root@localhost:/usr/share/elasticsearch/plugins/search-guard-2/tools# sudo ./sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn SHU -ks /home/ubuntu/search-guard-ssl/example-pki-scripts/node-0-keystore.jks -kspass changeit -ts /etc/elasticsearch/truststore.jks -tspass changeit -nhnv
Connect to localhost:9300
Clustername: SHU
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index does not exists, attempt to create it ... done
Populate config from /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
Will update 'config' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_config.yml
SUCC Configuration for 'config' created or updated
Will update 'roles' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles.yml
SUCC Configuration for 'roles' created or updated
Will update 'rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
SUCC Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_internal_users.yml
SUCC Configuration for 'internalusers' created or updated
Will update 'actiongroups' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_action_groups.yml
SUCC Configuration for 'actiongroups' created or updated
FAIL: Expected 5 config types for node 66wwVFDqRl-85qwtB3f33Q but got only []
Done with failures
In the logs, all we're seeing is:
[2016-08-10 12:34:23,473][TRACE][com.floragunn.searchguard.auth.BackendRegistry] Headers:
Context:
[cursor, index: 3, key: _sg_ssl_cipher, value: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]=null
[cursor, index: 7, key: _sg_ssl_protocol, value: TLSv1.2]=null
[2016-08-10 12:34:23,474][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
[2016-08-10 12:41:23,609][ERROR][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Vader] Unable to load all configurations types. Loaded '[]' but should '[config, roles, rolesmapping, internalusers, actiongroups]' This seems to indicate it needs to be initialized to run the sgadmin script? A catch-22? I imagine I'm doing something incorrect - any thoughts? Thanks! Ben
[2016-08-11 03:06:34,383][DEBUG][com.floragunn.searchguard.configuration.ConfigurationLoader] Cannot retrieve configuration (first object) due to null (null means timeout)
[2016-08-11 03:06:34,384][WARN ][com.floragunn.searchguard.configuration.ConfigurationLoader] Cannot retrieve configuration (first object) due to timeout
Which is very strange to me, considering the script reports that it can connect over 9300, and I can see that come through in the logs.
Will connect to localhost:9300 ... done
Contacting elasticsearch cluster 'SHU' and wait for YELLOW clusterstate ...
Clustername: SHU
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
Search Guard index already exists, so we do not need to create one.
Am I vastly misunderstanding whats going on here?
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-8u91-b14-3ubuntu1~16.04.1-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
The SSL Truncation Errors in the log appear when I force-killed sgadmin, so I don't think those are necessarily a symptom.
Its also worth noting that I've tried both the JDK and OpenSSL ssl implementations, and both appear to have the same result.
Thanks!
Ben
[2016-08-11 14:56:59,954][ERROR][com.floragunn.searchguard.configuration.ConfigurationLoader] Generic error: ElasticsearchTimeoutException[Timeout waiting for task.]
[2016-08-11 14:56:59,955][DEBUG][com.floragunn.searchguard.configuration.ConfigurationLoader] Looking for internalusers
[2016-08-11 14:56:59,955][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Action indices:data/read/get from null/
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Context []
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Header [_sg_conf_request]
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] remote address: null
[2016-08-11 14:57:00,870][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] No issuer alternative names (san) found
[2016-08-11 14:57:00,872][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] Is not an inter cluster request
[2016-08-11 14:57:02,681][ERROR][com.floragunn.searchguard.configuration.ConfigurationLoader] Generic error: ElasticsearchTimeoutException[Timeout waiting for task.]
