root@ip-172-31-27-116:/usr/share/elasticsearch/plugins/search-guard-5/tools# ./sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cn actual-cluster -cert /etc/elasticsearch/elastic-master.x-x.com/x-x.com.crt -cacert /etc/elasticsearch/elastic-master.x-x.com/x-x.com.crt -nhnv --diagnose
WARNING: JAVA_HOME not set, will use /usr/bin/java
Search Guard Admin v5
Will connect to localhost:9300 ... done
### LICENSE NOTICE Search Guard ###
If you use one or more of the following features in production
make sure you have a valid Search Guard license
(See https://floragunn.com/searchguard-validate-license)
* Kibana Multitenancy
* LDAP authentication/authorization
* Active Directory authentication/authorization
* REST Management API
* JSON Web Token (JWT) authentication/authorization
* Kerberos authentication/authorization
* Document- and Fieldlevel Security (DLS/FLS)
* Auditlogging
In case of any doubt mail to <sales@floragunn.com>
###################################
ERR: An unexpected ElasticsearchException occured: Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
Trace:
ElasticsearchException[Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]]; nested: InvocationTargetException; nested: ElasticsearchException[Is a directory: /usr/share/elasticsearch/plugins/search-guard-5/tools Expected file!];
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:434)
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:103)
at org.elasticsearch.client.transport.TransportClient.newPluginService(TransportClient.java:101)
at org.elasticsearch.client.transport.TransportClient.buildTemplate(TransportClient.java:126)
at org.elasticsearch.client.transport.TransportClient.<init>(TransportClient.java:254)
at com.floragunn.searchguard.tools.SearchGuardAdmin$TransportClientImpl.<init>(SearchGuardAdmin.java:715)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:370)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:109)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:423)
... 7 more
Caused by: ElasticsearchException[Is a directory: /usr/share/elasticsearch/plugins/search-guard-5/tools Expected file!]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.checkStorePath(DefaultSearchGuardKeyStore.java:686)
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:271)
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:150)
at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:237)
... 12 more
[2017-07-26T15:18:44,134][WARN ][c.f.s.a.BackendRegistry ] Transport authentication finally failed for CN=*.x,O=x,L=x,x=x,C=GB
[2017-07-26T15:18:44,134][ERROR][c.f.s.t.SearchGuardRequestHandler] Cannot authenticate null
[2017-07-26T16:39:53,456][ERROR][c.f.s.t.SearchGuardRequestHandler] Error validating header
Caused by: org.elasticsearch.transport.RemoteTransportException: [34.248.89.180-x-x.x-x.com][172.31.27.116:9300][internal:transport/handshake]
Caused by: org.elasticsearch.ElasticsearchException: bad header found
root@ip-172-31-27-116:~# cat /etc/elasticsearch/elastic-master.x-x.com/elasticsearch.yml
cluster.name: actual-cluster
discovery.zen.ping.unicast.hosts:
- 172.31.27.116:9300
- 172.31.22.225:9300
http.port: 9200
node.data: false
node.master: true
transport.tcp.port: 9300
node.name: 34.248.89.180-elastic-master.x-x.com
network.host: 0.0.0.0
searchguard.ssl.transport.pemkey_filepath: x-x.com.key
searchguard.ssl.transport.pemcert_filepath: x-x.com.crt
searchguard.ssl.transport.pemtrustedcas_filepath: x-x.com.crt
searchguard.ssl.http.pemkey_filepath: x-x.com.key
searchguard.ssl.http.pemcert_filepath: x-x.com.crt
searchguard.ssl.http.pemtrustedcas_filepath: x-x.com.crt
searchguard.authcz.admin_dn:
- CN=*.x-x.com,O=x x PLC,L=x,ST=x,C=GB
searchguard.ssl.transport.enforce_hostname_verification: false
#################################### Paths ####################################
# Path to directory containing configuration (this file and logging.yml):
path.conf: /etc/elasticsearch/elastic-master.x-x.com
path.data: /var/lib/elasticsearch/34.248.89.180-elastic-master.x-x.com
path.logs: /var/log/elasticsearch/34.248.89.180-elastic-x.x-x.com
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/TmyxeWwCuYA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/53df2662-b436-4caf-b845-c403424f9422%40googlegroups.com.
Clustername: actual-clusterClusterstate: GREENNumber of nodes: 2Number of data nodes: 1ERR: An unexpected ElasticsearchSecurityException occured: Search Guard not initialized (SG11) for indices:admin/exists. See https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.mdTrace:ElasticsearchSecurityException[Search Guard not initialized (SG11) for indices:admin/exists. See https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md] at com.floragunn.searchguard.filter.SearchGuardFilter.apply(SearchGuardFilter.java:128) at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) at org.elasticsearch.action.support.HandledTransportAction$TransportHandler.messageReceived(HandledTransportAction.java:64) at org.elasticsearch.action.support.HandledTransportAction$TransportHandler.messageReceived(HandledTransportAction.java:54) at com.floragunn.searchguard.ssl.transport.SearchGuardSSLRequestHandler.messageReceivedDecorate(SearchGuardSSLRequestHandler.java:177) at com.floragunn.searchguard.transport.SearchGuardRequestHandler.messageReceivedDecorate(SearchGuardRequestHandler.java:191) at com.floragunn.searchguard.ssl.transport.SearchGuardSSLRequestHandler.messageReceived(SearchGuardSSLRequestHandler.java:139) at com.floragunn.searchguard.SearchGuardPlugin$2$1.messageReceived(SearchGuardPlugin.java:336) at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69) at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1544) at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:110) at org.elasticsearch.transport.TcpTransport.handleRequest(TcpTransport.java:1501) at org.elasticsearch.transport.TcpTransport.messageReceived(TcpTransport.java:1385) at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:74) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:297) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:413) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1267) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1078) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) at java.lang.Thread.run(Thread.java:748)
/bin/bash /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cn actual-cluster -cert /etc/elasticsearch/elastic-master.x-x.com/x-x.com.crt -cacert /etc/elasticsearch/elastic-master.x-x.com/x-x.com.crt -key /etc/elasticsearch/elastic-master.x-x.com/x-x.com.key -nhnv
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9d4eeabd-009e-452d-83e8-250b48a97fc2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/TmyxeWwCuYA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/23993B7D-7A39-4E40-B513-B69BA12A9139%40search-guard.com.
searchguard.ssl.transport.pemkey_filepath: globalsign_x-x.com.key
searchguard.ssl.transport.pemcert_filepath: globalsign_x-x.com.crt
searchguard.ssl.transport.pemtrustedcas_filepath: globalsign_x-x.com.crt
searchguard.ssl.http.pemkey_filepath: globalsign_x-x.com.key
searchguard.ssl.http.pemcert_filepath: globalsign_x-x.com.crt
searchguard.ssl.http.pemtrustedcas_filepath: globalsign_x-x.com.crt
searchguard.authcz.admin_dn:
- CN=*.x-x.com,O=x x x,L=x,ST=x,C=GB
searchguard.nodes_dn:
- CN=*.x-x.com,O=x x x,L=x,ST=x,C=GB
searchguard.ssl.transport.enable_openssl_if_available: true
searchguard.ssl.http.enable_openssl_if_available: true