Securityadmin.sh is not work welll

#1

I run these commands according the documents on https://opendistro.github.io/for-elasticsearch-docs/docs/security/security-admin/#configure-the-admin-certificate, but failed, Is anyone
who occur the same problem?

./securityadmin.sh -cd ../securityconfig/ -icl -nhnv  -cacert ../../../config/root-ca.pem -cert ../../../config/kirk.pem -key ../../../config/kirk-key.pem
Open Distro Security Admin v6
Will connect to localhost:9300 ... done
ERR: An unexpected IllegalStateException occured: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
Trace:
java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:608)
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:113)
	at org.elasticsearch.client.transport.TransportClient.newPluginService(TransportClient.java:110)
	at org.elasticsearch.client.transport.TransportClient.buildTemplate(TransportClient.java:135)
	at org.elasticsearch.client.transport.TransportClient.<init>(TransportClient.java:277)
	at com.amazon.opendistroforelasticsearch.security.tools.OpenDistroSecurityAdmin$TransportClientImpl.<init>(OpenDistroSecurityAdmin.java:893)
	at com.amazon.opendistroforelasticsearch.security.tools.OpenDistroSecurityAdmin.main0(OpenDistroSecurityAdmin.java:453)
	at com.amazon.opendistroforelasticsearch.security.tools.OpenDistroSecurityAdmin.main(OpenDistroSecurityAdmin.java:133)
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:599)
	... 7 more
Caused by: ElasticsearchException[Unable to read ../../../config/kirk.pem (../../../config/kirk.pem). Please make sure this files exists and is readable regarding to permissions. Property: opendistro_security.ssl.transport.pemcert_filepath]
	at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.checkPath(DefaultOpenDistroSecurityKeyStore.java:822)
	at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.resolve(DefaultOpenDistroSecurityKeyStore.java:223)
	at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:338)
	at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:164)
	at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:207)
	at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:223)
	... 12 more
#2

Hello !

I think you have to give the rights to allow the script to be able to read the pem key.

Caused by: ElasticsearchException[Unable to read …/…/…/config/kirk.pem (…/…/…/config/kirk.pem). Please make sure this files exists and is readable regarding to permissions.

I think root:elasticsearch for the chown.
And read for all on the kirk.pem.

And be sure your path to the kirk.pem file is right :

…/…/…/config/kirk.pem

Maybe use absolute path.
Hope it helps.
Thi