Security settings make my ES not start

FernandoMOTA · June 17, 2020, 6:49pm

I made the security settings and added the following to the yml file:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

But now my ES doesn't close when I try to start

Certificate name and note are correct because I followed a video tutorial by Elastic

warkolm · June 17, 2020, 10:32pm

What do your logs show?

FernandoMOTA · June 17, 2020, 11:15pm

[2020-06-17T11:49:20,844][INFO ][o.e.n.Node               ] [ELASTICSERVER] stopping ...
[2020-06-17T11:49:20,875][INFO ][o.e.x.w.WatcherService   ] [ELASTICSERVER] stopping watch service, reason [shutdown initiated]
[2020-06-17T11:49:20,875][INFO ][o.e.x.w.WatcherLifeCycleService] [ELASTICSERVER] watcher has stopped and shutdown
[2020-06-17T11:49:21,250][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ELASTICSERVER] [controller/2132] [Main.cc@150] Ml controller exiting
[2020-06-17T11:49:21,297][INFO ][o.e.x.m.p.NativeController] [ELASTICSERVER] Native controller process has stopped - no new native processes can be started
[2020-06-17T11:49:21,328][INFO ][o.e.n.Node               ] [ELASTICSERVER] stopped
[2020-06-17T11:49:21,328][INFO ][o.e.n.Node               ] [ELASTICSERVER] closing ...
[2020-06-17T11:49:21,344][INFO ][o.e.n.Node               ] [ELASTICSERVER] closed

warkolm · June 17, 2020, 11:17pm

That doesn't show much about it not starting, just that it's stopping, is there more?

FernandoMOTA · June 17, 2020, 11:29pm

[2020-06-17T11:38:30,857][INFO ][o.e.d.DiscoveryModule    ] [ELASTICSERVER] using discovery type [zen] and seed hosts providers [settings]
[2020-06-17T11:38:33,544][INFO ][o.e.n.Node               ] [ELASTICSERVER] initialized
[2020-06-17T11:38:33,544][INFO ][o.e.n.Node               ] [ELASTICSERVER] starting ...
[2020-06-17T11:38:34,122][INFO ][o.e.t.TransportService   ] [ELASTICSERVER] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2020-06-17T11:38:36,047][WARN ][o.e.b.BootstrapChecks    ] [ELASTICSERVER] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-06-17T11:38:36,047][WARN ][o.e.b.BootstrapChecks    ] [ELASTICSERVER] Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
[2020-06-17T11:38:36,062][INFO ][o.e.c.c.Coordinator      ] [ELASTICSERVER] cluster UUID [6opUZnS4T-C45KpnBniKTw]
[2020-06-17T11:38:36,094][INFO ][o.e.c.c.ClusterBootstrapService] [ELASTICSERVER] no discovery configuration found, will perform best-effort cluster bootstrapping after [3s] unless existing master is discovered
[2020-06-17T11:38:36,422][INFO ][o.e.c.s.MasterService    ] [ELASTICSERVER] elected-as-master ([1] nodes joined)[{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 69, version: 602, delta: master node changed {previous [], current [{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}
[2020-06-17T11:38:36,740][INFO ][o.e.c.s.ClusterApplierService] [ELASTICSERVER] master node changed {previous [], current [{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}, term: 69, version: 602, reason: Publication{term=69, version=602}
[2020-06-17T11:38:37,146][INFO ][o.e.h.AbstractHttpServerTransport] [ELASTICSERVER] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}, {[::1]:9200}
[2020-06-17T11:38:37,162][INFO ][o.e.n.Node               ] [ELASTICSERVER] started
[2020-06-17T11:38:38,474][INFO ][o.e.l.LicenseService     ] [ELASTICSERVER] license [baeca942-1548-4ac7-921e-aec19b1539ad] mode [basic] - valid
[2020-06-17T11:38:38,474][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [ELASTICSERVER] Active license is now [BASIC]; Security is enabled
[2020-06-17T11:38:38,506][INFO ][o.e.g.GatewayService     ] [ELASTICSERVER] recovered [19] indices into cluster_state
[2020-06-17T11:39:06,504][INFO ][o.e.c.r.a.AllocationService] [ELASTICSERVER] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.apm-custom-link][0], [.apm-agent-configuration][0]]]).

FernandoMOTA · June 17, 2020, 11:30pm

I think that part will help more

warkolm · June 17, 2020, 11:31pm

Elasticsearch has started, you can see it's recovering shards.

FernandoMOTA · June 17, 2020, 11:44pm

The window is closed and when I go to the browser and put the localhost: 9200 not to connect

warkolm · June 17, 2020, 11:45pm

What window?

FernandoMOTA · June 17, 2020, 11:47pm

The window where I click to start the ES, running the .bat file

warkolm · June 17, 2020, 11:50pm

Ah ok, it sounds like you are running the elasticsearch.bat file, then closing the window? If that is the case it will start and then stop Elasticsearch. That has nothing to do with the security settings.

You may want to set it up so that it runs as a service.

FernandoMOTA · June 17, 2020, 11:51pm

No, it closes automatically, that's the problem

dadoonet · June 18, 2020, 3:48am

You are probably double-clicking from the file explorer on elasticsearch.bat.

Open manually the cmd window. Then go to the right dir and type elasticsearch.
You will hopefully see the error messages.

FernandoMOTA · June 18, 2020, 12:59pm

Thanks for answering me.
I did the procedure via CMD but the log error appeared:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Could you help me?

dadoonet · June 18, 2020, 2:33pm

I can't as I don't know this part and this error message but I'm sure some experts could help.

If you describe exactly what you did, that might help.
Did you follow exactly the guide? https://www.elastic.co/guide/en/elasticsearch/reference/current/windows.html

FernandoMOTA · June 18, 2020, 2:44pm

I've already read this guide.

I did the following:

I ran the elasticsearch-certutil cert for the security and cryptography certificate, then the config \ elastic-certificates.p12

and added the configuration
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
in my elasticsearch.yml file and when I run ES it opens and closes by itself, when I remove what I added it works

system · July 16, 2020, 2:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.