I am getting the following error when I try to start the cluster with the PKI realm.
> [2017-11-14T13:08:04,841][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [prdpywdcstt5301] fatal error in thread [main], exiting
java.lang.Error: security initialization failed
at org.elasticsearch.xpack.XPackPlugin.createComponents(XPackPlugin.java:279) ~[?:?]
at org.elasticsearch.node.Node.lambda$new$7(Node.java:412) ~[elasticsearch-5.6.3.jar:5.6.3]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:267) ~[?:1.8.0_151]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1380) ~[?:1.8.0_151]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) ~[?:1.8.0_151]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_151]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_151]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_151]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) ~[?:1.8.0_151]
at org.elasticsearch.node.Node.(Node.java:414) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.node.Node.(Node.java:245) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:233) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:233) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:342) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]
Caused by: java.lang.IllegalArgumentException: [xpack.security.authc.realms.clients_pki.truststore.secure_password] is not configured
at org.elasticsearch.xpack.security.authc.pki.PkiRealm.trustManagersFromTruststore(PkiRealm.java:198) ~[?:?]
at org.elasticsearch.xpack.security.authc.pki.PkiRealm.trustManagers(PkiRealm.java:189) ~[?:?]
at org.elasticsearch.xpack.security.authc.pki.PkiRealm.(PkiRealm.java:80) ~[?:?]
at org.elasticsearch.xpack.security.authc.pki.PkiRealm.(PkiRealm.java:74) ~[?:?]
at org.elasticsearch.xpack.security.authc.InternalRealms.lambda$getFactories$4(InternalRealms.java:89) ~[?:?]
at org.elasticsearch.xpack.security.authc.Realms.initRealms(Realms.java:179) ~[?:?]
at org.elasticsearch.xpack.security.authc.Realms.(Realms.java:69) ~[?:?]
at org.elasticsearch.xpack.security.Security.createComponents(Security.java:384) ~[?:?]
at org.elasticsearch.xpack.XPackPlugin.createComponents(XPackPlugin.java:276) ~[?:?]
... 20 more
My es yml has the following settings
clients_pki: type: pki order: 1 truststore: path: "/etc/elasticsearch/certs/truststore.jks" password: "********" username_pattern: ******** files: role_mapping: "/etc/elasticsearch/x-pack/role_mapping.yml"
What I don't understand is why the file is requiring a secure_password when it appears to be optional in the documentation for 5.6.3. I did try adding parameter but with no luck. Any ideas are much appreciated. Thanks!