Elasticsearch throws a warning because Transport SSL isn't enabled

[antoineco]

Elasticsearch is printing the following warning because we are enabling X-Pack security (ON by default since v8.0.0) but don't have Transport SSL enabled (not on the main branch, at least):

{
  "@timestamp": "2022-02-11T19:15:57.791Z",
  "log.level": "WARN",
  "message": "Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]",
  "ecs.version": "1.2.0",
  "service.name": "ES_ECS",
  "event.dataset": "elasticsearch.server",
  "process.thread.name": "main",
  "log.logger": "org.elasticsearch.bootstrap.BootstrapChecks",
  "elasticsearch.node.name": "06c05d6947c9",
  "elasticsearch.cluster.name": "docker-cluster"
}

Right now, this is not preventing Elasticsearch from starting, but I'm worried that it may in a future release, especially due to the usage of the term "must" in the log message. We should keep our eyes open.

---

As a reminder, the tls branch has Transport SSL enabled by default. However, there were concerns about making this the default, mostly due to the fact that private keys are public until the user manually rotates them.

docker-elk/elasticsearch/config/elasticsearch.yml

Lines 19 to 25 in ba9c2f3

	## Communications between nodes in a cluster
	## see https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#tls-transport
	#
	xpack.security.transport.ssl.enabled: true
	xpack.security.transport.ssl.verification_mode: certificate
	xpack.security.transport.ssl.keystore.path: elasticsearch.p12
	xpack.security.transport.ssl.truststore.path: elasticsearch.p12

[antoineco]

Update: the aforementioned concern was addressed in #790. Users are now required to generate their own X.509 certificates and private keys by running docker-compose up tls prior to starting the stack for the first time.