Hello All ,
I am trying to install my self signed certificates in Open distro for Elastic search and I see the below error when i am trying to start my elasticsearch . Please help me and i am stuck with this issue for past 2 day.Error shown below.
uncaught exception in thread [main]
java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
Likely root cause: java.lang.RuntimeException: Demo certificates found [d14aefe70a592d7a29e14f3ff89c3d0070c99e87d21776aa07d333ee877e758f, 54a70016e0837a2b0c5658d1032d7ca32e432c62c55f01a2bf5adcb69a0a7ba9, bdc141ab2272c779d0f242b79063152c49e1b06a2af05e0fd90d505f2b44d5f5, 3e839e2b059036a99ee4f742814995f2fb0ced7e9d68a47851f43a3c630b5324, 9b13661c073d864c28ad7b13eda67dcb6cbc2f04d116adc7c817c20b4c7ed361]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:359)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605)
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556)
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471)
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163)
at org.elasticsearch.node.Node.<init>(Node.java:313)
at org.elasticsearch.node.Node.<init>(Node.java:257)
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
For complete error details, refer to the log at G:\ESearch_OD_Log\S1220001230A.log
My elasticsearch.yml
#action.destructive_requires_name: true
opendistro_security.ssl.transport.pemcert_filepath: node.pem
opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: node.pem
opendistro_security.ssl.http.pemkey_filepath: node-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: false
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- CN=admin,O=LONUS,L=NewYork, C=US
opendistro_security.nodes_dn:
- CN=elasticsearch,O=LON,L=London,C=DE
- CN=kibana,O=LON,L=London,C=DE
- CN=<My hostname>
- /CN=.*regex/
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
Things i tried to fix the same are
- Removed the line "opendistro_security.allow_unsafe_democertificates: true " or setting the line to false “opendistro_security.allow_unsafe_democertificates: false”
- Moving the demo certificates to a seperate folder.
None of the solutions worked . Kindly let me know if i am doing anything wrong and i followed the link “SSL authentication certificates - #3 by llauber” for generating the certificates.