Elasticsearch not starting after installing Searchguard version 41.0

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

Elasticsearch version: 7.6.1

Server OS version: Ubuntu 20 LTS

Kibana version (if relevant):

Browser version (if relevant): Not related

Browser OS version (if relevant):

Describe the issue:
I am getting the error in restarting the Elasticsearch

Steps to reproduce:
Followed the steps for elastic-search on manual installation https://docs.search-guard.com/latest/demo-installer

Expected behaviour:

Provide configuration:
elasticsearch/config/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: "0.0.0.0"
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
          - CN=kirk,OU=client,O=client,L=test,C=de
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["SGS_ALL_ACCESS"]
xpack.security.enabled: false

elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml

_sg_meta:
  type: "config"
  config_version: 2

sg_config:
  dynamic:
      # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
      # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
      # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
      #filtered_alias_mode: warn
      #do_not_fail_on_forbidden: false
      #kibana:
        # Kibana multitenancy - NOT FREE FOR COMMERCIAL USE
        # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md
        # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki
        #multitenancy_enabled: true
        #server_username: kibanaserver
        #index: '.kibana'
      http:
        anonymous_auth_enabled: false
        xff:
          enabled: false
          internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
          #internalProxies: '.*' # trust all internal proxies, regex pattern
          #remoteIpHeader:  'x-forwarded-for'
          ###### see https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for regex help
          ###### more information about XFF https://en.wikipedia.org/wiki/X-Forwarded-For
          ###### and here https://tools.ietf.org/html/rfc7239
          ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
      authc:
        kerberos_auth_domain: 
          http_enabled: false
          transport_enabled: false
          order: 6
          http_authenticator:
            type: kerberos # NOT FREE FOR COMMERCIAL USE
            challenge: true
            config:
              # If true a lot of kerberos/security related debugging output will be logged to standard out
              krb_debug: false
              # If true then the realm will be stripped from the user name
              strip_realm_from_principal: true
          authentication_backend:
            type: noop
        basic_internal_auth_domain: 
          description: "Authenticate via HTTP Basic against internal users database"
          http_enabled: true
          transport_enabled: true
          order: 4
          http_authenticator:
            type: basic
            challenge: true
          authentication_backend:
            type: intern
        proxy_auth_domain:
          description: "Authenticate via proxy"
          http_enabled: false
          transport_enabled: false
          order: 3
          http_authenticator:
            type: proxy
            challenge: false
            config:
              user_header: "x-proxy-user"
              roles_header: "x-proxy-roles"
          authentication_backend:
            type: noop
        jwt_auth_domain:
          description: "Authenticate via Json Web Token"
          http_enabled: false
          transport_enabled: false
          order: 0
          http_authenticator:
            type: jwt
            challenge: false
            config:
              signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
              jwt_header: "Authorization"
              jwt_url_parameter: null
              roles_key: null
              subject_key: null
          authentication_backend:
            type: noop
        clientcert_auth_domain:
          description: "Authenticate via SSL client certificates"
          http_enabled: false
          transport_enabled: false
          order: 2
          http_authenticator:
            type: clientcert
            config:
              username_attribute: cn #optional, if omitted DN becomes username
            challenge: false
