Elasticsearch cluster with xpack.security.enabled=true and xpack.security.transport.ssl.enabled=true

Hello everybody. I create elasticsearch cluster in nomad with xpack.security.enabled=false.
I wanna enable this parameters
“xpack.security.enabled=true”,
“xpack.security.transport.ssl.enabled=true” , but I have error

ERROR: Positional arguments not allowed, found [xpack.security.transport.ssl.enabled=true]

I know this is elasticsearch error, not nomad, but I cannot find good tutorial how can I secure elasticsearch in nomad - create and enable certs etc.

Here is my nomad plan:

{
“Stop”: false,
“Region”: “global”,
“Namespace”: “default”,
“ID”: “elasticsearch”,
“ParentID”: “”,
“Name”: “elasticsearch”,
“Type”: “service”,
“Priority”: 50,
“AllAtOnce”: false,
“Datacenters”: [
“XXXX”
],
“Constraints”: [
{
“LTarget”: “{node.class}", "RTarget": "hosting", "Operand": "=" } ], "Affinities": null, "Spreads": null, "TaskGroups": [ { "Name": "es-01", "Count": 1, "Update": { "Stagger": 120000000000, "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000, "ProgressDeadline": 600000000000, "AutoRevert": false, "AutoPromote": false, "Canary": 0 }, "Migrate": { "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000 }, "Constraints": null, "Scaling": null, "RestartPolicy": { "Attempts": 2, "Interval": 1800000000000, "Delay": 15000000000, "Mode": "fail" }, "Tasks": [ { "Name": "data", "Driver": "docker", "User": "elasticsearch", "Config": { "network_mode": "host", "args": [ "-E", "cluster.name={NOMAD_JOB_NAME}”,
“-E”,
“network.host=0.0.0.0”,
“-E”,
“network.publish_host={NOMAD_IP_rest}", "-E", "node.master=true", "-E", "node.data=true", "-E", "http.port=9200", "-E", "transport.tcp.port=9300", "-E", "gateway.expected_data_nodes=3", "-E", "discovery.seed_hosts=elasticsearch-data-discovery.service.consul", "-E", "cluster.initial_master_nodes=host1, host2, host3", "-E", "xpack.security.enabled=true", "xpack.security.transport.ssl.enabled=true" ], "command": "bin/elasticsearch", "image": "docker.elastic.co/elasticsearch/elasticsearch:7.9.0" }, "Env": { "ES_JAVA_OPTS": "-Xms6g -Xmx6g", "BUMP": "1" }, "Services": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-discovery", "TaskName": "", "PortLabel": "transport", "AddressMode": "auto", "EnableTagOverride": false, "Tags": null, "CanaryTags": null, "Checks": null, "Connect": null, "Meta": null, "CanaryMeta": null }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}", "TaskName": "", "PortLabel": "rest", "AddressMode": "auto", "EnableTagOverride": false, "Tags": [ "urlprefix-elasticsearch/" ], "CanaryTags": null, "Checks": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-tcp", "Type": "tcp", "Command": "", "Args": null, "Path": "", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-http", "Type": "http", "Command": "", "Args": null, "Path": "/", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-transport-tcp", "Type": "tcp", "Command": "", "Args": null, "Path": "", "Protocol": "", "PortLabel": "transport", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" } ], "Connect": null, "Meta": null, "CanaryMeta": null } ], "Vault": null, "Templates": null, "Constraints": null, "Affinities": null, "Resources": { "CPU": 51200, "MemoryMB": 16384, "DiskMB": 0, "IOPS": 0, "Networks": [ { "Mode": "", "Device": "", "CIDR": "", "IP": "", "MBits": 100, "DNS": null, "ReservedPorts": [ { "Label": "rest", "Value": 9200, "To": 0, "HostNetwork": "default" }, { "Label": "transport", "Value": 9300, "To": 0, "HostNetwork": "default" } ], "DynamicPorts": null } ], "Devices": null }, "RestartPolicy": { "Attempts": 2, "Interval": 1800000000000, "Delay": 15000000000, "Mode": "fail" }, "DispatchPayload": null, "Lifecycle": null, "Meta": null, "KillTimeout": 5000000000, "LogConfig": { "MaxFiles": 10, "MaxFileSizeMB": 10 }, "Artifacts": null, "Leader": false, "ShutdownDelay": 0, "VolumeMounts": [ { "Volume": "es-01", "Destination": "/usr/share/elasticsearch/data", "ReadOnly": false, "PropagationMode": "private" } ], "KillSignal": "", "Kind": "", "CSIPluginConfig": null } ], "EphemeralDisk": { "Sticky": false, "SizeMB": 300, "Migrate": false }, "Meta": null, "ReschedulePolicy": { "Attempts": 0, "Interval": 0, "Delay": 30000000000, "DelayFunction": "exponential", "MaxDelay": 3600000000000, "Unlimited": true }, "Affinities": null, "Spreads": null, "Networks": null, "Services": null, "Volumes": { "es-01": { "Name": "es-01", "Type": "host", "Source": "es-01", "ReadOnly": false, "MountOptions": null } }, "ShutdownDelay": null, "StopAfterClientDisconnect": null }, { "Name": "es-02", "Count": 1, "Update": { "Stagger": 120000000000, "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000, "ProgressDeadline": 600000000000, "AutoRevert": false, "AutoPromote": false, "Canary": 0 }, "Migrate": { "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000 }, "Constraints": null, "Scaling": null, "RestartPolicy": { "Attempts": 2, "Interval": 1800000000000, "Delay": 15000000000, "Mode": "fail" }, "Tasks": [ { "Name": "data", "Driver": "docker", "User": "elasticsearch", "Config": { "image": "docker.elastic.co/elasticsearch/elasticsearch:7.9.0", "network_mode": "host", "args": [ "-E", "cluster.name={NOMAD_JOB_NAME}”,
“-E”,
“network.host=0.0.0.0”,
“-E”,
“network.publish_host={NOMAD_IP_rest}", "-E", "node.master=true", "-E", "node.data=true", "-E", "http.port=9200", "-E", "transport.tcp.port=9300", "-E", "gateway.expected_data_nodes=3", "-E", "discovery.seed_hosts=elasticsearch-data-discovery.service.consul", "-E", "cluster.initial_master_nodes=host1, host2, host3", "-E", "xpack.security.enabled=true", "xpack.security.transport.ssl.enabled=true" ], "command": "bin/elasticsearch" }, "Env": { "BUMP": "1", "ES_JAVA_OPTS": "-Xms6g -Xmx6g" }, "Services": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-discovery", "TaskName": "", "PortLabel": "transport", "AddressMode": "auto", "EnableTagOverride": false, "Tags": null, "CanaryTags": null, "Checks": null, "Connect": null, "Meta": null, "CanaryMeta": null }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}", "TaskName": "", "PortLabel": "rest", "AddressMode": "auto", "EnableTagOverride": false, "Tags": [ "urlprefix-elasticsearch/" ], "CanaryTags": null, "Checks": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-tcp", "Type": "tcp", "Command": "", "Args": null, "Path": "", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-http", "Type": "http", "Command": "", "Args": null, "Path": "/", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-transport-tcp", "Type": "tcp", "Command": "", "Args": null, "Path": "", "Protocol": "", "PortLabel": "transport", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" } ], "Connect": null, "Meta": null, "CanaryMeta": null } ], "Vault": null, "Templates": null, "Constraints": null, "Affinities": null, "Resources": { "CPU": 51200, "MemoryMB": 16384, "DiskMB": 0, "IOPS": 0, "Networks": [ { "Mode": "", "Device": "", "CIDR": "", "IP": "", "MBits": 100, "DNS": null, "ReservedPorts": [ { "Label": "rest", "Value": 9200, "To": 0, "HostNetwork": "default" }, { "Label": "transport", "Value": 9300, "To": 0, "HostNetwork": "default" } ], "DynamicPorts": null } ], "Devices": null }, "RestartPolicy": { "Attempts": 2, "Interval": 1800000000000, "Delay": 15000000000, "Mode": "fail" }, "DispatchPayload": null, "Lifecycle": null, "Meta": null, "KillTimeout": 5000000000, "LogConfig": { "MaxFiles": 10, "MaxFileSizeMB": 10 }, "Artifacts": null, "Leader": false, "ShutdownDelay": 0, "VolumeMounts": [ { "Volume": "es-02", "Destination": "/usr/share/elasticsearch/data", "ReadOnly": false, "PropagationMode": "private" } ], "KillSignal": "", "Kind": "", "CSIPluginConfig": null } ], "EphemeralDisk": { "Sticky": false, "SizeMB": 300, "Migrate": false }, "Meta": null, "ReschedulePolicy": { "Attempts": 0, "Interval": 0, "Delay": 30000000000, "DelayFunction": "exponential", "MaxDelay": 3600000000000, "Unlimited": true }, "Affinities": null, "Spreads": null, "Networks": null, "Services": null, "Volumes": { "es-02": { "Name": "es-02", "Type": "host", "Source": "es-02", "ReadOnly": false, "MountOptions": null } }, "ShutdownDelay": null, "StopAfterClientDisconnect": null }, { "Name": "es-03", "Count": 1, "Update": { "Stagger": 120000000000, "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000, "ProgressDeadline": 600000000000, "AutoRevert": false, "AutoPromote": false, "Canary": 0 }, "Migrate": { "MaxParallel": 1, "HealthCheck": "checks", "MinHealthyTime": 10000000000, "HealthyDeadline": 300000000000 }, "Constraints": null, "Scaling": null, "RestartPolicy": { "Attempts": 2, "Interval": 1800000000000, "Delay": 15000000000, "Mode": "fail" }, "Tasks": [ { "Name": "data", "Driver": "docker", "User": "elasticsearch", "Config": { "args": [ "-E", "cluster.name={NOMAD_JOB_NAME}”,
“-E”,
“network.host=0.0.0.0”,
“-E”,
