Issues while upgrading to Docker based Elastic Stack 7.10.1

Elastic Stack Elasticsearch
1

I am trying to upgrade my Elastic Stack to 7.10.1 from 7.1.1 but facing some issues.
I already have 7.1.1 version setup with 3 docker nodes cluster which works fine.
I followed below to upgrade to 7.10.1 version with same 3 node setup:


However, I get below issues:

    [root@809c1952c653 elasticsearch]# bin/elasticsearch-setup-passwords interactive
23:50:48.354 [main] WARN  org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [172.31.0.5]; the server provided a certificate with subject name [CN=es01] and fingerprint [5f37c2526693a265e2485a17e809480ef1c6431a]; the certificate has subject alternative names [DNS:localhost,IP:127.0.0.1,DNS:es01]; the certificate is issued by [CN=Elastic Certificate Tool Autogenerated CA] but the server did not provide a copy of the issuing certificate in the certificate chain; the issuing certificate with fingerprint [49a6202a696348d2c337fcc068d3d2cde83f30e3] is trusted in this ssl context ([xpack.security.http.ssl])
java.security.cert.CertificateException: No subject alternative names matching IP address 172.31.0.5 found

Followed https://www.elastic.co/guide/en/elasticsearch/reference/7.x/trb-security-setup.html but no luck.

crt has SAN entry:

    openssl x509 -in es01/es01.crt -noout -text
    X509v3 Subject Alternative Name:
                DNS:localhost, IP Address:127.0.0.1, DNS:es01

Apart from this, when Kibana tries to connect, it gets:

    Client network socket disconnected before secure TLS connection was established

also

    ["warning","elasticsearch","data"],"pid":6,"message":"No living connections"}

I also get logged out from Kibana randomly.
I guess, these issues are related.

Is there anything which I am missing? Similar configuration works for 7.1.1 with no such issues.
Any lead on this?

2

As stated, I have 3 nodes. Example environment entries for es01 is

      - node.name=es01
      - node.roles=ingest,master
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key

es02 and es03 follow same entries but with name changed. es03 is the only data node.
Below are the node list:

172.31.0.4 58 95 2 0.07 0.15 0.29 dim * es03
172.31.0.5 21 95 2 0.07 0.15 0.29 im  - es01
172.31.0.3 60 95 2 0.07 0.15 0.29 im  - es02
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.