          authentication_backend:
            type: noop
        ldap:
          description: "Authenticate via LDAP or Active Directory"
          http_enabled: false
          transport_enabled: false
          order: 5
          http_authenticator:
            type: basic
            challenge: false
          authentication_backend:
            # LDAP authentication backend (authenticate users against a LDAP or Active Directory)
            type: ldap # NOT FREE FOR COMMERCIAL USE
            config:
              # enable ldaps
              enable_ssl: false
              # enable start tls, enable_ssl should be false
              enable_start_tls: false
              # send client certificate
              enable_ssl_client_auth: false
              # verify ldap hostname
              verify_hostnames: true
              hosts:
                - localhost:8389
              bind_dn: null
              password: null
              userbase: 'ou=people,dc=example,dc=com'
              # Filter to search for users (currently in the whole subtree beneath userbase)
              # {0} is substituted with the username 
              usersearch: '(sAMAccountName={0})'
              # Use this attribute from the user as username (if not set then DN is used)
              username_attribute: null
      authz:    
        roles_from_myldap:
          description: "Authorize via LDAP or Active Directory"
          http_enabled: false
          transport_enabled: false
          authorization_backend:
            # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
            type: ldap # NOT FREE FOR COMMERCIAL USE
            config:
              # enable ldaps
              enable_ssl: false
              # enable start tls, enable_ssl should be false
              enable_start_tls: false
              # send client certificate
              enable_ssl_client_auth: false
              # verify ldap hostname
              verify_hostnames: true
              hosts:
                - localhost:8389
              bind_dn: null
              password: null
              rolebase: 'ou=groups,dc=example,dc=com'
              # Filter to search for roles (currently in the whole subtree beneath rolebase)
              # {0} is substituted with the DN of the user
              # {1} is substituted with the username 
              # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute            
              rolesearch: '(member={0})'
              # Specify the name of the attribute which value should be substituted with {2} above
              userroleattribute: null
              # Roles as an attribute of the user entry
              userrolename: disabled
              #userrolename: memberOf
              # The attribute in a role entry containing the name of that role, Default is "name".
              # Can also be "dn" to use the full DN as rolename.
              rolename: cn
              # Resolve nested roles transitive (roles which are members of other roles and so on ...)
              resolve_nested_roles: true
              userbase: 'ou=people,dc=example,dc=com'
              # Filter to search for users (currently in the whole subtree beneath userbase)
              # {0} is substituted with the username 
              usersearch: '(uid={0})'
              # Skip users matching a user name, a wildcard or a regex pattern
              #skip_users: 
              #  - 'cn=Michael Jackson,ou*people,o=TEST'
              #  - '/\S*/'    
        roles_from_another_ldap:
          description: "Authorize via another Active Directory"
          http_enabled: false
          transport_enabled: false
          authorization_backend:
            type: ldap # NOT FREE FOR COMMERCIAL USE
            #config goes here ...
  #    auth_failure_listeners:
  #      ip_rate_limiting:
  #        type: ip
  #        allowed_tries: 10
  #        time_window_seconds: 3600
  #        block_expiry_seconds: 600
  #        max_blocked_clients: 100000
  #        max_tracked_clients: 100000
  #      internal_authentication_backend_limiting:
  #        type: username
  #        authentication_backend: intern        
  #        allowed_tries: 10
  #        time_window_seconds: 3600
  #        block_expiry_seconds: 600
  #        max_blocked_clients: 100000
  #        max_tracked_clients: 100000

