Note : My version of Elasticsearch is 7.15.0
I'm new to Elasticsearch , I'm trying to use Kibana alerts , to do that I must create a Rule and a Connector but when I've selected that field I've been got informed to enable Transport Layer Security and API keys to do so I followed the Elastic TSL guide instructions where the instructor describe these steps :
Encrypt internode communications with TLS :
1. Open the $ES_PATH_CONF/Elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:
b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.
c. Add the following settings to enable inter-node communication and provide access to the node’s certificate.
Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:
xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Since the elastic-certificates are not generated automatically during the installation of the Software it must be generated by the Elasticsearch-certutil inside the /usr/share/Elasticsearch/bin directory :
a. First :
b. run the elastic-certutil to generate the elastic-stack-ca.zip certificate file :
c. unzip the file to exract the all information and move them to the /etc/Elasticsearch directory .
Now the problem occurs when starting the Elasticsearch service :
sudo service elasticsearch restart
Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
I tried to see where the error is located by running these two control commands but I did not understand .