Can not use the Search Guard configuration GUI for privilege management of kibana

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.0.0

  • Installed and used enterprise modules, if any

not enterprise

  • JVM version and operating system version

CentOS Linux release 7.4.1708 (Core)

openjdk version “1.8.0_151”

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

pluigins:

analysis-icu

search-guard-6

and

Kibana

problem

I set it according to the following URL, but the Search Guard menu does not appear.

LINK

State

All indexes on all nodes, replica is in green state.

Both Elasticsearch and Kibana can operate with SSL connection.

All the settings are attached.

Doubt

Is it correct that searchguard index is empty even if you run sgadmin.sh?

/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -nhnv -cacert /etc/elasticsearch/chain-ca.pem -cert /etc/elasticsearch/sgadmin.crtfull.pem -key /etc/elasticsearch/sgadmin.key.pem

Search Guard Admin v6

Will connect to localhost:9300 … done

Connected as CN=sgadmin,OU=System Solution,O=Misou System,L=Sumida,ST=Tokyo,C=JP

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: mimail-cluster

Clusterstate: GREEN

Number of nodes: 3

Number of data nodes: 3

searchguard index does not exists, attempt to create it … done (auto expand replicas is on)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

``

get searchguard/_search

{

“took”: 1,

“timed_out”: false,

“_shards”: {

“total”: 1,

“successful”: 1,

“skipped”: 0,

“failed”: 0

},

“hits”: {

“total”: 0,

“max_score”: null,

“hits”:

}

}

``

elasticsearch.yml_node3 (3.77 KB)

elasticsearch.yml_node1 (3.77 KB)

elasticsearch.yml_node2 (3.77 KB)

gen_client_node_cert.sh (2.25 KB)

gen_node_cert_openssl.sh (1.75 KB)

gen_root_ca.sh (1.95 KB)

example.sh (1.7 KB)

kibana.yml (4.95 KB)

Yes, the searchguard index contains sensitive information, so you can view and edit it’s contents only if you provide an admin certificate with your request.

As to your issue, you are running the community edition of Search Guard:

searchguard.enterprise_modules_enabled: false

The Config GUI is an enterprise features because it relies on the REST API. We should make that clearer in the docs though.

···

On Thursday, February 1, 2018 at 12:50:59 PM UTC+1, mu piko wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.0.0

  • Installed and used enterprise modules, if any

not enterprise

  • JVM version and operating system version

CentOS Linux release 7.4.1708 (Core)

openjdk version “1.8.0_151”

  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

pluigins:

analysis-icu

search-guard-6

and

Kibana

problem

I set it according to the following URL, but the Search Guard menu does not appear.

LINK

State

All indexes on all nodes, replica is in green state.

Both Elasticsearch and Kibana can operate with SSL connection.

All the settings are attached.

Doubt

Is it correct that searchguard index is empty even if you run sgadmin.sh?

/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -nhnv -cacert /etc/elasticsearch/chain-ca.pem -cert /etc/elasticsearch/sgadmin.crtfull.pem -key /etc/elasticsearch/sgadmin.key.pem

Search Guard Admin v6

Will connect to localhost:9300 … done

Connected as CN=sgadmin,OU=System Solution,O=Misou System,L=Sumida,ST=Tokyo,C=JP

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: mimail-cluster

Clusterstate: GREEN

Number of nodes: 3

Number of data nodes: 3

searchguard index does not exists, attempt to create it … done (auto expand replicas is on)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

``

get searchguard/_search

{

“took”: 1,

“timed_out”: false,

“_shards”: {

“total”: 1,

“successful”: 1,

“skipped”: 0,

“failed”: 0

},

“hits”: {

“total”: 0,

“max_score”: null,

“hits”:

}

}

``

I understand that the GUI can be used only in the enterprise.

Thank you for answering.

2018年2月2日金曜日 7時15分54秒 UTC+9 Jochen Kressin:

···

Yes, the searchguard index contains sensitive information, so you can view and edit it’s contents only if you provide an admin certificate with your request.

As to your issue, you are running the community edition of Search Guard:

searchguard.enterprise_modules_enabled: false

The Config GUI is an enterprise features because it relies on the REST API. We should make that clearer in the docs though.

On Thursday, February 1, 2018 at 12:50:59 PM UTC+1, mu piko wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.0.0

  • Installed and used enterprise modules, if any

not enterprise

  • JVM version and operating system version

CentOS Linux release 7.4.1708 (Core)

openjdk version “1.8.0_151”

  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

pluigins:

analysis-icu

search-guard-6

and

Kibana

problem

I set it according to the following URL, but the Search Guard menu does not appear.

LINK

State

All indexes on all nodes, replica is in green state.

Both Elasticsearch and Kibana can operate with SSL connection.

All the settings are attached.

Doubt

Is it correct that searchguard index is empty even if you run sgadmin.sh?

/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -nhnv -cacert /etc/elasticsearch/chain-ca.pem -cert /etc/elasticsearch/sgadmin.crtfull.pem -key /etc/elasticsearch/sgadmin.key.pem

Search Guard Admin v6

Will connect to localhost:9300 … done

Connected as CN=sgadmin,OU=System Solution,O=Misou System,L=Sumida,ST=Tokyo,C=JP

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: mimail-cluster

Clusterstate: GREEN

Number of nodes: 3

Number of data nodes: 3

searchguard index does not exists, attempt to create it … done (auto expand replicas is on)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

``

get searchguard/_search

{

“took”: 1,

“timed_out”: false,

“_shards”: {

“total”: 1,

“successful”: 1,

“skipped”: 0,

“failed”: 0

},

“hits”: {

“total”: 0,

“max_score”: null,

“hits”:

}

}

``