Hi everyone, I'm new here !
I just finished set up basic security on my server (1VM with : Elasticsearch, 1 node, Kibana).
I ran those commands :
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
And now Elasticsearch.service won't start.
Here is my elasticsearch.yml :
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: mycluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 10.xxxxxxx
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.type: single-node
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 17-10-2023 09:13:53
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/ims-elastic-certificates.p12
truststore.path: certs/ims-elastic-certificates.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["node1"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
Here you have status elasticsearch.service :
× elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-10-17 15:35:48 UTC; 6s ago
Docs: https://www.elastic.co
Process: 103854 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, st>
Main PID: 103854 (code=exited, status=1/FAILURE)
CPU: 20.939s
Oct 17 15:35:36 srv-elk-ims-2 systemd[1]: Starting Elasticsearch...
Oct 17 15:35:38 srv-elk-ims-2 systemd-entrypoint[103854]: Oct 17, 2023 3:35:38 PM sun.util.locale.provider.LocaleProviderAdapter <clin>
Oct 17 15:35:38 srv-elk-ims-2 systemd-entrypoint[103854]: WARNING: COMPAT locale provider will be removed in a future release
Oct 17 15:35:48 srv-elk-ims-2 systemd-entrypoint[103854]: ERROR: Elasticsearch did not exit normally - check the logs at /var/log/elas>
Oct 17 15:35:48 srv-elk-ims-2 systemd-entrypoint[103854]: ERROR: Elasticsearch exited unexpectedly, with exit code 1
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: Failed to start Elasticsearch.
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Consumed 20.939s CPU time.
And here the journalctl -xeu elasticsearch.service :
A start job for unit elasticsearch.service has begun execution.
░░
░░ The job identifier is 10795.
Oct 17 15:35:38 srv-elk-ims-2 systemd-entrypoint[103854]: Oct 17, 2023 3:35:38 PM sun.util.locale.provider.LocaleProviderAdapter <clin>
Oct 17 15:35:38 srv-elk-ims-2 systemd-entrypoint[103854]: WARNING: COMPAT locale provider will be removed in a future release
Oct 17 15:35:48 srv-elk-ims-2 systemd-entrypoint[103854]: ERROR: Elasticsearch did not exit normally - check the logs at /var/log/elas>
Oct 17 15:35:48 srv-elk-ims-2 systemd-entrypoint[103854]: ERROR: Elasticsearch exited unexpectedly, with exit code 1
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit elasticsearch.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit elasticsearch.service has entered the 'failed' state with result 'exit-code'.
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: Failed to start Elasticsearch.
░░ Subject: A start job for unit elasticsearch.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit elasticsearch.service has finished with a failure.
░░
░░ The job identifier is 10795 and the job result is failed.
Oct 17 15:35:48 srv-elk-ims-2 systemd[1]: elasticsearch.service: Consumed 20.939s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit elasticsearch.service completed and consumed the indicated resources.
Thank you in advance for your help ...
Betty