I am seeing the following error in my elasticsearch log:
java.lang.NullPointerException: Cannot invoke “String.toCharArray()” because the return value of “com.amazon.opendistroforelasticsearch.commons.rest.SecureRestClientBuilder.getKeystorePasswd()” is null
I have not been able to find anything to point me in a direction that would lead me to solving this. Any help on this would be greatly appreciated.
Hi,
I’m seeing the same error after the upgrade to ODFE 1.11.0.
Looking at the code now it seems it is required to provide also the following setting:
opendistro_security.ssl.http.keystore_keypassword
Is this a bug or a breaking change? There’s no mention of this at all in the documentation.
Thanks.
FYI - In my elasticsearch.yml , I am setting opendistro_security.ssl.http.keystore_keypassword:
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.transport.keystore_type: PKCS12
opendistro_security.ssl.transport.keystore_filepath: MASTEROFTHEUNIVERSE01.keystore
opendistro_security.ssl.transport.keystore_alias: MASTEROFTHEUNIVERSE01
opendistro_security.ssl.transport.keystore_password: NotARealPassword
opendistro_security.ssl.transport.truststore_filepath: MASTEROFTHEUNIVERSE01.trust
opendistro_security.ssl.transport.truststore_password: NotARealPassword
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.keystore_type: PKCS12
opendistro_security.ssl.http.keystore_filepath: MASTEROFTHEUNIVERSE01.keystore
opendistro_security.ssl.http.keystore_alias: MASTEROFTHEUNIVERSE01
opendistro_security.ssl.http.keystore_password: NotARealPassword
opendistro_security.ssl.http.truststore_type: PKCS12
opendistro_security.ssl.http.truststore_filepath: HEMAN_MASTEROFTHEUNIVERSE01.trust
opendistro_security.ssl.http.truststore_password: NotARealPassword
opendistro_security.allow_unsafe_democertificates: false
opendistro_security.allow_default_init_securityindex: true
opendistro_security.ssl.http.enabled_protocols:
I am running elasticsearch: elasticsearch-oss-7.9.1-1.x86_64
I could try and downgrade to 7.8.1-1
Mind the syntax:
opendistro_security.ssl.http.keystore_keypassword
not
opendistro_security.ssl.http.keystore_password
From the code now it seems that both settings are required, even if only the second is documented.
Regards
Downgraded to ODFE 1.10.0. I had to remove these two lines from my config:
opendistro_security.system_indices.enabled: true
opendistro_security.system_indices.indices: [“.opendistro-alerting-config”, “.opendistro-alerting-alert*”]
After that, elasticsearch is starting up
@alexz00 –
Thank you Alex for pointing that out. I have added opendistro_security.ssl.http.keystore_keypassword on my another node, which is still ODFE 1.11. After adding that - Elasticsearch is starting up.