I have a simple setup, where I only want to have ES over https (No need of ACLs)
ES version 1.6.
searchguard.enabled: true
searchguard.key_path: /usr/local/es_keys/
#############################################################################################
Transport layer SSL
#############################################################################################
searchguard.ssl.transport.node.enabled: true
searchguard.ssl.transport.node.keystore_type: JKS
searchguard.ssl.transport.node.keystore_filepath: /usr/local/staging-es-keystore.jks
searchguard.ssl.transport.node.keystore_password: xxx==
searchguard.ssl.transport.node.enforce_clientauth: false
#TODO enable client authsearchguard.ssl.transport.node.truststore_type: JKS
searchguard.ssl.transport.node.truststore_filepath: /usr/local/truststore.jks
searchguard.ssl.transport.node.truststore_password: xxx==
searchguard.ssl.transport.node.encforce_hostname_verification: false
#############################################################################################REST layer SSL
#############################################################################################
searchguard.ssl.transport.http.enabled: true
searchguard.ssl.transport.http.keystore_type: JKS
searchguard.ssl.transport.http.keystore_filepath: /usr/local/staging-es-keystore.jks
searchguard.ssl.transport.http.keystore_password: xxx==
searchguard.ssl.transport.http.enforce_clientauth: false
#TODO enable client authsearchguard.ssl.transport.http.truststore_type: JKS
searchguard.ssl.transport.http.truststore_filepath: /usr/local/truststore.jksTruststore password
searchguard.ssl.transport.http.truststore_password: xxx==
#############################################################################################
HTTP authentication method
#############################################################################################
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator
searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.AlwaysSucceedAuthenticationBackend
curl -XPUT ‘http://localhost:9200/searchguard/ac/ac’ -d ‘{
“acl”: [
{
“Comment”: “allow access to every one”,
“filters_bypass”: [“*”],
“filters_execute”:
}
]
}’
When I try to take snapshots
I see this
···
{“error”:"RuntimeException[java.lang.RuntimeException: Attempt from null to _all indices for cluster:admin/snapshot/create and User [name=searchguard_unauthenticated_user, roles=]]; nested: RuntimeException[Attempt from null to _all indices for cluster:admin/snapshot/create and User [name=searchguard_unauthenticated_user, roles=]]; ",“status”:500}