Search Guard not initialized (SG11)
530 views
Skip to first unread message
Rajat Singh
Oct 10, 2016, 6:55:49 AM10/10/16
to Search Guard
I am getting this error while i had installed the safeguard using the github link https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.clientauth_mode: REQUIRE
searchguard.enabled: true
searchguard.allow_all_from_loopback: false
searchguard.authcz.admin_dn:
- "cn=elasticsearch, ou=SSL,O=Test,L=Test, C=DE"
i am not having any node i am just using the machine on which i had installed the elasticsearch as a node so what you would be in the cn=
my elasticseach.yml files looks like
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
# cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
# Use a descriptive name for the node:
#
# node.name: node-1
#
# Add custom attributes to the node:
#
# node.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
# path.data: /path/to/data
#
# Path to log files:
#
# path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
# Lock the memory on startup:
#
# bootstrap.memory_lock: true
#
# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
# available on the system and that the owner of the process is allowed to use this limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
# network.host: 192.168.0.1
network.host: 10.150.86.177
#
# Set a custom port for HTTP:
#
# http.port: 9200
#
# For more information, see the documentation at:
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
# discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
#
# ---------------------------------- Gateway -----------------------------------
#
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
# gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
# node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.allow_all_from_loopback: false
searchguard.authcz.admin_dn:
- "cn=elasticsearch, ou=SSL,O=Test,L=Test, C=DE"
Please help me
in...@search-guard.com
Oct 10, 2016, 7:48:42 AM10/10/16
to Search Guard
The reason is that you have installed Search Guard SSL and Search Guard, but only configured the SSL part.
Please refer to the Search Guard documentation on how to initialize the configuration:
Especially these chapters:
Rajat Singh
Oct 12, 2016, 7:09:46 AM10/12/16
to search...@googlegroups.com
Thanks for reply
I had tried the as per the instruction mentioned on the link
first copied the file in the same directory in which sgadmin is installed and then run the command it was giving the error
Seems there is no elasticsearch running on localhost:9300 - Will exit
then i had changed the port to 9200 as my elasticsearch is running in 9200 port
again got the same error
command run by me is below
./sgadmin.sh -ts truststore.jks -ks kirk-keystore.jks -cd ../sgconfig -icl
Please help me
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/PQHjYSuhsUI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c89adc72-fe58-4578-b5c0-c3043435f026%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
SG
Oct 15, 2016, 4:38:43 PM10/15/16
to search...@googlegroups.com
pls. post the elasticsearch logfile (there we can see which port you have to use)
> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c89adc72-fe58-4578-b5c0-c3043435f026%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c89adc72-fe58-4578-b5c0-c3043435f026%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAKvg05s1AuiCjXqmv%2Bjk%2B-t083UkSmmM_Nc2TBmX2bpr5E%2BXhw%40mail.gmail.com.
Rajat Singh
Oct 19, 2016, 4:44:43 AM10/19/16
to search...@googlegroups.com
Thanks alot for the reply
my log file is like that
[lure while checking searchguard index NodeClosedException[node closed {Mister Buda}{JqmwtUH9RUGMFkjx2T6x1g}{10.150.86.177}{10.150.86.177:9300}]
NodeClosedException[node closed {Mister Buda}{JqmwtUH9RUGMFkjx2T6x1g}{10.150.86.177}{10.150.86.177:9300}]
2016-10-19 09:55:16,785][INFO ][node ] [Frank Payne] stopping ...
[2016-10-19 09:55:16,804][INFO ][node ] [Frank Payne] stopped
[2016-10-19 09:55:16,804][INFO ][node ] [Frank Payne] closing ...
[2016-10-19 09:55:16,811][INFO ][node ] [Frank Payne] closed
[2016-10-19 09:55:55,652][INFO ][node ] [Mister Buda] version[2.4.1], pid[13058], build[c67dc32/2016-09-27T18:57:55Z]
[2016-10-19 09:55:55,652][INFO ][node ] [Mister Buda] initializing ...
[2016-10-19 09:55:56,188][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available
[2016-10-19 09:55:56,194][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false
[2016-10-19 09:55:56,195][INFO ][plugins ] [Mister Buda] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites []
[2016-10-19 09:55:56,218][INFO ][env ] [Mister Buda] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [47.9gb], net total_space [49.9gb], spins? [unknown], types [rootfs]
[2016-10-19 09:55:56,218][INFO ][env ] [Mister Buda] heap size [990.7mb], compressed ordinary object pointers [true]
[2016-10-19 09:55:56,258][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL
[2016-10-19 09:55:56,511][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit.. That is not an issue, it just limits possible encryption strength. To enable AES 256 install 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null with ciphers []
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]
[2016-10-19 09:55:56,536][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]
[2016-10-19 09:55:56,779][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)
[2016-10-19 09:55:56,781][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available
[2016-10-19 09:55:56,872][INFO ][transport ] [Mister Buda] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-10-19 09:55:56,872][INFO ][transport ] [Mister Buda] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-10-19 09:55:58,047][INFO ][node ] [Mister Buda] initialized
[2016-10-19 09:55:58,047][INFO ][node ] [Mister Buda] starting ...
[2016-10-19 09:55:58,103][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Mister Buda] publish_address {10.150.86.177:9300}, bound_addresses {10.150.86.177:9300}
[2016-10-19 09:55:58,106][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Mister Buda] Check if searchguard index exists ...
[2016-10-19 09:55:58,112][DEBUG][action.admin.indices.exists.indices] [Mister Buda] no known master node, scheduling a retry
[2016-10-19 09:55:58,117][INFO ][discovery ] [Mister Buda] elasticsearch/JqmwtUH9RUGMFkjx2T6x1g
[2016-10-19 09:55:59,837][INFO ][node ] [Mister Buda] stopping ...
[2016-10-19 09:55:59,842][ERROR][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Mister Buda] Failure while checking searchguard index NodeClosedException[node closed {Mister Buda}{JqmwtUH9RUGMFkjx2T6x1g}{10.150.86.177}{10.150.86.177:9300}]
NodeClosedException[node closed {Mister Buda}{JqmwtUH9RUGMFkjx2T6x1g}{10.150.86.177}{10.150.86.177:9300}]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$5.onClusterServiceClose(TransportMasterNodeAction.java:228)
at org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onClose(ClusterStateObserver.java:222)
at org.elasticsearch.cluster.service.InternalClusterService.doStop(InternalClusterService.java:214)
at org.elasticsearch.common.component.AbstractLifecycleComponent.stop(AbstractLifecycleComponent.java:88)
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c89adc72-fe58-4578-b5c0-c3043435f026%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAKvg05s1AuiCjXqmv%2Bjk%2B-t083UkSmmM_Nc2TBmX2bpr5E%2BXhw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/PQHjYSuhsUI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/3249DDFA-F785-4BDD-89BA-037081A2D151%40search-guard.com.
Reply all
Reply to author
Forward
0 new messages