Xpack security feature showing inconsistent behavior

My ES cluster is running in production mode(on Kubernetes). It is accessible only within the organization so, for now, there is no need for securing the connection between ES nodes with certificates. While setting up the cluster I just added xpack.security.enabled: true that helped me in setting up a basic Kibana authentication and everything was working as expected. Due to some reason, I restarted my pods for data nodes and now it showing the following error:

ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

I would be glad if someone could help me on this.
PS: ELK stack version: 7.3.2

The error message you quote tells us what's wrong: It's not possible to enable xpack security in a multi-node cluster without also enabling transport layer security (TLS) between the nodes - as explained in the official documentation:

Clusters that do not have encryption enabled send all data in plain text including passwords. If the Elasticsearch security features are enabled, unless you have a trial license, you must configure SSL/TLS for internode-communication.

So you will have to generate unique node certificates for each node in your cluster, to enable TLS between them, before you can set xpack.security.enabled: true in the elasticsearch.yml files.

Good luck!

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.