Installing search-guard-kibana-plugin failed

256 views
Skip to first unread message

Li Cui

unread,
Aug 22, 2018, 1:26:06 AM8/22/18
to Search Guard Community Forum
Hello,

I downloaded the  search-guard-kibana-plugin-6.3.2-14.zip and sftp to the Kibana server (elasticseach on the same server).
executed the installation as below, it failed. Any idea what went wrong? 

[root@xxxx kibana]# ./bin/kibana-plugin install file:search-guard-kibana-plugin-6.3.2-14.zip
Found previous install attempt. Deleting...
Attempting to transfer from file:search-guard-kibana-plugin-6.3.2-14.zip
Transferring 3101353 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli --env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR YAMLException: can not read a block mapping entry; a multiline key may not be an implicit key at line 41, column 1:
    # The default application to load.
    ^
    at generateError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:160:10)
    at throwError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:166:9)
    at readBlockMapping (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1027:9)
    at composeNode (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1315:12)
    at readDocument (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1478:3)
    at loadDocuments (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1538:5)
    at load (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1555:19)
    at safeLoad (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1573:10)
    at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:56)
    at Array.map (<anonymous>)
"
===============
Thanks in advance

Li

Jochen Kressin

unread,
Aug 22, 2018, 10:48:45 AM8/22/18
to Search Guard Community Forum
My best guess here is that your kibana.yml has some syntax errors. Does Kibana start without SG installed? Can you post your kibana.yml here?

Li Cui

unread,
Aug 22, 2018, 10:33:38 PM8/22/18
to search...@googlegroups.com
Thank you this was due my tapo in the kibana.yml
Now Kibana, Elasticsearch, and logstash all are up and running. 
What should we do on the clients, eg... on the filebeat, metricbeat, winlogbeat, etc on separated servers?
I could not find the information on how to set up SG for filebeat/metricbeat....
I started my filebeat on a remote linux server, it is set to send logs to logstash, but I don't see any incoming data events on kibana...

When trying to push the dashboards to kibana, I got the following, it looks like filebeat communicates with Elastic using HTTP instead of HTTPS.
If we enable HTTPS on filebeat, do we have to ship the client certificates to the filebeat server?
Do you have any documents on how to set up filebeat/metricbeat... etc with search-guard enabled?

[ec2-user@ixxxxxx ~]$ sudo filebeat setup --dashboards
Loading dashboards (Kibana must be running and reachable)
Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kibana: Error importing directory /usr/share/filebeat/kibana: Failed to import index-pattern: Failed to load directory /usr/share/filebeat/kibana/6/index-pattern:
  error loading /usr/share/filebeat/kibana/6/index-pattern/filebeat.json: fail to execute the HTTP POST request: Post http://xx.xx.xx.xx.:5601/api/kibana/dashboards/import?force=true: net/http: request canceled (Client.Timeout exceeded while awaiting headers). Response:


Here is the logstash pipeline.yml on logstash node:
=======================
input {
  beats {
    port => 5044
  }
}

# The filter part of this file is commented out to indicate that it
# is optional.
# filter {
#
# }

output {
  elasticsearch {
    user => logstash
    password => logstash
    ssl => true
    action => "index"
    hosts => ["xx.xx.xx.xx"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

==========================

The attached please find the, filebeat.yml,  logstash.yml and elasticsearch.yml


Please take a look and help.

Thank you very much

Li




--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0430cc87-b710-44c6-8b40-a68561cf8d01%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

elasticsearch-sg.yml
logstash-sg.yml
filebeat_sg.yml

Li Cui

unread,
Aug 22, 2018, 10:52:35 PM8/22/18
to search...@googlegroups.com
I saw in the elasticsearch log a lot of WARNINGs as below:

==============\
...

        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
[2018-08-23T02:40:37,613][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [node1] caught exception while handling client http traffic, closing connection [id: 0x09b5e18c, L:0.0.0.0/0.0.0.0:9
java.lang.NullPointerException: ssl
        at io.netty.internal.tcnative.SSL.getHandshakeCount(Native Method) ~[netty-tcnative-openssl-1.0.2-dynamic-2.0.7.Final-fedora-linux-x86_64.jar:2.0.7.Final]
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.rejectRemoteInitiatedRenegotiation(ReferenceCountedOpenSslEngine.java:1118) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1081) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1170) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
...
================

Was this due to the SSL was not set on client (filebeat) side? If so, how should we do?  

Thanks

Li

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.

Manjushree Gokhale

unread,
Oct 31, 2018, 1:36:51 AM10/31/18
to Search Guard Community Forum
i checked my kibana.yml and it seems good to me but still i am getting installation error.
please see the logs 
Attempting to transfer from https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.3.2-15/search-guard-kibana-plugin-6.3.2-15.zip
Transferring 2054581 bytes....................

Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli --env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR Error: ENOENT: no such file or directory, open '/usr/share/kibana/config/kibana.yml'
at Object.fs.openSync (fs.js:646:18)
at fs.readFileSync (fs.js:551:33)
at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:78)

at Array.map (<anonymous>)
at readYamlConfig (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:23)
at readServerSettings (/usr/share/kibana/src/cli/serve/serve.js:150:57)
at getCurrentSettings (/usr/share/kibana/src/cli/serve/serve.js:32:38)
at Command.<anonymous> (/usr/share/kibana/src/cli/serve/serve.js:33:22)
at Command.<anonymous> (/usr/share/kibana/src/cli/command.js:97:20)
at Command.listener (/usr/share/kibana/node_modules/commander/index.js:301:8)
"
The command '/bin/sh -c kibana-plugin install https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.3.2-15/search-guard-kibana-plugin-6.3.2-15.zip' returned a non-zero code: 70
ERROR: Job failed: exit code 1 


Reply all
Reply to author
Forward
0 new messages