Unknown setting certificate_verification

Hi Team,

I was able to enable SSL and auth using ReadonlyRest for 7.5.1 version but on enabling certificate_verification as true getting the following error.

[2020-02-05T13:28:35,787][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-data-853023685-3-869246635] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [certificate_verification] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.5.1.jar:7.5.1]
Caused by: java.lang.IllegalArgumentException: unknown setting [certificate_verification] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:475) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:446) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:417) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.common.settings.SettingsModule.(SettingsModule.java:149) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:352) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:253) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.1.jar:7.5.1]
… 6 more

Hello @chimbu, what ROR version (not Elasticsearch version!) are you using? Hint: look inside $ES_HOME/plugins/readonlyrest/plugin.properties.

A recommendation, when asking for support: please make sure you are on the latest ROR version. Also, don’t forget to include your YAML settings (readonlyrest.yml, and any relevant part of elasticsearch.yml) you are using! :slight_smile:

Hey [sscarduzio], Thanks for responding. We are using 7.5.1 version for both ROR and Open source elastic.

Below are the contents of readonlyrest.yml

    readonlyrest:
    access_control_rules:
    - name: "Require HTTP Basic Auth"
     type: allow
     auth_key: user:password
     kibana_access: rw
     indices: ["r*", ".kibana*",".kibana_1","george"]
     ssl:
     keystore_file: "elastic-ssl.keystore.jks"
     keystore_pass: secret
     key_pass: secret

Content of Elasticsearch.yml

cluster.name: test-stg
node.data: true
node.master: true
action.destructive_requires_name: true
path.data: /home/elasticsearch/data/
path.logs: /home/elasticsearch/logs/
action.auto_create_index: true
bootstrap.memory_lock: false
http.type: ssl_netty4
certificate_verification: true
#transport.type: ror_ssl_internode
http.port: 9200
network.host: eth0
#network.publish_host: host1
#network.bind_host:host1
transport.tcp.port: 9300
cluster.routing.allocation.awareness.attributes: rack_fd,rack_ud
cluster.routing.allocation.awareness.force.rack_fd.values: ‘2,1,0’
cluster.routing.allocation.awareness.force.rack_ud.values: ‘2,1,0’
node.attr.rack_fd: ‘2’
node.attr.rack_ud: ‘2’
discovery.seed_hosts: host1,host2,host3
cluster.initial_master_nodes: host1,host2,host3

@chimbu 7.5.1 is the Elasticsearch/Kibana verison. There should be also another version number in the ReadonlyREST plugin file name you installed.

See below how to see what ReadonlyREST plugin you have installed in Elasticsearch.

By the way, your post is all unformatted, have a look at the “code” formatter:

Hey [sscarduzio], I have formatted the old comment and the plugin-descriptor.properties content are as below. It is using 1.19.0 version.

name=readonlyrest
version=1.19.0
description=Safely expose Elasticsearch REST API
classname=tech.beshu.ror.es.ReadonlyRestPlugin
java.version=1.8
elasticsearch.version=7.5.1

@chimbu

IMO you should try to move certificate_verification: true from elasticsearch.yml to readonlyrest.yml

ssl:
  keystore_file: “elastic-ssl.keystore.jks”
  keystore_pass: secret 
  key_pass: secret 
  certificate_verification: true

see docs: https://github.com/beshu-tech/readonlyrest-docs/blob/master/elasticsearch.md#certificate-verification

Thanks @coutoPL. After changing that getting error for http.type

[2020-02-13T12:34:57,341][ERROR][o.e.b.Bootstrap ] [es-data-853023685-1-869246629] Exception
java.lang.IllegalStateException: Unsupported http.type [ssl_netty4]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:196) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.newHttpTransport(Node.java:1022) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:482) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:253) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) [elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.5.1.jar:7.5.1]
[2020-02-13T12:34:57,454][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-data-853023685-1-869246629] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unsupported http.type [ssl_netty4]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.5.1.jar:7.5.1]
Caused by: java.lang.IllegalStateException: Unsupported http.type [ssl_netty4]
at org.elasticsearch.common.network.NetworkModule.getHttpServerTransportSupplier(NetworkModule.java:196) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.newHttpTransport(Node.java:1022) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:482) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.node.Node.(Node.java:253) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.1.jar:7.5.1]
… 6 more

Thanks @coutoPL. Issue fixed.

2 Likes