I am working with ELK stack 7.1.1 version on kubernetes using image: docker.elastic.co/elasticsearch/elasticsearch:7.1.1
I am facing an issue , when xpack security is enabled on elasticsearch cluster , elasticsearch components fail to start with below error. It says either disable the security or change xpack.security.transport.ssl.enabled to true as i am on basic license.
{"type": "server", "timestamp": "2019-06-03T15:00:26,674+0000", "level": "INFO", "component": "o.e.b.BootstrapChecks", "cluster.name": "opselasticsearch", "node.name": "elasticsearch-master-2", "message": "bound or publishing to a non-loopback address, enforcing bootstrap
checks" }
ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
why do i need to enable ssl if i am on basic licsense and xpac security enabled is true.
This is a requirement for ALL licenses that allow ssl (apart from the trial license), not just basic. You need to enable ssl for the transport layer because since you have enabled security, now nodes will start sending data between them that will contain sensitive data such as passwords. If you don't enable SSL, this data is sent between nodes in plaintext
So, this means I have to generate certificates also for this ssl to work, because enabling this ssl property alone to true doesn't help as it looks for certificates and gives handshake failure.
For a cluster that is running in production mode with a production license, once security is enabled, transport TLS/SSL must also be enabled. On the other hand, if we are running with a trial license, then transport TLS/SSL is not obligatory.
If we are running with a production license and we attempt to start the cluster with security enabled before we have enabled transport TLS/SSL, we will see the following error message:
Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
Hi @ylasri, this is expected behavior. Is there a question? If so, can you please open a new issue, so that it's clearer for people reading the forums?
Hi @ikakavas I just provided this comment as answer to @sunnynazar issue
In my dev env i change discovery.type to single-node to get thing working quickly
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.