ssl.SslConfigException: the truststore [/usr/share/elasticsearch/config/elastic-stack-ca.p12] does not contain any trusted certificate entries\n\tat org.elasticsearch.sslconfig@8.6.1/org.elasticsearch.common.ssl.StoreTrustConfig.checkTrustStore(StoreTrustConfig.java:134)\n\tat org.elasticsearch.sslconfig@8.6.1/org.elasticsearch.common.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:84)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:473)\n\tat java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1228)\n\tat org.elasticsearch.xcore@8.6.1/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:603)\n\t... 23 more\n"}
elasticsearch | ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log
elasticsearch |
elasticsearch | ERROR: Elasticsearch exited unexpectedly
My docker-compose file as follows.
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.6.1
container_name: elasticsearch
environment:
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch
- cluster.initial_master_nodes=elasticsearch
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.keystore.type=PKCS12
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=elastic-stack-ca.p12
- xpack.security.transport.ssl.truststore.path=elastic-stack-ca.p12
- xpack.security.transport.ssl.truststore.type=PKCS12
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
- esdata1:/usr/share/elasticsearch/data
ports:
- 9200:9200
kibana:
image: docker.elastic.co/kibana/kibana:8.6.1
container_name: kibana
environment:
ELASTICSEARCH_URL: "http://elasticsearch:9200"
ELASTICSEARCH_USERNAME: "password"
ELASTICSEARCH_PASSWORD: "password"
ports:
- 5601:5601
depends_on:
- elasticsearch
volumes:
esdata1:
driver: local
I had been using xpack.security for a longer time with 7.x versions, until today i had no issues. After moving to 8.6.1 the problem started occurring. Also as per the error, i have elastic-stack-ca.p12 file in the volume section and that copies to /usr/share/elasticsearch/config/ path, But not sure why still it fails?
Any change in 8.x version? Any advise to solve this problem would be helpful.