Security for Elasticsearch

alipujaistopo · April 6, 2021, 4:38am

i used a root user, because there's no another user
i used ./bin/elasticsearch and systemctl start elasticsearch. the error is same

[2021-04-06T01:30:00,001][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] triggering scheduled [ML] maintenance tasks
[2021-04-06T01:30:00,021][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Deleting expired data
[2021-04-06T01:30:00,043][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [bdi-uat-els] Successfully deleted [0] unused stats documents
[2021-04-06T01:30:00,044][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Completed deletion of expired ML data
[2021-04-06T01:30:00,044][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2021-04-06T01:41:11,671][INFO ][o.e.c.m.MetadataMappingService] [bdi-uat-els] [winlogbeat-7.10.2-2021.04.03-000003/bOup-BKdTdem9wc-cEygrQ] update_mapping [_doc]
[2021-04-06T01:41:11,781][INFO ][o.e.c.m.MetadataMappingService] [bdi-uat-els] [winlogbeat-7.10.2-2021.04.03-000003/bOup-BKdTdem9wc-cEygrQ] update_mapping [_doc]
[2021-04-06T05:08:44,149][WARN ][o.e.m.f.FsHealthService ] [bdi-uat-els] health check of [/var/lib/elasticsearch/nodes/0] took [5403ms] which is above the warn threshold of [5s]
[2021-04-06T08:30:00,005][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] starting SLM retention snapshot cleanup task
[2021-04-06T08:30:00,008][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2021-04-06T11:33:20,873][INFO ][o.e.n.Node ] [bdi-uat-els] stopping ...
[2021-04-06T11:33:20,878][INFO ][o.e.x.w.WatcherService ] [bdi-uat-els] stopping watch service, reason [shutdown initiated]
[2021-04-06T11:33:20,879][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [bdi-uat-els] [controller/25413] [Main.cc@154] ML controller exiting
[2021-04-06T11:33:20,879][INFO ][o.e.x.w.WatcherLifeCycleService] [bdi-uat-els] watcher has stopped and shutdown
[2021-04-06T11:33:20,880][INFO ][o.e.x.m.p.NativeController] [bdi-uat-els] Native controller process has stopped - no new native processes can be started
[2021-04-06T11:33:21,420][INFO ][o.e.n.Node ] [bdi-uat-els] stopped
[2021-04-06T11:33:21,421][INFO ][o.e.n.Node ] [bdi-uat-els] closing ...
[2021-04-06T11:33:21,432][INFO ][o.e.n.Node ] [bdi-uat-els] closed
[2021-04-06T11:33:24,302][INFO ][o.e.n.Node ] [bdi-uat-els] version[7.10.1], pid[29341], build[default/rpm/1c34507e66d7db1211f66f3513706fdf548736aa/2020-12-05T01:00:33.671820Z], OS[Linux/3.10.0-1127.el7.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2021-04-06T11:33:24,305][INFO ][o.e.n.Node ] [bdi-uat-els] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-04-06T11:33:24,306][INFO ][o.e.n.Node ] [bdi-uat-els] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-2685646022361486910, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-04-06T11:33:26,208][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [aggs-matrix-stats]
[2021-04-06T11:33:26,208][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [analysis-common]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [constant-keyword]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [flattened]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [frozen-indices]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-common]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-geoip]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-user-agent]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [kibana]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-expression]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-mustache]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-painless]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [mapper-extras]

here's the complete error i got in elasticsearch.log

●> elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2021-04-06 11:33:29 WIB; 3min 24s ago
Docs: https://www.elastic.co
Process: 29341 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 29341 (code=exited, status=1/FAILURE)

Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.node.Node.(Node.java:557)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.node.Node.(Node.java:289)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:227)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: <<>>
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: For complete error details, refer to the log at /var/log/elasticsearch/elasticsearch.log
Apr 06 11:33:29 bdi-uat-els systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Apr 06 11:33:29 bdi-uat-els systemd[1]: Failed to start Elasticsearch.
Apr 06 11:33:29 bdi-uat-els systemd[1]: Unit elasticsearch.service entered failed state.
Apr 06 11:33:29 bdi-uat-els systemd[1]: elasticsearch.service failed.

and this with systemctl status elasticsearch

Topic		Replies	Views
Starting ES with TLS options Elasticsearch elastic-stack-security	13	1349	October 14, 2019
XPack Security Enabled TLS/SSL configured, still not working! Elasticsearch elastic-stack-security	5	1968	January 13, 2021
Trobling with HTTPS configuration Elasticsearch elastic-stack-security	29	1924	July 30, 2019
HELP ! Upgrade ES 6.7.0 to 7.1.0 Elasticsearch	31	5052	July 17, 2019
Elasticsearch doesn’t start: status=1/FAILURE (TLS/x-pack) Elasticsearch	17	6488	April 12, 2018

Security for Elasticsearch

Related topics