elasticsearchyamlkibanaelastic-stackelasticsearch-x-pack

Can Elastic Search xpack security features be disabled after having had them enabled on a cluster?


I am running a 3 node Elastic Search 8.9 cluster, each on a separate VM, with a Kibana instance, all of them on Centos 7.9. Due to not being able to connect an app to the cluster I've decided to disable xpack and ssl security. As such, my config for one of the nodes, after taking out all security features looks like this:

cluster.name: application
node.name: node_1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.74
http.port: 9200
cluster.initial_master_nodes: ["elastic_master"]
http.host: 0.0.0.0

I tried to start the node again, however it fails with this error in the logs:

[2023-08-27T05:44:51,048][ERROR][o.e.b.Elasticsearch      ] [node_1] fatal exception while booting Elasticsearch
org.elasticsearch.ElasticsearchSecurityException: invalid configuration for xpack.security.transport.ssl - [xpack.security.transport.ssl.enabled] is not set, but the following settings have been configured in elasticsearch.yml : [xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]
        at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:650) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:624) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:159) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:495) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:324) ~[?:?]
        at org.elasticsearch.node.Node.lambda$new$16(Node.java:733) ~[elasticsearch-8.9.0.jar:?]
        at org.elasticsearch.plugins.PluginsService.lambda$flatMap$1(PluginsService.java:261) ~[elasticsearch-8.9.0.jar:?]
        at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
        at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?]
        at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?]
        at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?]
        at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?]
        at org.elasticsearch.node.Node.<init>(Node.java:748) ~[elasticsearch-8.9.0.jar:?]
        at org.elasticsearch.node.Node.<init>(Node.java:334) ~[elasticsearch-8.9.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:234) ~[elasticsearch-8.9.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:72) ~[elasticsearch-8.9.0.jar:?]

I've tried running unset ES_JAVA_OPTS. I've stopped all the other nodes as well as Kibana. I have checked the environment variables for anything elastic-related.

Each time I do systemctl start elasticsearch, it fails with the same error in the logs.

Is there a way to disable xpack security and ssl without having to redo the whole cluster?


Solution

  • ... but the following settings have been configured in elasticsearch.yml : [xpack.security.transport.ssl.keystore.secure_password,xpack.security.transport.ssl.truststore.secure_password]

    This means that the Elasticsearch keystore still contains secure passwords for the SSL configuration. You can remove them with the following commands:

    bin/elasticsearch-keystore remove xpack.security.transport.ssl.keystore.secure_password
    bin/elasticsearch-keystore remove xpack.security.transport.ssl.truststore.secure_password
    

    Also you should explicitly disable the security in your configuration:

    xpack.security.enabled: false