Updating issues OpenDistro 1.8 & Elasticsearch 7.7

Hi there,

i was running a virtual machine (Ubuntu 18.04) with OpenDistro and Elasticsearch (7.6) which was running fine for month now. So i tried to update to the latest version today. Updated all available packages via apt and uninstalled “elasticsearch-oss” (7.6) and installed/updated to “elasticsearch-oss” (7.7) as described here Debian Package - Open Distro Documentation (Step 5.).

This procedure was working well for updating the last couple of versions.

I was running the elasticsearch.yml with the demo settings:

######## Start OpenDistro for Elasticsearch Security Demo Configuration ########

WARNING: revise all the lines below before you go into production

opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.ssl.transport.keystore_alias: “LDAP”
pendistro_security.ssl.transport.truststore_filepath: truststore.jks
opendistro_security.ssl.transport.truststore_password: “123456”

- CN=kirk,OU=client,O=client,L=test, C=de

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########

This was working well but after the update, the elasticsearch service won’t start mention that the opendistro_ lines are unknown know. So i tried to comment them out, elasticsearch is starting without any issus now and the port is available. The next step for me was to start the kibana service.

The errors from elasticsearch.log are:

Jul 02 08:55:22 host kibana[30952]: {“type”:“log”,“@timestamp”:“2020-07-02T06:55:22Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:30952,“message”:“Unable to revive connection: https://localhost:9200/”}
Jul 02 08:55:22 host kibana[30952]: {“type”:“log”,“@timestamp”:“2020-07-02T06:55:22Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:30952,“message”:“No living connections”}

Elastics seems to be working correct:

url -v http://localhost:9200

  • Rebuilt URL to: http://localhost:9200/
  • Trying…
  • Connected to localhost ( port 9200 (#0)

GET / HTTP/1.1
Host: localhost:9200
User-Agent: curl/7.58.0
Accept: /

< HTTP/1.1 200 OK
< content-type: application/json; charset=UTF-8
< content-length: 528
“name” : “host”,
“cluster_name” : “elasticsearch”,
“cluster_uuid” : “Tc3IP-c9Q4Of1AmK3bIQ9g”,
“version” : {
“number” : “7.7.0”,
“build_flavor” : “oss”,
“build_type” : “deb”,
“build_hash” : “81a1e9eda8e6183f5237786246f6dced26a10eaf”,
“build_date” : “2020-05-12T02:01:37.602180Z”,
“build_snapshot” : false,
“lucene_version” : “8.5.1”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
“tagline” : “You Know, for Search”

  • Connection #0 to host localhost left intact

But a test request is not working:

curl -XGET -u user:pass --insecure
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Installed software:
elasticsearch-oss 7.7.0
opendistroforelasticsearch-kibana 1.8.0

Kibana is showing “Kibana server is not ready yet”

could you assist me please?
Especially what has changed regarding the “unknown” parameters which was known before?