Initializing Search Guard with ACLs

81 views
Skip to first unread message

Roshan Punnoose

unread,
Jul 8, 2015, 1:49:20 PM7/8/15
to search...@googlegroups.com
I am trying to map a process to install a new ElasticSearch cluster with SearchGuard already installed and configured with an admin user. 

First, I believe I need to make sure to generate the search_guard.key and distribute it to all the nodes

Second, I believe I need to have the searchguard/ac/ac document with the ACLs already loaded somehow into ElasticSearch before SearchGuard is enabled. Is there a way to do this without having to start up ElasticSearch with SearchGuard disabled, loading the document, and restarting with it enabled?

Is there anything else I would need to think about?

Roshan

simon....@gmail.com

unread,
Jul 15, 2015, 4:02:04 AM7/15/15
to search...@googlegroups.com
Hello,

I'm interested to know as well, as I'm trying to deploy search-guard with Chef. At the moment we just start a single node, create the index and start the automatized process.

SG

unread,
Jul 19, 2015, 5:22:28 PM7/19/15
to search...@googlegroups.com

> Am 08.07.2015 um 19:49 schrieb Roshan Punnoose <ros...@gmail.com>:
>
> I am trying to map a process to install a new ElasticSearch cluster with SearchGuard already installed and configured with an admin user.
>
> First, I believe I need to make sure to generate the search_guard.key and distribute it to all the nodes

yes

>
> Second, I believe I need to have the searchguard/ac/ac document with the ACLs already loaded somehow into ElasticSearch before SearchGuard is enabled. Is there a way to do this without having to start up ElasticSearch with SearchGuard disabled, loading the document, and restarting with it enabled?
>

you can start with sg enabled and then install the ACL from one's node machine using "localhost:<port>".
See also the following config property:
#searchguard.allow_all_from_loopback: false


> Is there anything else I would need to think about?

i am sure about that :-)

>
> Roshan
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e95565e6-9adb-4801-8d15-4d74eb064209%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages