Unable to use allow_insecure_settings with elasticsearch 6.6.0

When i am adding the allow_insecure_settings: true and try to resgister a repo with s3. i am getting service unavailable.
It complains that allow_insecure_settings is not but i have added the setting to the elasticsearch.yml and restarted the elasticsearch.

cat /usr/local/elasticsearch-6.6.0/config/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes:
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
allow_insecure_settings: true

{"error":{"root_cause":[{"type":"repository_exception","reason":"[reponame] failed to create repository"}],"type":"repository_exception","reason":"[reponame] failed to create repository","caused_by":{"type":"illegal_argument_exception","reason":"Setting [access_key] is insecure, but property [allow_insecure_settings] is not set"}},"status":500}.

Hi there,

Please take some time to format your post using </> button or (```) , it will make it much more probable that someone wlll go through it and attempt to assist you.

Any reason why you can't use the relevant secure settings in the elasticsearch keystore as described in https://www.elastic.co/guide/en/elasticsearch/plugins/6.6/repository-s3-client.html ?

Thanks @ikakavas i have done the changes. I have already gone through https://www.elastic.co/guide/en/elasticsearch/plugins/6.6/repository-s3-client.html but was not successful. So i have turned back to allow_insecure_settings: true

Maybe we can figure out how to help you with this if you share the details. That would be definitely better than you storing your S3 credentials in plaintext in the elasticsearch.yml

I have created the secure strings and was trying to register the repo. Unfortunately it failed with the below error

"error":{"root_cause":[{"type":"repository_verification_exception","reason":"[reponame] path is not accessible on master node"}],"type":"repository_verification_exception","reason":"[reponame] path is not accessible on master node","caused_by":{"type":"i_o_exception","reason":"Unable to upload object [tests-t0dEL0DzSwiWP4loz9Si3w/master.dat] using a single upload","caused_by":{"type":"sdk_client_exception","reason":"sdk_client_exception: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/"}}},"status":500}

i have tried deleting the keys and reloading_secure_strings after adding them again.

There was a issue with the config location mapping in the environment scripts . i have marked them to the correct path. then it started working for me with the secure strings. Initially it was pointing to the default one.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.