I generated the P12 file on the Elasticsearch node:
sudo ./bin/elasticsearch-certutil cert
This file was after generating in /usr /share/elasticsearch ...
However, I moved it to /etc/elasticsearch/certs/
I have added to the elasticsearch.yml file:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic.p12
Permission to the directory and its contents seems to be ok (chmod 666).
However, after restarting Elasticsearch, the following errors occur:
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-11-16 12:15:49 UTC; 19min ago
Docs: http://www.elastic.co
Process: 23755 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 23755 (code=exited, status=1/FAILURE)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.cli.Command.main(Command.java:90)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
Nov 16 12:15:49 icluster-node-d000 elasticsearch[23755]: Refer to the log for complete error details.
Nov 16 12:15:49 icluster-node-d000 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Nov 16 12:15:49 icluster-node-d000 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Logs:
[...]
[2019-11-16T12:08:04,353][INFO ][o.e.n.Node ] [icluster-node-d000] version[6.8.3], pid[23448], build[default/deb/0c48c0e/2019-08-29T19:05:24.312154Z], OS[Linux/4.15.0-66-generic/amd64], JVM[Ubuntu/OpenJDK 64-Bit Server VM/11.0.4/11.0.4+11-post-Ubuntu-1ubuntu218.04.3]
[2019-11-16T12:08:04,353][INFO ][o.e.n.Node ] [icluster-node-d000] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-17312263609234432103, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=deb]
[2019-11-16T12:08:05,050][ERROR][o.e.b.Bootstrap ] [icluster-node-d000] Exception
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:163) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.node.Node.(Node.java:339) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.node.Node.(Node.java:266) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:212) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.8.3.jar:6.8.3]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) [elasticsearch-6.8.3.jar:6.8.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.8.3.jar:6.8.3]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-6.8.3.jar:6.8.3]
... 15 more
Caused by: java.lang.IllegalArgumentException: could not resolve verification mode. unknown value [true]
[...]
Why is the error occurring?