kibana/config/kibana.yml (if relevant)

Provide logs:
Elasticsearch
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):

Additional data:

    57	[2020-06-30T10:28:17,756][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-monitoring]
    58	[2020-06-30T10:28:17,756][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-rollup]
    59	[2020-06-30T10:28:17,756][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-security]
    60	[2020-06-30T10:28:17,756][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-sql]
    61	[2020-06-30T10:28:17,757][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-voting-only-node]
    62	[2020-06-30T10:28:17,757][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded module [x-pack-watcher]
    63	[2020-06-30T10:28:17,757][INFO ][o.e.p.PluginsService     ] [ubuntu-s-2vcpu-4gb-blr1-01] loaded plugin [search-guard-7]
    64	[2020-06-30T10:28:17,795][INFO ][c.f.s.SearchGuardPlugin  ] [ubuntu-s-2vcpu-4gb-blr1-01] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in elasticsearch.yml
    65	[2020-06-30T10:28:23,380][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ubuntu-s-2vcpu-4gb-blr1-01] [controller/3709] [Main.cc@110] controller (64 bit): Version 7.6.1 (Build 6eb6e036390036) Copyright (c) 2020 Elasticsearch BV
    66	[2020-06-30T10:28:23,670][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
    67	[2020-06-30T10:28:23,672][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
    68	[2020-06-30T10:28:23,672][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Configured Users to ignore: [kibanaserver]
    69	[2020-06-30T10:28:23,679][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Configured Users to ignore for read compliance events: [kibanaserver]
    70	[2020-06-30T10:28:23,679][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Configured Users to ignore for write compliance events: [kibanaserver]
    71	[2020-06-30T10:28:23,691][ERROR][c.f.s.a.s.SinkProvider   ] [ubuntu-s-2vcpu-4gb-blr1-01] Default endpoint could not be created, auditlog will not work properly.
    72	[2020-06-30T10:28:23,692][WARN ][c.f.s.a.r.AuditMessageRouter] [ubuntu-s-2vcpu-4gb-blr1-01] No default storage available, audit log may not work properly. Please check configuration.
    73	[2020-06-30T10:28:23,692][INFO ][c.f.s.a.i.AuditLogImpl   ] [ubuntu-s-2vcpu-4gb-blr1-01] Message routing enabled: false
    74	[2020-06-30T10:28:23,696][WARN ][c.f.s.c.ComplianceConfig ] [ubuntu-s-2vcpu-4gb-blr1-01] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes
    75	[2020-06-30T10:28:23,696][INFO ][c.f.s.c.ComplianceConfig ] [ubuntu-s-2vcpu-4gb-blr1-01] PII configuration [auditLogPattern=null,  auditLogIndex=null]: {}
    76	[2020-06-30T10:28:24,483][DEBUG][o.e.a.ActionModule       ] [ubuntu-s-2vcpu-4gb-blr1-01] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
    77	[2020-06-30T10:28:24,612][INFO ][o.e.d.DiscoveryModule    ] [ubuntu-s-2vcpu-4gb-blr1-01] using discovery type [zen] and seed hosts providers [settings]
    78	[2020-06-30T10:28:25,922][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] initialized
    79	[2020-06-30T10:28:25,922][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] starting ...
    80	[2020-06-30T10:28:26,110][INFO ][o.e.t.TransportService   ] [ubuntu-s-2vcpu-4gb-blr1-01] publish_address {139.59.62.20:9300}, bound_addresses {[::]:9300}
    81	[2020-06-30T10:28:26,536][INFO ][o.e.b.BootstrapChecks    ] [ubuntu-s-2vcpu-4gb-blr1-01] bound or publishing to a non-loopback address, enforcing bootstrap checks
    82	[2020-06-30T10:28:26,539][ERROR][o.e.b.Bootstrap          ] [ubuntu-s-2vcpu-4gb-blr1-01] node validation exception
    83	[1] bootstrap checks failed
    84	[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
    85	[2020-06-30T10:28:26,541][INFO ][c.f.s.a.s.SinkProvider   ] [ubuntu-s-2vcpu-4gb-blr1-01] Closing DebugSink
    86	[2020-06-30T10:28:26,545][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] stopping ...
    87	[2020-06-30T10:28:26,569][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] stopped
    88	[2020-06-30T10:28:26,570][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] closing ...
    89	[2020-06-30T10:28:26,591][INFO ][o.e.n.Node               ] [ubuntu-s-2vcpu-4gb-blr1-01] closed
    90	[2020-06-30T10:28:26,594][INFO ][o.e.x.m.p.NativeController] [ubuntu-s-2vcpu-4gb-blr1-01] Native controller process has stopped - no new native processes can be started

I can’t reproduce the issue, Elasticsearch starts successfully. Look at my steps:

trex-macbook:dist trex$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-darwin-x86_64.tar.gz
--2020-07-01 14:53:38--  https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-darwin-x86_64.tar.gz
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.2.222, 151.101.66.222, 151.101.130.222, ...
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.2.222|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 288095770 (275M) [application/x-gzip]
Saving to: elasticsearch-7.6.1-darwin-x86_64.tar.gz

elasticsearch-7.6.1-darwin-x86_64.tar 100%[=========================================================================>] 274.75M  7.24MB/s    in 34s

