Hi,
I've successfully updated from 6.3.1 to 6.8 so that in the future I can upgrade to the 7.x release.
I'm quite happy with the upgrade assistant since this tool shows me what I need to check.
Only I quite confused what I need to do to resolve these issues
I've got 2 critical errors I need to resolve:
- Default TLS/SSL settings have been removed
These are my current settings:
xpack.security.enabled: true xpack.ssl.key: /etc/elasticsearch/censored.key xpack.ssl.certificate: /etc/elasticsearch/censored.cer xpack.ssl.certificate_authorities: /etc/elasticsearch/censored.pem xpack.security.transport.ssl.enabled : true
Do I just add this?
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/censored.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.transport.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/censored.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.http.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]
Can these settings be done in a rolling restart of the nodes? or does the cluster need to be down?
- Security realm settings structure changed
These are my current settings:
xpack:
security:
authc:
realms:
native1:
order: 0
type: native
active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
type: "active_directory"
url: "ldap://censored:389"
user_search.base_dn: "censored"
This needs to be changed to ?
xpack:
security:
authc:
realms:
native.native1:
order: 0
active_directory.active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
url: "ldap://censored:389"
user_search.base_dn: "censored"