Upgrade assistant critical errors sollutions

MalfuncEddie · May 22, 2019, 12:45pm

Hi,

I've successfully updated from 6.3.1 to 6.8 so that in the future I can upgrade to the 7.x release.
I'm quite happy with the upgrade assistant since this tool shows me what I need to check.
Only I quite confused what I need to do to resolve these issues

I've got 2 critical errors I need to resolve:

Default TLS/SSL settings have been removed
These are my current settings:

xpack.security.enabled: true
xpack.ssl.key: /etc/elasticsearch/censored.key
xpack.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.ssl.certificate_authorities: /etc/elasticsearch/censored.pem
xpack.security.transport.ssl.enabled : true

Do I just add this?

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/censored.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.transport.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/censored.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/censored.cer
xpack.security.http.ssl.certificate_authorities: [ "etc/elasticsearch/censored.pem" ]

Can these settings be done in a rolling restart of the nodes? or does the cluster need to be down?

Security realm settings structure changed
These are my current settings:

xpack:
security:
authc:
realms:
native1:
order: 0
type: native
active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
type: "active_directory"
url: "ldap://censored:389"
user_search.base_dn: "censored"

This needs to be changed to ?

xpack:
security:
authc:
realms:
native.native1:
order: 0
active_directory.active_directory:
bind_dn: "censored"
# secure_bind_password: "use the keystore: /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.authc.realms.active_directory.secure_bind_password"
domain_name: "censored"
order: 1
url: "ldap://censored:389"
user_search.base_dn: "censored"

system · June 19, 2019, 12:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.