SSL and Basic Authentication is not working

Elastic Stack Elasticsearch
1

Hi Team,

I have configured the SSL and basic authentication in my dev enviornment. It is not working and not sure why it was failing. The following are the steps configured to enable the SSL and Basic Authentication. can you please help me in setting up the SSL and Basic Auth

Version: elasticsearch-7.8.0

  1. Installed the ELK elasticsearch-7.8.0/ in the 3 servers
  2. The following are the servers which i have installed the elk
    server1 - Master, data nodes
    server2 - master, data nodes
    server3 - data node
  3. the following are configuration from elasticsearch.yml for all the 3 servers

Servrer1

cluster.name: dev-elk-cluster
node.name: server1-node-1
node.master: true
node.data: true
node.voting_only: false
node.ingest: false
node.ml: false
path.data: /opt/elasticsearch/data/elasticsearch
path.logs: /opt/elasticsearch/logs/elasticsearch
network.host: 1.10.11.12
http.port: 9300
discovery.seed_hosts: ["1.10.11.12","1.10.11.13","1.10.11.14"]
cluster.initial_master_nodes: ["server1-node-1","server2-node-2"]
discovery.zen.minimum_master_nodes: 2
gateway.recover_after_nodes: 2
gateway.recover_after_time: 10m
gateway.expected_nodes: 3
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.license.self_generated.type: basic
xpack.security.authc.accept_default_password: true
node.store.allow_mmap: false

Server2

cluster.name: dev-elk-cluster
node.name: server2-node-2
node.master: true
node.data: true
node.voting_only: false
node.ingest: false
node.ml: false
path.data: /opt/elasticsearch/data/elasticsearch
path.logs: /opt/elasticsearch/logs/elasticsearch
network.host: 1.10.11.13
http.port: 9300
discovery.seed_hosts: ["1.10.11.12","1.10.11.13","1.10.11.14"]
cluster.initial_master_nodes: ["server1-node-1","server2-node-2"]
discovery.zen.minimum_master_nodes: 2
gateway.recover_after_nodes: 2
gateway.recover_after_time: 10m
gateway.expected_nodes: 3
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.license.self_generated.type: basic
xpack.security.authc.accept_default_password: true
node.store.allow_mmap: false

Server3

cluster.name: dev-elk-cluster
node.name: server3-node-3
node.master: false
node.data: true
node.voting_only: false
node.ingest: false
node.ml: false
path.data: /opt/elasticsearch/data/elasticsearch
path.logs: /opt/elasticsearch/logs/elasticsearch
network.host: 1.10.11.14
http.port: 9300
discovery.seed_hosts: ["1.10.11.12","1.10.11.13","1.10.11.14"]
cluster.initial_master_nodes: ["server1-node-1","server2-node-2"]
discovery.zen.minimum_master_nodes: 2
gateway.recover_after_nodes: 2
gateway.recover_after_time: 10m
gateway.expected_nodes: 3
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.license.self_generated.type: basic
xpack.security.authc.accept_default_password: true
node.store.allow_mmap: false

  1. Created the certifacates using following commands

    1. /opt/elasticsearch/elasticsearch-7.8.0/bin/elasticsearch-certutil ca
    2. /opt/elasticsearch/elasticsearch-7.8.0/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

  2. restarted all the nodes.

  3. Tried changing the existing elastic user password but it is giving the following issue
    /opt/elasticsearch/elasticsearch-7.8.0/bin/elasticsearch-setup-passwords interactive

ailed to determine the health of the cluster running at http://1.10.11.12:9300
Unexpected response code [503] from calling GET http://1.10.11.12:9300/_cluster/health?pretty
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.

I followed the following URL for configuring:

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.