Upgrade assistant critical errors sollutions

MalfuncEddie · May 22, 2019, 12:45pm

Hi,

I've successfully updated from 6.3.1 to 6.8 so that in the future I can upgrade to the 7.x release.
I'm quite happy with the upgrade assistant since this tool shows me what I need to check.
Only I quite confused what I need to do to resolve these issues

I've got 2 critical errors I need to resolve:

Default TLS/SSL settings have been removed
These are my current settings:

xpack.security.enabled: true
xpack.ssl.key: /etc/elasticsearch/censored.key
xpack.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.ssl.certificate_authorities: /etc/elasticsearch/censored.pem
xpack.security.transport.ssl.enabled : true

Do I just add this?

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/censored.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.transport.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/censored.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.http.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]

Can these settings be done in a rolling restart of the nodes? or does the cluster need to be down?

Security realm settings structure changed
These are my current settings:

xpack:
security:
authc:
realms:
native1:
order: 0
type: native
active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
type: "active_directory"
url: "ldap://censored:389"
user_search.base_dn: "censored"

This needs to be changed to ?

xpack:
security:
authc:
realms:
native.native1:
order: 0
active_directory.active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
url: "ldap://censored:389"
user_search.base_dn: "censored"

system · June 19, 2019, 12:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch 'xpack.security.transport.ssl' related error after upgrade to 8.x Elasticsearch	0	25	September 11, 2024
Upgrade to x-pack 6.2.3 getting transport errors Elasticsearch elastic-stack-security	1	1106	May 7, 2018
Upgrade from 7.16.2 to 7.171.7 Elasticsearch	5	381	January 23, 2023
Status= 78/config Transport SSL must be enabled Elasticsearch	6	517	April 13, 2020
Trouble enabling SSL for elastic search Elasticsearch	12	5325	January 10, 2017

Upgrade assistant critical errors sollutions

Related topics