Unable to start ES after enabling internode encryption

I’m trying to enable internode encryption but am not finding success. I’m running ES 6.8.4 and ROR 1.18.8.

In my elasticsearch.yml file I’ve tried both of the following configurations, however neither work:
If I remove the internode configuration from the elasticsearch.yml file, ES starts up.


xpack.security.enabled: false
http.type: ssl_netty4
http.type: ror_ssl_internode


xpack.security.enabled: false
http.type: [“ssl_netty4”, “ror_ssl_internode”]


Below is my readonlyrest.yml file:

readonlyrest:

ssl:
  # put the keystore in the same dir with elasticsearch.yml
  keystore_file: "/etc/elasticsearch/keystore.jks"
  keystore_pass: password123
  key_pass: password123

ssl_internode:
  keystore_file: "/etc/elasticsearch/keystore.jks"
  keystore_pass: password123
  key_pass: password123


Hi @sanderson, can you see if there is some stack trace or errors in Elasticsearch logs? Should be something like /var/log/elasticsearch/*log

Hi @sscarduzio, when I use the http.type: [“ssl_netty4”, “ror_ssl_internode”] setting I see the following error in the logs:


2019-11-13T10:07:20,213][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ROC-ES-GL-MASTER-1] [controller/8132] [[email protected]] controller (64 bit): Version 6.8.4 (Build 93ad89b02ff490) Copyright © 2019 Elasticsearch BV
[2019-11-13T10:07:20,446][INFO ][t.b.r.c.RorSsl$ ] [ROC-ES-GL-MASTER-1] Cannot find SSL configuration is elasticsearch.yml, trying: /etc/elasticsearch/readonlyrest.yml
[2019-11-13T10:07:20,449][INFO ][t.b.r.b.Ror$ ] [ROC-ES-GL-MASTER-1] [CLUSTERWIDE SETTINGS] Loading ReadonlyREST settings from index …
[2019-11-13T10:07:20,688][DEBUG][o.e.a.ActionModule ] [ROC-ES-GL-MASTER-1] Using REST wrapper from plugin tech.beshu.ror.es.ReadonlyRestPlugin
[2019-11-13T10:07:21,017][ERROR][o.e.b.Bootstrap ] [ROC-ES-GL-MASTER-1] Exception
java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:198) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:515) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:266) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) [elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.8.4.jar:6.8.4]
[2019-11-13T10:07:21,023][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [ROC-ES-GL-MASTER-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.8.4.jar:6.8.4]
Caused by: java.lang.IllegalStateException: Unsupported http.type [[ssl_netty4, ror_ssl_internode]]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:198) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:515) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.node.Node.(Node.java:266) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.8.4.jar:6.8.4]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.8.4.jar:6.8.4]
… 6 more
[2019-11-13T10:07:21,027][INFO ][o.e.x.m.p.NativeController] [ROC-ES-GL-MASTER-1] Native controller process has stopped - no new native processes can be started


When I specify each http.type separately, I get the following error:

http.type: ssl_netty4
http.type: ror_ssl_internode


SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: JsonParseException[Duplicate field ‘http.type’
at [Source: [email protected]; line: 99, column: 10]];
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1139)
at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1112)
at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:100)
at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:95)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
Caused by: com.fasterxml.jackson.core.JsonParseException: Duplicate field ‘http.type’
at [Source: [email protected]; line: 99, column: 10]
at com.fasterxml.jackson.core.json.JsonReadContext._checkDup(JsonReadContext.java:204)
at com.fasterxml.jackson.core.json.JsonReadContext.setCurrentName(JsonReadContext.java:198)
at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:372)
at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:675)
at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:650)
at org.elasticsearch.common.settings.Settings.access$500(Settings.java:82)
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1135)
… 8 more


Hi @sanderson, could you try with this configuration:
http.type: ssl_netty4
transport.type: ror_ssl_internode
? So instead of http for internode use transport.

1 Like

Hi @pondzix Yes!! that worked.

Thank You!

1 Like