“network.publish_host={NOMAD_IP_rest}", "-E", "node.master=true", "-E", "node.data=true", "-E", "http.port=9200", "-E", "transport.tcp.port=9300", "-E", "gateway.expected_data_nodes=2", "-E", "discovery.seed_hosts=elasticsearch-data-discovery.service.consul", "-E", "cluster.initial_master_nodes=host1, host2, host3", "-E", "xpack.security.enabled=true", "xpack.security.transport.ssl.enabled=true" ], "command": "bin/elasticsearch", "image": "docker.elastic.co/elasticsearch/elasticsearch:7.9.0", "network_mode": "host" }, "Env": { "ES_JAVA_OPTS": "-Xms6g -Xmx6g", "BUMP": "1" }, "Services": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-discovery", "TaskName": "", "PortLabel": "transport", "AddressMode": "auto", "EnableTagOverride": false, "Tags": null, "CanaryTags": null, "Checks": null, "Connect": null, "Meta": null, "CanaryMeta": null }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}", "TaskName": "", "PortLabel": "rest", "AddressMode": "auto", "EnableTagOverride": false, "Tags": [ "urlprefix-elasticsearch/" ], "CanaryTags": null, "Checks": [ { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-tcp", "Type": "tcp", "Command": "", "Args": null, "Path": "", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-{NOMAD_TASK_NAME}-rest-http", "Type": "http", "Command": "", "Args": null, "Path": "/", "Protocol": "", "PortLabel": "rest", "Expose": false, "AddressMode": "", "Interval": 10000000000, "Timeout": 2000000000, "InitialStatus": "", "TLSSkipVerify": false, "Method": "", "Header": null, "CheckRestart": null, "GRPCService": "", "GRPCUseTLS": false, "TaskName": "" }, { "Name": "{NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}-transport-tcp”,
“Type”: “tcp”,
“Command”: “”,
“Args”: null,
“Path”: “”,
“Protocol”: “”,
“PortLabel”: “transport”,
“Expose”: false,
“AddressMode”: “”,
“Interval”: 10000000000,
“Timeout”: 2000000000,
“InitialStatus”: “”,
“TLSSkipVerify”: false,
“Method”: “”,
“Header”: null,
“CheckRestart”: null,
“GRPCService”: “”,
“GRPCUseTLS”: false,
“TaskName”: “”
}
],
“Connect”: null,
“Meta”: null,
“CanaryMeta”: null
}
],
“Vault”: null,
“Templates”: null,
“Constraints”: null,
“Affinities”: null,
“Resources”: {
“CPU”: 51200,
“MemoryMB”: 16384,
“DiskMB”: 0,
“IOPS”: 0,
“Networks”: [
{
“Mode”: “”,
“Device”: “”,
“CIDR”: “”,
“IP”: “”,
“MBits”: 100,
“DNS”: null,
“ReservedPorts”: [
{
“Label”: “rest”,
“Value”: 9200,
“To”: 0,
“HostNetwork”: “default”
},
{
“Label”: “transport”,
“Value”: 9300,
“To”: 0,
“HostNetwork”: “default”
}
],
“DynamicPorts”: null
}
],
“Devices”: null
},
“RestartPolicy”: {
“Attempts”: 2,
“Interval”: 1800000000000,
“Delay”: 15000000000,
“Mode”: “fail”
},
“DispatchPayload”: null,
“Lifecycle”: null,
“Meta”: null,
“KillTimeout”: 5000000000,
“LogConfig”: {
“MaxFiles”: 10,
“MaxFileSizeMB”: 10
},
“Artifacts”: null,
“Leader”: false,
“ShutdownDelay”: 0,
“VolumeMounts”: [
{
“Volume”: “es-03”,
“Destination”: “/usr/share/elasticsearch/data”,
“ReadOnly”: false,
“PropagationMode”: “private”
}
],
“KillSignal”: “”,
“Kind”: “”,
“CSIPluginConfig”: null
}
],
“EphemeralDisk”: {
“Sticky”: false,
“SizeMB”: 300,
“Migrate”: false
},
“Meta”: null,
“ReschedulePolicy”: {
“Attempts”: 0,
“Interval”: 0,
“Delay”: 30000000000,
“DelayFunction”: “exponential”,
“MaxDelay”: 3600000000000,
“Unlimited”: true
},
“Affinities”: null,
“Spreads”: null,
“Networks”: null,
“Services”: null,
“Volumes”: {
“es-03”: {
“Name”: “es-03”,
“Type”: “host”,
“Source”: “es-03”,
“ReadOnly”: false,
“MountOptions”: null
}
},
“ShutdownDelay”: null,
“StopAfterClientDisconnect”: null
},
{
