X-pack security enabled fails to start elastic search

security

#1

Enabling x-pack.security fails to connect to elastic search and closes the elastic search connection by throwing the following error

[2018-10-30T12:54:36,196][INFO ][o.e.n.Node ] [elk] initialized
[2018-10-30T12:54:36,196][INFO ][o.e.n.Node ] [elk] starting ...
[2018-10-30T12:54:36,777][INFO ][o.e.t.TransportService ] [elk] publish_address {x.x.x.x:9300}, bound_addresses {x.x.x.x:9300}
[2018-10-30T12:54:37,250][INFO ][o.e.m.j.JvmGcMonitorService] [elk] [gc][1] overhead, spent [288ms] collecting in the last [1s]
[2018-10-30T12:54:37,789][INFO ][o.e.b.BootstrapChecks ] [elk] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-10-30T12:54:37,806][ERROR][o.e.b.Bootstrap ] [elk] node validation exception
[1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
[2018-10-30T12:54:37,814][INFO ][o.e.n.Node ] [elk] stopping ...
[2018-10-30T12:54:37,840][INFO ][o.e.n.Node ] [elk] stopped
[2018-10-30T12:54:37,840][INFO ][o.e.n.Node ] [elk] closing ...
[2018-10-30T12:54:37,858][INFO ][o.e.n.Node ] [elk] closed
[2018-10-30T12:54:37,860][INFO ][o.e.x.m.j.p.NativeController] Native controller process has stopped - no new native processes can be started

syslog

kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:16:56Z","tags":["warning","elasticsearch","monitoring-ui"],"pid":30887,"message":"Unable to revive connection: http://localhost:9200/"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:16:56Z","tags":["warning","elasticsearch","monitoring-ui"],"pid":30887,"message":"No living connections"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:16:56Z","tags":["license","warning","xpack"],"pid":30887,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [monitoring] cluster. Error: No Living connections"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:16:58Z","tags":["warning","elasticsearch","admin"],"pid":30887,"message":"Unable to revive connection: http://localhost:9200/"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:16:58Z","tags":["warning","elasticsearch","admin"],"pid":30887,"message":"No living connections"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:17:01Z","tags":["warning","elasticsearch","admin"],"pid":30887,"message":"Unable to revive connection: http://localhost:9200/"}
kibana[30887]: {"type":"log","@timestamp":"2018-10-30T19:17:01Z","tags":["warning","elasticsearch","admin"],"pid":30887,"message":"No living connections"}

have platinum licence

elasticsearch.yml file

cluster.name: xxxx
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts: ["server-1","server-2","server-3"]
network.host: 0.0.0.0
node.data: false
node.ingest: false
node.name: xxx
path.data: "/x/x/x"
path.logs: "/x/x/x"
path.repo: "/x/x/x"
transport.host: site
xpack.security.enabled: true

for now, there is no ssl set up. can't use x-pack security without using transport ssl in production mode?


(Ioannis Kakavas) #2

Hi,

No. As clearly mentioned in the bootstrap check that failed

and in our documentation, TLS on the transport layer is required (unless using a single node listening on loopback )


#3

Thanks for sharing :slight_smile:


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.