How to completely disable SSL in elasticsearch? It is possible?
I just want to install and try for training purposes.
I don’t need SSL.
Why does the configuration not work? I can not find a working example.
How to overwrite the properties and what properties need to overwrite to disable the SSL?
I set the following properties in the /usr/share/elasticsearch/config/elasticsearch.yml.
searchguard.ssl.http.enabled: false
searchguard.ssl.transport.enabled: false
``
But they do not work!
Why is nothing written about this in the official documentation?
Thanks for the help.
Stacktrace:
[2019-02-15T17:44:14,194][INFO ][o.e.n.Node ] [U97bnWL] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-3921917390321531832, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=tar]
[2019-02-15T17:44:19,529][INFO ][c.f.s.SearchGuardPlugin ] [U97bnWL] ES Config path is /usr/share/elasticsearch/config
[2019-02-15T17:44:19,663][ERROR][c.f.s.SearchGuardPlugin ] [U97bnWL] SSL not activated for http and/or transport.
SSL not activated for http and/or transport.
SSL not activated for http and/or transport.
[2019-02-15T17:44:19,687][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] JVM supports TLSv1.3
[2019-02-15T17:44:19,687][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] Config directory is /usr/share/elasticsearch/config/, from there the key- and truststore files are resolved relatively
[2019-02-15T17:44:19,687][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] TLS Transport Client Provider : null
[2019-02-15T17:44:19,688][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] TLS Transport Server Provider : null
[2019-02-15T17:44:19,689][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] TLS HTTP Provider : null
[2019-02-15T17:44:19,689][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] Enabled TLS protocols for transport layer :
[2019-02-15T17:44:19,689][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] [U97bnWL] Enabled TLS protocols for HTTP layer :
[2019-02-15T17:44:20,696][INFO ][c.f.s.SearchGuardPlugin ] [U97bnWL] Clustername: docker-cluster
[2019-02-15T17:44:20,710][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [U97bnWL] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.6.0.jar:6.6.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.6.0.jar:6.6.0]
Caused by: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:608) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:550) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:465) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:157) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:337) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.0.jar:6.6.0]
... 6 more
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:599) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:550) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:465) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:157) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:337) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.0.jar:6.6.0]
... 6 more
Caused by: java.lang.IllegalStateException: searchguard.ssl.transport.enabled must be set to ‘true’
at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:281) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:599) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:550) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:465) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:157) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:337) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.0.jar:6.6.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.0.jar:6.6.0]
... 6 more
``