sgadmin.sh error
85 views
Skip to first unread message
SAI KRISHNA GHANTA
Aug 4, 2016, 5:48:42 AM8/4/16
to Search Guard
[root@elkman ~]$ /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.0.1 -p 9300 -ks /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks -ts /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks -kspass changeit -tspass changeit -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn es_cluster -sniff -us 0
Connect to 192.168.0.1:9300
[09:36:21,060][ERROR] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Karen Page] SSL Problem General OpenSslEngine problem
javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:465)
at org.apache.tomcat.jni.SSL.readFromSSL(Native Method)
at io.netty.handler.ssl.OpenSslEngine.readPlaintextData(OpenSslEngine.java:377)
at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:725)
at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:831)
at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:874)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ip-192.168.0.1 found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at io.netty.handler.ssl.OpenSslClientContext$1.verify(OpenSslClientContext.java:256)
at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:461)
... 24 more
ERR: Cannot connect to elasticsearch. Please refer to elasticsearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{192.168.0.1}{localhost/192.168.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:290)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:207)
at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:250)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)
[root@elkman ~]$ netstat -anp | grep LISTEN | grep java
tcp6 0 0 192.168.0.1:9200 :::* LISTEN 8364/java
tcp6 0 0 192.168.0.1:9201 :::* LISTEN 8276/java
tcp6 0 0 192.168.0.1:9202 :::* LISTEN 8455/java
tcp6 0 0 192.168.0.1:9300 :::* LISTEN 8276/java
tcp6 0 0 192.168.0.1:9301 :::* LISTEN 8364/java
tcp6 0 0 192.168.0.1:9302 :::* LISTEN 8455/java
PIDs:
8276: ES-Master Node
8364: ES-Data Node
8364: ES-Data Node
8455: ES-SLB Node
Please help me.
SG
Aug 4, 2016, 4:22:03 PM8/4/16
to search...@googlegroups.com
Add -nhnv to sgadmin.sh command line and make sure in elasticsearch.yml you configure
searchguard.ssl.transport.enforce_hostname_verification: false
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2835146f-0606-41a1-a5ee-57bbe0971989%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
searchguard.ssl.transport.enforce_hostname_verification: false
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2835146f-0606-41a1-a5ee-57bbe0971989%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
SAI KRISHNA GHANTA
Aug 4, 2016, 4:28:35 PM8/4/16
to Search Guard
Thanks for the reply. I was able to resolve the issue. I will try to post my successful implementation is steps in new thread which might be helpful for others along with areas we might do errors. I have been working on figuring the issues for a month.
And is there way to customize the error messages which pops when accessing indices unauthorized to user? For instance, the error just pops.. saying no permissions for indices:data/read/get etc... Can we modify somewhere to notify the user with custom error message?
And is there way to customize the error messages which pops when accessing indices unauthorized to user? For instance, the error just pops.. saying no permissions for indices:data/read/get etc... Can we modify somewhere to notify the user with custom error message?
SG
Aug 20, 2016, 3:44:13 AM8/20/16
to search...@googlegroups.com
> Am 04.08.2016 um 22:28 schrieb SAI KRISHNA GHANTA <ghanta.s...@gmail.com>:
>
> Thanks for the reply. I was able to resolve the issue. I will try to post my successful implementation is steps in new thread which might be helpful for others along with areas we might do errors. I have been working on figuring the issues for a month.
>
> And is there way to customize the error messages which pops when accessing indices unauthorized to user? For instance, the error just pops.. saying no permissions for indices:data/read/get etc... Can we modify somewhere to notify the user with custom error message?
>
Reply all
Reply to author
Forward
0 new messages