Hi all,
I am running a small single-node setup of opendistro running locally on docker. I use the offline-tls-tool from search-guard to generate my tls certificates using the following configuration:
ca:
root:
dn: CN=MyCompany Root CA,OU=MyCompany Root CA,O=MyCompany,L=test,C=de,DC=example,DC=com
keysize: 2048
pkPassword: none
file: root-ca.pem
defaults:
pkPassword: none
generatedPasswordLength: 12
nodesDn:
- "CN=*.example.com,OU=Ops,O=MyCompany,L=test,C=de"
httpsEnabled: true
reuseTransportCertificatesForHttp: true
nodes:
- name: esnode1
dn: CN=node-0.example.com,OU=node,O=node,L=test,DC=de
dns: node1.example.com
clients:
- name: kibana
dn: CN=kibana,OU=Ops,O=MyCompany,L=test,C=de
- name: admin
dn: CN=admin,OU=client,O=client,L=test,C=de
admin: true
The single elasticsearch node starts up, then I update the security configuration with the command:
./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert ../../../config/root-ca.pem -cert ../../../config/admin.pem -key ../../../config/admin.key
which finishes successfully. I have not changed the configuration files for internal_users, roles, tenants etc.
I am at a loss then why I get the following error in the kibana docker logs:
log [09:03:50.049] [error][data][elasticsearch] Request error, retrying
GET https://esnode1:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => connect ECONNREFUSED 172.19.0.3:9200
log [09:03:55.048] [warning][data][elasticsearch] Unable to revive connection: https://esnode1:9200/
log [09:03:55.049] [warning][data][elasticsearch] No living connections
I think I am missing something fundamental, as I have zero to no experience with SSL/TLS certificates, so any help would be very appreciated.