2020-07-01 14:54:13 (8.07 MB/s) - elasticsearch-7.6.1-darwin-x86_64.tar.gz saved [288095770/288095770]

trex-macbook:dist trex$ tar -xzvf elasticsearch-7.6.1-darwin-x86_64.tar.gz
x elasticsearch-7.6.1/
...
x elasticsearch-7.6.1/bin/x-pack-watcher-env
trex-macbook:dist trex$ cd elasticsearch-7.6.1/
trex-macbook:elasticsearch-7.6.1 trex$ ./bin/elasticsearch-plugin install https://releases.floragunn.com/search-guard-7/7.6.1-41.0.0/search-
guard-7-7.6.1-41.0.0.zip
-> Installing https://releases.floragunn.com/search-guard-7/7.6.1-41.0.0/search-guard-7-7.6.1-41.0.0.zip
-> Downloading https://releases.floragunn.com/search-guard-7/7.6.1-41.0.0/search-guard-7-7.6.1-41.0.0.zip
[=================================================] 100%††
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission /proc/sys/net/core/somaxconn#plus read
* java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
* java.lang.RuntimePermission accessClassInPackage.sun.misc
* java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
* java.lang.RuntimePermission accessClassInPackage.sun.security.x509
* java.lang.RuntimePermission accessDeclaredMembers
* java.lang.RuntimePermission accessUserInformation
* java.lang.RuntimePermission createClassLoader
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission shutdownHooks
* java.lang.reflect.ReflectPermission suppressAccessChecks
* java.net.NetPermission getNetworkInformation
* java.net.NetPermission getProxySelector
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
* java.security.SecurityPermission insertProvider.BC
* java.security.SecurityPermission org.apache.xml.security.register
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setProperty.ocsp.enable
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission org.apache.xml.security.ignoreLineBreaks write
* javax.security.auth.AuthPermission doAs
* javax.security.auth.AuthPermission modifyPrivateCredentials
* javax.security.auth.kerberos.ServicePermission * accept
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed search-guard-7
trex-macbook:elasticsearch-7.6.1 trex$ cd plugins/search-guard-7/tools/
trex-macbook:tools trex$ ls
hash.bat                        install_demo_configuration.sh   sgadmin.sh
hash.sh                         sgadmin.bat
trex-macbook:tools trex$ chmod +x install_demo_configuration.sh
trex-macbook:tools trex$ ./install_demo_configuration.sh
Search Guard 7 Demo Installer
 ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)
    See https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

Enable cluster mode? [y/N] n
Basedir: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1
Elasticsearch install type: .tar.gz on
Elasticsearch config dir: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1/config
Elasticsearch config file: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1/config/elasticsearch.yml
Elasticsearch bin dir: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1/bin
Elasticsearch plugins dir: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1/plugins
Elasticsearch lib dir: /Users/trex/Development/kibana/dist/elasticsearch-7.6.1/lib
Detected Elasticsearch Version: x-content-7.6.1
Detected Search Guard Version: *

### Success
### Execute this script now on all your nodes and then start all nodes
### Search Guard will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../sgconfig and execute:
"/Users/trex/Development/kibana/dist/elasticsearch-7.6.1/plugins/search-guard-7/tools/sgadmin.sh" -cd "/Users/trex/Development/k
ibana/dist/elasticsearch-7.6.1/plugins/search-guard-7/sgconfig" -icl -key "/Users/trex/Development/kibana/dist/elasticsearch-7.6.1/config/ki
rk-key.pem" -cert "/Users/trex/Development/kibana/dist/elasticsearch-7.6.1/config/kirk.pem" -cacert "/Users/trex/Development/kib
ana/dist/elasticsearch-7.6.1/config/root-ca.pem" -nhnv
### or run ./sgadmin_demo.sh
### To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui
### To access your Search Guard secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
trex-macbook:tools trex$ cd -
/Users/trex/Development/kibana/dist/elasticsearch-7.6.1
trex-macbook:elasticsearch-7.6.1 trex$ pwd
/Users/trex/Development/kibana/dist/elasticsearch-7.6.1
trex-macbook:elasticsearch-7.6.1 trex$ ./bin/elasticsearch
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2020-07-01T14:58:48,354][INFO ][o.e.e.NodeEnvironment    ] [trex-macbook.home-life.hub] using [1] data paths, mounts [[/ (/dev/disk1s5)]], net usable_s
pace [78.3gb], net total_space [465.6gb], types [apfs]
[2020-07-01T14:58:48,355][INFO ][o.e.e.NodeEnvironment    ] [trex-macbook.home-life.hub] heap size [989.8mb], compressed ordinary object pointers [true]
[2020-07-01T14:58:48,412][INFO ][o.e.n.Node               ] [trex-macbook.home-life.hub] node name [trex-macbook.home-life.hub], node ID [8nEAQV4xSSiW3L
Kk8yXDsw], cluster name [searchguard_demo]
[2020-07-01T14:58:48,413][INFO ][o.e.n.Node               ] [trex-macbook.home-life.hub] version[7.6.1], pid[13487], build[default/tar/aa751e09be0a5072e
8570670309b1f12348f023b/2020-02-29T00:15:25.529771Z], OS[Mac OS X/10.15.5/x86_64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/12.0.2/12.0.2+10]
[2020-07-01T14:58:48,413][INFO ][o.e.n.Node               ] [trex-macbook.home-life.hub] JVM home [/Users/trex/.sdkman/candidates/java/12.0.
2-open]
[2020-07-01T14:58:48,413][INFO ][o.e.n.Node               ] [trex-macbook.home-life.hub] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkad
dress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastTh
row, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0,
 -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=COMPAT, -Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatin
gOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.io.tmpdir=/var/folders/x3/sy4fknfn4174rx498r_bpxs40000gn/T/elasticsearch-1128077454284
2005934, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:
utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1, -Des.path.conf=/Users/trex/Development/kibana/dist/elasticsearch-7.6.1/config, -Des.distribution.flavor=default, -Des.distributio
n.type=tar, -Des.bundled_jdk=true]
[2020-07-01T14:58:50,352][INFO ][c.f.s.s.SignalsPainlessExtension] [trex-macbook.home-life.hub] Loaded script whitelist: org.elasticsearch.painless.spi.
Whitelist@5d850a25
[2020-07-01T14:58:50,389][INFO ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] ES Config path is /Users/trex/Development/kibana/di
st/elasticsearch-7.6.1/config
[2020-07-01T14:58:50,490][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] JVM supports TLSv1.3
[2020-07-01T14:58:50,491][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] Config directory is /Users/trex/Developmen
t/kibana/dist/elasticsearch-7.6.1/config/, from there the key- and truststore files are resolved relatively
[2020-07-01T14:58:50,937][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] TLS Transport Client Provider : JDK
[2020-07-01T14:58:50,938][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] TLS Transport Server Provider : JDK
[2020-07-01T14:58:50,938][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] TLS HTTP Provider             : JDK
[2020-07-01T14:58:50,938][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] Enabled TLS protocols for transport layer : [TLSv1.3,
TLSv1.2, TLSv1.1]
[2020-07-01T14:58:50,939][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [trex-macbook.home-life.hub] Enabled TLS protocols for HTTP layer      : [TLSv1.3,
TLSv1.2, TLSv1.1]
[2020-07-01T14:58:51,177][INFO ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] Clustername: searchguard_demo
[2020-07-01T14:58:51,215][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] Directory /Users/trex/Development/kibana/dist/elast
icsearch-7.6.1/config has insecure file permissions (should be 0700)
[2020-07-01T14:58:51,216][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] File /Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1/config/kirk.pem has insecure file permissions (should be 0600)
[2020-07-01T14:58:51,216][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] File /Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1/config/esnode-key.pem has insecure file permissions (should be 0600)
[2020-07-01T14:58:51,216][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] File /Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1/config/root-ca.pem has insecure file permissions (should be 0600)
