When asking questions, please provide the following information:
* Search Guard and Elasticsearch version: 5.4.1
* Installed and used enterprise modules, if any: none
* JVM version and operating system version: JVM: 1.8.0, Centos 7.6
* Other installed Elasticsearch or Kibana plugins, if any: ingest-geoip, ingest-user-agent
I'm trying to install Search Guard. I'm to the point where I run sgadmin.sh --enable-shard-allocation. I get:
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 ... done
Unable to check whether cluster is sane: Cannot authenticate null
ERR: EMAILADDRESS=ish...@xxpq.com,CN=*.xxpq.com,O=Xxpq\, Inc.,L=Washington,ST=District of Columbia,C=US is not an admin user Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:
Please note that if add the setting exactly as specified, elasticscearch will not start, with the error:
The issue seems to be the comma. If I don't escape it, elasticsearch starts, but sgadmin.sh complains with the error above.
# grep admin_dn /etc/elasticsearch/elasticsearch.yml
searchguard.authcz.admin_dn: [ "EMAILADDRESS=ish...@xxpq.com,CN=*.xxpq.com,O=Xxpq, Inc.,L=Washington,ST=District of Columbia,C=US" ]
So it's a catch 22 situation. Any suggestions?