[2016-08-11 14:57:02,681][DEBUG][com.floragunn.searchguard.configuration.ConfigurationLoader] Looking for actiongroups
[2016-08-11 14:57:02,682][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Action indices:data/read/get from null/
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Context []
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Header [_sg_conf_request]
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] remote address: null
[2016-08-11 14:57:05,874][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] No issuer alternative names (san) found
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d2024bfb-0579-4d54-9790-17d690710ec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d2024bfb-0579-4d54-9790-17d690710ec6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Ben Shoemaker
> Programmer/Analyst
> bshoe...@setonhill.edu
>
> This document may contain confidential information and is intended solely
> for the use of the addressee. If you received it in error, please contact
> the sender at once and destroy the document. The document may contain
> information subject to restrictions of the Family Educational Rights and
> Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> disclosed or used in any fashion outside the scope of the service for which
> you are receiving the information.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J_SkderQ75F%3DhTtHvPP11vrO8GSO0-hpXZ8vZgREfzA7A%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/E5D45F43-6041-4640-976E-0FAB2EF5EE13%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d2024bfb-0579-4d54-9790-17d690710ec6%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Ben Shoemaker
> > Programmer/Analyst
> > bshoe...@setonhill.edu
> >
> > This document may contain confidential information and is intended solely
> > for the use of the addressee. If you received it in error, please contact
> > the sender at once and destroy the document. The document may contain
> > information subject to restrictions of the Family Educational Rights and
> > Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> > disclosed or used in any fashion outside the scope of the service for which
> > you are receiving the information.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J_SkderQ75F%3DhTtHvPP11vrO8GSO0-hpXZ8vZgREfzA7A%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/E5D45F43-6041-4640-976E-0FAB2EF5EE13%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Ben Shoemaker
> Programmer/Analyst
> bshoe...@setonhill.edu
>
> This document may contain confidential information and is intended solely
> for the use of the addressee. If you received it in error, please contact
> the sender at once and destroy the document. The document may contain
> information subject to restrictions of the Family Educational Rights and
> Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> disclosed or used in any fashion outside the scope of the service for which
> you are receiving the information.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J8t7SdE2TgUtgCsENewQkMyfr-OAXDkdvYstyXhuVZfgw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
> <SHU3.log>
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8681BB90-7456-4234-8884-6528D2028B3B%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
> > > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d2024bfb-0579-4d54-9790-17d690710ec6%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> > >
> > >
> > >
> > > --
> > > Ben Shoemaker
> > > Programmer/Analyst
> > > bshoe...@setonhill.edu
> > >
> > > This document may contain confidential information and is intended solely
> > > for the use of the addressee. If you received it in error, please contact
> > > the sender at once and destroy the document. The document may contain
> > > information subject to restrictions of the Family Educational Rights and
> > > Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> > > disclosed or used in any fashion outside the scope of the service for which
> > > you are receiving the information.
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J_SkderQ75F%3DhTtHvPP11vrO8GSO0-hpXZ8vZgREfzA7A%40mail.gmail.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/E5D45F43-6041-4640-976E-0FAB2EF5EE13%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Ben Shoemaker
> > Programmer/Analyst
> > bshoe...@setonhill.edu
> >
> > This document may contain confidential information and is intended solely
> > for the use of the addressee. If you received it in error, please contact
> > the sender at once and destroy the document. The document may contain
> > information subject to restrictions of the Family Educational Rights and
> > Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> > disclosed or used in any fashion outside the scope of the service for which
> > you are receiving the information.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J8t7SdE2TgUtgCsENewQkMyfr-OAXDkdvYstyXhuVZfgw%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
> > <SHU3.log>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8681BB90-7456-4234-8884-6528D2028B3B%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Ben Shoemaker
> Programmer/Analyst
> bshoe...@setonhill.edu
>
> This document may contain confidential information and is intended solely
> for the use of the addressee. If you received it in error, please contact
> the sender at once and destroy the document. The document may contain
> information subject to restrictions of the Family Educational Rights and
> Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> disclosed or used in any fashion outside the scope of the service for which
> you are receiving the information.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J9eDSPckjpnCz1K1i2fQGCZiVzTgFEUVpsEumivncOy_Q%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/629B1A96-6E47-4393-9641-E70A884A10BC%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a4dc2462-7032-4942-81e9-c70f12e0f32c%40googlegroups.com.
Interestingly, I was able to solve my issue - no idea at root cause, though.
Initially, I was building a box on Amazon, and experiencing the timeouts, even though I certainly had security rules allowing 9200 & 9300.As a last-ditch attempt, I built a box on our on-prem hosting with the same OS version, and everything worked flawlessly the first time through.I imagine it was some sort of network-related glitch that I was missing, but I don't know precisely what - I checked everything I could think of.-Ben
On Mon, Aug 15, 2016 at 3:42 AM, John Bakker <johnb...@gmail.com> wrote:
No, Having exactly the same behavior.I'm putting my updates in https://github.com/floragunncom/search-guard/issues/142#issuecomment-236005509
Op maandag 15 augustus 2016 09:39:27 UTC+2 schreef Girish Patil:trying to install searchgaurd bundle - https://github.com/floragunncom/search-guard/wiki/Search-Guard-BundleGetting the error - [2016-08-15 07:35:58,101][WARN ][com.floragunn.searchguard.configuration.ConfigurationLoader] Cannot retrieve configuration (2 object) due to timeoutanyone managed to fix this ?
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a4dc2462-7032-4942-81e9-c70f12e0f32c%40googlegroups.com.