[2020-07-01T14:58:51,217][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] File /Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1/config/kirk-key.pem has insecure file permissions (should be 0600)
[2020-07-01T14:58:51,217][WARN ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] File /Users/trex/Development/kibana/dist/elasticsea
rch-7.6.1/config/esnode.pem has insecure file permissions (should be 0600)
[2020-07-01T14:58:51,220][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [aggs-matrix-stats]
[2020-07-01T14:58:51,220][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [analysis-common]
[2020-07-01T14:58:51,221][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [flattened]
[2020-07-01T14:58:51,221][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [frozen-indices]
[2020-07-01T14:58:51,221][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [ingest-common]
[2020-07-01T14:58:51,221][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [ingest-geoip]
[2020-07-01T14:58:51,221][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [ingest-user-agent]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [lang-expression]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [lang-mustache]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [lang-painless]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [mapper-extras]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [parent-join]
[2020-07-01T14:58:51,222][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [percolator]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [rank-eval]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [reindex]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [repository-url]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [search-business-rules]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [spatial]
[2020-07-01T14:58:51,223][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [transform]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [transport-netty4]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [vectors]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-analytics]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-ccr]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-core]
[2020-07-01T14:58:51,224][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-deprecation]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-enrich]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-graph]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-ilm]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-logstash]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-ml]
[2020-07-01T14:58:51,225][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-monitoring]
[2020-07-01T14:58:51,226][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-rollup]
[2020-07-01T14:58:51,226][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-security]
[2020-07-01T14:58:51,226][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-sql]
[2020-07-01T14:58:51,226][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-voting-only-node]
[2020-07-01T14:58:51,226][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded module [x-pack-watcher]
[2020-07-01T14:58:51,227][INFO ][o.e.p.PluginsService     ] [trex-macbook.home-life.hub] loaded plugin [search-guard-7]
[2020-07-01T14:58:51,241][INFO ][c.f.s.SearchGuardPlugin  ] [trex-macbook.home-life.hub] Disabled https compression by default to mitigate BREACH attack
s. You can enable it by setting 'http.compression: true' in elasticsearch.yml
[2020-07-01T14:58:54,553][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [trex-macbook.home-life.hub] [controller/13504] [Main.cc@110] controller (64 bit): Ve
rsion 7.6.1 (Build 6eb6e036390036) Copyright (c) 2020 Elasticsearch BV
[2020-07-01T14:58:54,815][INFO ][c.f.s.a.i.AuditLogImpl   ] [trex-macbook.home-life.hub] Configured categories on rest layer to ignore: [AUTHENTICATED,
GRANTED_PRIVILEGES]
[2020-07-01T14:58:54,816][INFO ][c.f.s.a.i.AuditLogImpl   ] [trex-macbook.home-life.hub] Configured categories on transport layer to ignore: [AUTHENTICA
TED, GRANTED_PRIVILEGES]
...
[2020-07-01T14:59:04,527][INFO ][c.f.s.c.ConfigurationRepository] [trex-macbook.home-life.hub] Search Guard License Type: TRIAL, valid
[2020-07-01T14:59:04,527][INFO ][c.f.s.c.ConfigurationRepository] [trex-macbook.home-life.hub] Node 'trex-macbook.home-life.hub' initialized
trex-macbook:kibana trex$ curl -k -u admin:admin -X GET https://localhost:9200
{ 
  "name" : "trex-macbook.home-life.hub",
  "cluster_name" : "searchguard_demo",
  "cluster_uuid" : "tG1fNU9vSfuqTAgvV_JqSw",
  "version" : {
    "number" : "7.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "aa751e09be0a5072e8570670309b1f12348f023b",
    "build_date" : "2020-02-29T00:15:25.529771Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

You have it failed because of the Elasticsearch bootstrap check:

    83  [1] bootstrap checks failed
    84  [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

You have to configure this:
elasticsearch.yml

discovery.seed_hosts: [ "host1", "host2" ]

Where host1 and host2 are the hostnames of the nodes of the cluster.