Question about basic setup
168 views
Skip to first unread message
Nathan Miranda
Jun 23, 2015, 5:07:39 PM6/23/15
to search...@googlegroups.com
I've used the sample config from the readme,
###################################################### Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)searchguard.authentication.authorization.settingsdb.roles.spock: ["kolinahr","starfleet","command"]searchguard.authentication.authorization.settingsdb.roles.admin: ["root"]searchguard.authentication.authorization.settingsdb.roles.michaeljackson: ["kingofpop","superstar"]#####################################################
##############################################################################################Below here you configure what authenticated and authorized users are allowed to do (or not)##This maps to the acl defined in the searchguard configuration index ##############################################################################################
# Configure the actionrequestfilter to allow or forbid action searchguard.actionrequestfilter.names: ["readonly"]searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:*", "indices:admin*"]and I've added the user roles in the sample acl under the searchguard index
curl -XPUT 'http://localhost:9200/searchguard/ac/ac?pretty' -d '
{"acl": [ { "__Comment__": "Default is to execute all filters", "filters_bypass": [], "filters_execute": ["*"] }, { "__Comment__": "Any authenticated user do anything on the 'public' index - no filter will be executed", "indices": ["public"], "filters_bypass": ["*"], "filters_execute": [] }, { "__Comment__": "This means any user with the role starfleet or command can do anything with the starfleetinfos index", "roles" : ["starfleet", "command"], "indices": ["starfleetinfos"], "filters_bypass": ["*"], "filters_execute": [] }, { "__Comment__": "This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything", "roles": [ "root" ], "filters_bypass": ["*"], "filters_execute": [] }, { "__Comment__": "This means that the user michaeljackson can do anything on index popstuff.", "users": ["michaeljackson"], "indices": ["popstuff"], "filters_bypass": ["*"], "filters_execute": [] }, { "__Comment__": "This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other", "users": ["spock"], "indices": ["popstuff"], "filters_bypass": [], "filters_execute": ["actionrequestfilter.readonly"] } ]}'
I've also had to add
since I'm running on a Windows machine as an admin user. Now when I start up my nodes, it doesn't seem like there's any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with
searchguard.check_for_root: falsesince I'm running on a Windows machine as an admin user. Now when I start up my nodes, it doesn't seem like there's any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with
[com.floragunn.searchguard.service.SearchGuardConfigService] Security configuration reloadedDoes anyone know what the problem might be? Thanks!
Nathan Miranda
Jun 23, 2015, 5:19:10 PM6/23/15
to search...@googlegroups.com
It seems like there is an error here:
The NoShardAvailableException appears whenever I run the .bat file - even for the first time.
[2015-06-23 17:18:00,530][ERROR][com.floragunn.searchguard.service.SearchGuardConfigService] [Optimize Node] Try to refresh security configuration but it failed due to org.elasticsearch.action.NoShardAvailableActionException: [searchguard][4] nullThe NoShardAvailableException appears whenever I run the .bat file - even for the first time.
SG
Jun 25, 2015, 10:15:02 AM6/25/15
to search...@googlegroups.com
does this problem still occur? cause in you other post it seems you SG up and running.
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dc2dc8ee-8f33-4a10-a530-fe2a2926b452%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dc2dc8ee-8f33-4a10-a530-fe2a2926b452%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages