Trying to figure out how to enable x-pack

I have been repeatedly failing to figure out how to properly enable x-pack. There's a lot of guides out there, but I still feel like I'm missing something. I built a new test machine to try to simplify this but am still running into trouble, so I turn to here for assistance.

I'll reference this guide for example. https://www.elastic.co/blog/getting-started-with-elasticsearch-security

Firstly, my environment characteristics. Mine is a bit different than the guide, as I'm using CentOS 7. I'm testing this on a basic license. I went ahead and made sure that I'm updated to 7.5 so that I have the newest stuff.

I have downloaded and Elasticsearch and Kibana via the repository.
I have cd to /usr/share/elasticsearch/ and run bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" as the author indicates. Maybe I chose the wrong working directory? I have added the lines suggested to /etc/elasticsearch/elasticsearch.yml. After this, the author suggests to start Elasticsearch, but it fails for me. I tried to change the paths of the Keystore and Truststore to a full static path but I still get errors.

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12

I start Elasticsearch differently than the author, but I think it is not an issue. systemctl start elasticsearch. The output of journalctl -u elasticsearch.service reveals the following.

https://pastebin.com/SReVKdF8

One thing I notice after applying the bash highlighting is line 93:
Dec 30 10:51:20 rnh01velk03.prd.nextraq.com elasticsearch[11254]: Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/usr/share/elasticsearch/config/elastic-certificates.p12" "read")
Is this because the file is not owned by elasticsearch?

In an attempt to answer this myself, while writing this, I tested changing the permissions on the elastic-certificates.p12 file to 777 for kicks, but the error persisted. I tried rebooting the system as well in case java held some cache of the file permissions, but this did not solve the problem either.

Anyways I'm sure the brilliant minds here can find what I have missed. I must thank you in advance for your time!

Unfortunately systemd truncates the log messages.

This message:

Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - access to read truststore file [/usr/share/elasticsearch/config/elastic-cer

Should actually say

Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - access to read truststore file [/usr/share/elasticsearch/config/elastic-certificates.p12] is blocked; SSL resources should be placed in the [/etc/elasticsearch] directory

I recommend reading the actual logs directory (/var/log/elasticsearch) from ES rather than having systemd make a mess of it for you.

Blog posts are helpful to walk through a specific example, but by design they don't tell you about all the other things you might want to know. So if you aren't configuring your system exactly the same way that the blog author does, then you'll almost always have to fill in missing pieces yourself.
Don't try and configure a system based on a blog post unless you're going to do exactly what the author did, or you already know enough to account for the differences.

The correct documentation to follow is:

That explains the steps and provides the additional reference information you need to make sense of what's going on.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.