Unable to start ES after enabling internode encryption

1

I’m trying to enable internode encryption but am not finding success. I’m running ES 6.8.4 and ROR 1.18.8.

In my elasticsearch.yml file I’ve tried both of the following configurations, however neither work:
If I remove the internode configuration from the elasticsearch.yml file, ES starts up.

elasticsearch
elasticsearch.png1210×244 18.8 KB

xpack.security.enabled: false
http.type: ssl_netty4
http.type: ror_ssl_internode

xpack.security.enabled: false
http.type: [“ssl_netty4”, “ror_ssl_internode”]

Below is my readonlyrest.yml file:

readonlyrest:

ssl:
  # put the keystore in the same dir with elasticsearch.yml
  keystore_file: "/etc/elasticsearch/keystore.jks"
  keystore_pass: password123
  key_pass: password123

ssl_internode:
  keystore_file: "/etc/elasticsearch/keystore.jks"
  keystore_pass: password123
  key_pass: password123

2

Hi @sanderson, can you see if there is some stack trace or errors in Elasticsearch logs? Should be something like /var/log/elasticsearch/*log

3

Hi @sscarduzio, when I use the http.type: [“ssl_netty4”, “ror_ssl_internode”] setting I see the following error in the logs:

2019-11-13T10:07:20,213][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ROC-ES-GL-MASTER-1] [controller/8132] [Main.cc@109] controller (64 bit): Version 6.8.4 (Build 93ad89b02ff490) Copyright © 2019 Elasticsearch BV
[2019-11-13T10:07:20,446][INFO ][t.b.r.c.RorSsl$ ] [ROC-ES-GL-MASTER-1] Cannot find SSL configuration is elasticsearch.yml, trying: /etc/elasticsearch/readonlyrest.yml
[2019-11-13T10:07:20,449][INFO ][t.b.r.b.Ror$ ] [ROC-ES-GL-MASTER-1] [CLUSTERWIDE SETTINGS] Loading ReadonlyREST settings from index …
[2019-11-13T10:07:20,688][DEBUG][o.e.a.ActionModule ] [ROC-ES-GL-MASTER-1] Using REST wrapper from plugin tech.beshu.ror.es.ReadonlyRestPlugin
[2019-11-13T10:07:21,017][ERROR][o.e.b.Bootstrap ] [ROC-ES-GL-MASTER-1] Exception
java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:198) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:515) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:266) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.8.4.jar:6.8.4]
[2019-11-13T10:07:21,023][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [ROC-ES-GL-MASTER-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.8.4.jar:6.8.4]
Caused by: java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:198) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:515) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:266) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.8.4.jar:6.8.4]
… 6 more
[2019-11-13T10:07:21,027][INFO ][o.e.x.m.p.NativeController] [ROC-ES-GL-MASTER-1] Native controller process has stopped - no new native processes can be started

When I specify each http.type separately, I get the following error:

http.type: ssl_netty4
http.type: ror_ssl_internode

SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: JsonParseException[Duplicate field ‘http.type’
at [Source: sun.nio.ch.ChannelInputStream@1d8bd0de; line: 99, column: 10]];
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1139)
at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1112)
at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:100)
at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:95)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
Caused by: com.fasterxml.jackson.core.JsonParseException: Duplicate field ‘http.type’
at [Source: sun.nio.ch.ChannelInputStream@1d8bd0de; line: 99, column: 10]
at com.fasterxml.jackson.core.json.JsonReadContext._checkDup(JsonReadContext.java:204)
at com.fasterxml.jackson.core.json.JsonReadContext.setCurrentName(JsonReadContext.java:198)
at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:372)
at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:675)
at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:650)
at org.elasticsearch.common.settings.Settings.access$500(Settings.java:82)
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1135)
… 8 more

4

Hi @sanderson, could you try with this configuration:
http.type: ssl_netty4
transport.type: ror_ssl_internode
? So instead of http for internode use transport.

1 Like
5

Hi @pondzix Yes!! that worked.

Thank You!

1 Like