Issue setting up basic security on Elasticsearch 7.12

I just downloaded Elasticsearch 7.12 and have it configured for basic operation with no security enabled.

When I go to enable minimum security as per the documentation - Set up minimal security for Elasticsearch and enable security by setting the xpack.security.enabled flag to true in the elasticsearch.yml file (Step 2) . My problems start when I start the Elasticsearch service so that I can setup the passwords via the elasticsearch-setup-passwords utility.

I get the following bootstrap check failure and the service stops--

Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true]

Enabling xpack.security.transport.ssl.enabled results in the following error--

Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

So I have officially gone down the rabbit hole in that in order to set up my passwords I have to enable xpack security but in order to have xpack security enabled I have to have transport ssl enabled but if I do that then the elastic user can't be authenticated because it's password hasn't been set. Also if I try to run the elasticsearch-setup-passwords utility I get a bootstrap password error because the system is using ssl now and looking for the elastic user.

What am I doing wrong here?

The only modifications I've made to the elasticsearch.yml file is --

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

Thanks,
Bill

Hi there,

The only modifications I've made to the elasticsearch.yml file is

The bootstrap checks are triggered because you are in production mode. So that means that you have made other changes also, most probably that you've set transport.host to a non local IP address.
The minimal security instructions do not apply to production mode because, as you've seen, transport TLS needs to be configured ( it's not enough to "enable" it ). You can use the relevant instructions for that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.