#Need_help # Unable to run sgadmin.sh through ansible, but it runs manually fine.

[Bishwajit Samanta]

ElasticSearch: 2.4.2

Search-Guard-2

Search-Guard-ssl-2.4.2.19

Error Output::-
--------------------

This was the script which was executing through Ansible, which gives below error.

- name: Executing the script sgadmin

  command: /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740

  ignore_errors: True 

fatal: [192.168.56.121]: FAILED! => {"changed": true, "cmd": ["/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh", "-h", "192.168.56.121", "-cd", "/usr/share/elasticsearch/plugins/search-guard-2/sgconfig/", "-ks", "/etc/elasticsearch/node-0-keystore.jks", "-ts", "/etc/elasticsearch/truststore.jks", "-nhnv", "-icl", "-p", "9740"], "delta": "0:00:03.826732", "end": "2018-04-21 12:08:18.279157", "msg": "non-zero return code", "rc": 255, "start": "2018-04-21 12:08:14.452425", "stderr": "[searchguard] IndexAlreadyExistsException[already exists]\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)\n\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)\n\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)\n\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat java.lang.Thread.run(Thread.java:748)", "stderr_lines": ["[searchguard] IndexAlreadyExistsException[already exists]", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)", "\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)", "\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)", "\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)", "\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)", "\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)", "\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)", "\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)", "\tat java.lang.Thread.run(Thread.java:748)"], "stdout": "Will connect to 192.168.56.121:9740 ... done\nContacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...\nClustername: my-second-cluster\nClusterstate: GREEN\nNumber of nodes: 2\nNumber of data nodes: 2\nsearchguard index does not exists, attempt to create it ... ERR: An unexpected IndexAlreadyExistsException occured: already exists\nTrace:", "stdout_lines": ["Will connect to 192.168.56.121:9740 ... done", "Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...", "Clustername: my-second-cluster", "Clusterstate: GREEN", "Number of nodes: 2", "Number of data nodes: 2", "searchguard index does not exists, attempt to create it ... ERR: An unexpected IndexAlreadyExistsException occured: already exists", "Trace:"]}

But if i run the same script manually, it works out::-
--------------------------------------------------------------------

root@Ansible-Devops-01:/etc# /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740

Will connect to 192.168.56.121:9740 ... done

Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...

Clustername: my-second-cluster

Clusterstate: GREEN

Number of nodes: 2

Number of data nodes: 2

searchguard index already exists, so we do not need to create one.

Populate config from /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/

Will update 'config' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_config.yml

   SUCC: Configuration for 'config' created or updated

Will update 'roles' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles.yml

   SUCC: Configuration for 'roles' created or updated

Will update 'rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles_mapping.yml

   SUCC: Configuration for 'rolesmapping' created or updated

Will update 'internalusers' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_internal_users.yml

   SUCC: Configuration for 'internalusers' created or updated

Will update 'actiongroups' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_action_groups.yml

   SUCC: Configuration for 'actiongroups' created or updated

Done with success

Also i am noticing some thing in the my-second-cluster.log::

----------------------------------------------------------------------------------

[2018-04-21 12:10:56,222][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:11:39,978][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:13:08,099][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:13:08,106][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[SG]

Elasticsearch and Search Guard 2.4.x is end of life (EOL).
Therefore we do not longer provide support, pls. upgrade to latest 5.6.x or 6.2.x

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2e5028ec-c786-4d44-ab42-98a9fc3bc1e7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.