new Wazuh + Opendistro distributed setup
133 views
Skip to first unread message
Peter Santiago
Mar 31, 2022, 6:38:57 AM3/31/22
to Wazuh mailing list
Hi everyone,
Followed the guide at
Generated the needed certs using
wazuh-cert-tool.sh
For some reason, the elasticsearch cluster won't form.
Error in elasticsearch logs
Caused by: org.elasticsearch.ElasticsearchException: Illegal parameter in http or transport request found.
This means that one node is trying to connect to another with
a non-node certificate (no OID or security.nodes_dn incorrect configured) or that someone
is spoofing requests. Check your TLS certificate setup as described here: See https://opendistro.github.io/for-elasticsearch-docs/docs/troubleshoot/tls/
This means that one node is trying to connect to another with
a non-node certificate (no OID or security.nodes_dn incorrect configured) or that someone
is spoofing requests. Check your TLS certificate setup as described here: See https://opendistro.github.io/for-elasticsearch-docs/docs/troubleshoot/tls/
At first, I thought I may have made mistakes in the generation of certificates. Regenerate still the same error.
Checked with filebeat
elasticsearch: https://192.168.200.233:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.200.233
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR 503 Service Unavailable: Open Distro Security not initialized.
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.200.233
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR 503 Service Unavailable: Open Distro Security not initialized.
Disabling opendistro security allowed the formation of the cluster.
opendistro-security/stable,now 1.13.1.0-1
Any ideas?
Alfonso Ruiz-Bravo
Apr 4, 2022, 1:50:22 AM4/4/22
to Wazuh mailing list
Hello Vaynell,
Well, according to your check, we can see that Filebeat does not connect to Open Distro because the Open Distro security plugin has not been initialized yet. This may indeed be because the Open Distro cluster has not been able to form, could you please provide the following information?
- Logs of the Open Distro cluster nodes looking for errors.
- Output of the following requests (substituting the parameters with yours)
- curl -XGET https://<elasticsearch_ip>:9200 -u admin:admin -k
- Logs of the Open Distro cluster nodes looking for errors.
- Output of the following requests (substituting the parameters with yours)
- curl -XGET https://<elasticsearch_ip>:9200 -u admin:admin -k
-
curl -XGET https://<elasticsearch_ip>:9200/_cluster/health?pretty -u admin:admin -k
- The configuration added by you at this point (elasticsearch.yml):
- The configuration added by you at this point (elasticsearch.yml):
- The configuration added by you at this point (instances.yml):
- The configuration added by you at this point (elasticsearch.yml):
- https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-multi-node-cluster.html#id4
- https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-multi-node-cluster.html#id4
We look forward to hearing from you.
Best regards,
Alfonso Ruiz-Bravo
Reply all
Reply to author
Forward
0 new messages