Unsupported setting in keystore preventing elasticsearch to start #43328
Labels
:Core/Infra/Settings
Settings infrastructure and APIs
Comments
|
Pinging @elastic/es-core-infra |
rjernst
added a commit
to rjernst/elasticsearch
that referenced
this issue
Jun 20, 2019
This commit tweaks the docs for secure settings to ensure the user is aware adding non secure settings to the keystore will result in elasticsearch not starting. fixes elastic#43328
|
I've opened #43454 to clarify in the docs a bit, to make it a little more clear what behavior to expect. |
rjernst
added a commit
that referenced
this issue
Jun 20, 2019
This commit tweaks the docs for secure settings to ensure the user is aware adding non secure settings to the keystore will result in elasticsearch not starting. fixes #43328 Co-Authored-By: James Rodewig <[email protected]>
rjernst
added a commit
that referenced
this issue
Jun 20, 2019
This commit tweaks the docs for secure settings to ensure the user is aware adding non secure settings to the keystore will result in elasticsearch not starting. fixes #43328 Co-Authored-By: James Rodewig <[email protected]>
rjernst
added a commit
that referenced
this issue
Jun 20, 2019
This commit tweaks the docs for secure settings to ensure the user is aware adding non secure settings to the keystore will result in elasticsearch not starting. fixes #43328 Co-Authored-By: James Rodewig <[email protected]>
rjernst
added a commit
that referenced
this issue
Jun 20, 2019
This commit tweaks the docs for secure settings to ensure the user is aware adding non secure settings to the keystore will result in elasticsearch not starting. fixes #43328 Co-Authored-By: James Rodewig <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Elasticsearch version (
bin/elasticsearch --version): 6.7Plugins installed: [N/A]
JVM version (
java -version): 1.8Description of the problem including expected versus actual behavior:
A user who was trying to configure a remote xpack monitoring exporter added the setting
xpack.monitoring.exporters.shared.auth.passwordto the keystore.The setting, together with the rest of the exporter setting in
elasticsearch.ymldidn't work, as the setting is not supported for a keystore. That's clearly identified in this doc:However, when the user cleaned the settings from elasticsearch.yml, elasticsearch did not start with this exception:
As there wasn't any track of the exporter in the cluster settings API, neither in elasticsearch.yml file, it took some time to the user to realize that the "unsupported" setting from the keystore was causing this (elasticsearch is internally receiving the setting and hence having an exporter defined with missing mandatory settings).
Once the setting was removed from the keystore, elasticsearch started without any issue.
From the document description the expectation could be that if the setting is not supported (cannot be read from the keystore) it shouldn't affect the system, so maybe adding a note in the doc might be helpful, as I don't think this is really a bug.
The note could be:
even if a setting is not designed to be read from a keystore, if added, it will be populated to elasticsearch when starting, which might cause unexpected issues. Avoid adding unsupported settings to the keystoreThe text was updated successfully, but these errors were encountered: