Elasticsearch Exception - Open Distro Alert

Question

I've installed OpenDistro on my elastic search master node for the alerts. RPM is used to install the plugin. After successfull installation of plugin ES is restarted but it shows the following error.

Logs

3/13/2019 1:05:55 PM[2019-03-13T12:05:55,977][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [elastic-master-a1] uncaught exception in thread [main]
3/13/2019 1:05:55 PMorg.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PMCaused by: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:607) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    ... 6 more
3/13/2019 1:05:55 PMCaused by: java.lang.reflect.InvocationTargetException
3/13/2019 1:05:55 PM    at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
3/13/2019 1:05:55 PM    at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
3/13/2019 1:05:55 PM    at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
3/13/2019 1:05:55 PM    at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:598) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    ... 6 more
3/13/2019 1:05:55 PMCaused by: org.elasticsearch.ElasticsearchException: opendistro_security.ssl.transport.keystore_filepath or opendistro_security.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.
3/13/2019 1:05:55 PM    at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:363) ~[?:?]
3/13/2019 1:05:55 PM    at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:164) ~[?:?]
3/13/2019 1:05:55 PM    at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:206) ~[?:?]
3/13/2019 1:05:55 PM    at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:222) ~[?:?]
3/13/2019 1:05:55 PM    at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
3/13/2019 1:05:55 PM    at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
3/13/2019 1:05:55 PM    at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
3/13/2019 1:05:55 PM    at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:598) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:156) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:338) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.4.jar:6.5.4]
3/13/2019 1:05:55 PM    ... 6 more

Apparently it is caused because opendistro_security.ssl.transport.keystore_filepath or opendistro_security.ssl.transport.pemkey_filepath is not set. But I have checked the config file for elasticsearch i-e config/elasticsearch.yml and it show the following contents (It can be seen that opendistro_security.ssl.transport.pemkey_filepath) is set.

elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0

# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1

######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########

elasticsearch-opendistro created for having a specific fork for questions — panchicore, Mar 13 '19 at 14:07
could you show your docker-compose file? or what you're using? — Mysterion, Apr 15 '19 at 12:26

score 0 · Answer 1 · answered Jul 23 '21 at 07:25

0

you are getting this because you haven't set the ssl setup to opendistro, or else you can comment everything in your security section and restart opendistro. simply you can disable the security and start again

answered Jul 23 '21 at 07:25

Varma Kucharlapati

31
2

Elasticsearch Exception - Open Distro Alert

Logs

elasticsearch.yml

1 Answers1