“Name”: “kibana”,
“Count”: 1,
“Update”: {
“Stagger”: 120000000000,
“MaxParallel”: 1,
“HealthCheck”: “checks”,
“MinHealthyTime”: 10000000000,
“HealthyDeadline”: 300000000000,
“ProgressDeadline”: 600000000000,
“AutoRevert”: false,
“AutoPromote”: false,
“Canary”: 0
},
“Migrate”: {
“MaxParallel”: 1,
“HealthCheck”: “checks”,
“MinHealthyTime”: 10000000000,
“HealthyDeadline”: 300000000000
},
“Constraints”: null,
“Scaling”: null,
“RestartPolicy”: {
“Attempts”: 2,
“Interval”: 1800000000000,
“Delay”: 15000000000,
“Mode”: “fail”
},
“Tasks”: [
{
“Name”: “server”,
“Driver”: “docker”,
“User”: “kibana”,
“Config”: {
“image”: “docker.elastic.co/kibana/kibana:7.9.0”,
“network_mode”: “host”
},
“Env”: {
“ELASTICSEARCH_HOSTS”: “http://elasticsearch-data.service.consul:9200”,
“SERVER_NAME”: “kibana”
},
“Services”: [
{
“Name”: “kibana”,
“TaskName”: “”,
“PortLabel”: “http”,
“AddressMode”: “auto”,
“EnableTagOverride”: false,
“Tags”: [
“urlprefix-kibana/”
],
“CanaryTags”: null,
“Checks”: [
{
“Name”: “kibana-http”,
“Type”: “http”,
“Command”: “”,
“Args”: null,
“Path”: “/”,
“Protocol”: “”,
“PortLabel”: “http”,
“Expose”: false,
“AddressMode”: “”,
“Interval”: 60000000000,
“Timeout”: 5000000000,
“InitialStatus”: “”,
“TLSSkipVerify”: false,
“Method”: “”,
“Header”: null,
“CheckRestart”: null,
“GRPCService”: “”,
“GRPCUseTLS”: false,
“TaskName”: “”
}
],
“Connect”: null,
“Meta”: null,
“CanaryMeta”: null
}
],
“Vault”: null,
“Templates”: null,
“Constraints”: null,
“Affinities”: null,
“Resources”: {
“CPU”: 4096,
“MemoryMB”: 2048,
“DiskMB”: 0,
“IOPS”: 0,
“Networks”: [
{
“Mode”: “”,
“Device”: “”,
“CIDR”: “”,
“IP”: “”,
“MBits”: 100,
“DNS”: null,
“ReservedPorts”: [
{
“Label”: “http”,
“Value”: 5601,
“To”: 0,
“HostNetwork”: “default”
}
],
“DynamicPorts”: null
}
],
“Devices”: null
},
“RestartPolicy”: {
“Attempts”: 2,
“Interval”: 1800000000000,
“Delay”: 15000000000,
“Mode”: “fail”
},
“DispatchPayload”: null,
“Lifecycle”: null,
“Meta”: null,
“KillTimeout”: 5000000000,
“LogConfig”: {
“MaxFiles”: 10,
“MaxFileSizeMB”: 10
},
“Artifacts”: null,
“Leader”: false,
“ShutdownDelay”: 0,
“VolumeMounts”: null,
“KillSignal”: “”,
“Kind”: “”,
“CSIPluginConfig”: null
}
],
“EphemeralDisk”: {
“Sticky”: true,
“SizeMB”: 500,
“Migrate”: true
},
“Meta”: null,
“ReschedulePolicy”: {
“Attempts”: 0,
“Interval”: 0,
“Delay”: 30000000000,
“DelayFunction”: “exponential”,
“MaxDelay”: 3600000000000,
“Unlimited”: true
},
“Affinities”: null,
“Spreads”: null,
“Networks”: null,
“Services”: null,
“Volumes”: null,
“ShutdownDelay”: null,
“StopAfterClientDisconnect”: null
}
],
“Update”: {
“Stagger”: 120000000000,
“MaxParallel”: 1,
“HealthCheck”: “”,
“MinHealthyTime”: 0,
“HealthyDeadline”: 0,
“ProgressDeadline”: 0,
“AutoRevert”: false,
“AutoPromote”: false,
“Canary”: 0
},
“Multiregion”: null,
“Periodic”: null,
“ParameterizedJob”: null,
“Dispatched”: false,
“Payload”: null,
“Meta”: null,
“ConsulToken”: “”,
“VaultToken”: “”,
“NomadTokenID”: “”,
“Status”: “running”,
“StatusDescription”: “”,
“Stable”: true,
“Version”: 91,
“SubmitTime”: 1609947957214725400,
“CreateIndex”: 5725,
“ModifyIndex”: 251963,
“JobModifyIndex”: 251929
}