Cannot init with searchguard as root

Search Guard
1

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

···

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

2

Found the solution: i have to set searchguard.check_for_root to false.
This is not recommended because it gives people root power. But i guess it’s ok if it’s inside a docker container? Please enlighten me…

···

On Friday, June 5, 2015 at 4:00:03 PM UTC+8, Lingxiao Xia wrote:

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

3

if only you have access and the node is not reachable by others its maybe ok.
but imagine elasticsearch is running as root, you have enabled scripting and the node is reachable from outside … bad combination

···

Am Freitag, 5. Juni 2015 10:13:12 UTC+2 schrieb Lingxiao Xia:

Found the solution: i have to set searchguard.check_for_root to false.
This is not recommended because it gives people root power. But i guess it’s ok if it’s inside a docker container? Please enlighten me…

On Friday, June 5, 2015 at 4:00:03 PM UTC+8, Lingxiao Xia wrote:

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

4

Hi all,
I’m getting the same error.

What is the right solution for this problem, besides disabling root check?

Thank you in advance.

בתאריך יום שישי, 5 ביוני 2015 בשעה 11:00:03 UTC+3, מאת Lingxiao Xia:

···

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

5

the right solution is to run elasticsearch NOT as root. Add a “elasticsearch” user or install elasticsearch from a .deb or .rpm thatn thats done for you automatically

···

Am Dienstag, 9. Juni 2015 14:10:13 UTC+2 schrieb TB:

Hi all,
I’m getting the same error.

What is the right solution for this problem, besides disabling root check?

Thank you in advance.

בתאריך יום שישי, 5 ביוני 2015 בשעה 11:00:03 UTC+3, מאת Lingxiao Xia:

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

6

I’m trying to install it on Windows 8.1…

בתאריך יום שלישי, 9 ביוני 2015 בשעה 17:21:22 UTC+3, מאת in...@search-guard.com:

···

the right solution is to run elasticsearch NOT as root. Add a “elasticsearch” user or install elasticsearch from a .deb or .rpm thatn thats done for you automatically

Am Dienstag, 9. Juni 2015 14:10:13 UTC+2 schrieb TB:

Hi all,
I’m getting the same error.

What is the right solution for this problem, besides disabling root check?

Thank you in advance.

בתאריך יום שישי, 5 ביוני 2015 בשעה 11:00:03 UTC+3, מאת Lingxiao Xia:

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.

7

then do not run elasticsearch under an account which has admin privileges, that means which is not a member of the group BUILTIN_ADMINISTRATORS [“S-1-5-32-544”] (see [MS-DTYP]: Well-Known SID Structures | Microsoft Learn)

···

Am Mittwoch, 10. Juni 2015 07:26:23 UTC+2 schrieb TB:

I’m trying to install it on Windows 8.1…

בתאריך יום שלישי, 9 ביוני 2015 בשעה 17:21:22 UTC+3, מאת in...@search-guard.com:

the right solution is to run elasticsearch NOT as root. Add a “elasticsearch” user or install elasticsearch from a .deb or .rpm thatn thats done for you automatically

Am Dienstag, 9. Juni 2015 14:10:13 UTC+2 schrieb TB:

Hi all,
I’m getting the same error.

What is the right solution for this problem, besides disabling root check?

Thank you in advance.

בתאריך יום שישי, 5 ביוני 2015 בשעה 11:00:03 UTC+3, מאת Lingxiao Xia:

I can’t start the service when searchguard.enabled is set to true. it says something about being root… is this the intended behavior?

here’s my setting:

#############################################################################################

SEARCH GUARD

#############################################################################################

searchguard.enabled: true

searchguard.key_path: /tmp/dldm/elasticsearchConfig/searchguard_node.key

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.marketing: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.marketing: [“marketing”]

searchguard.flsfilter.names: [“marketing”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

############################################################################################

When i start elasticsearch, i get error saying ‘You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.’:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:29:07,246][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] version[1.5.0], pid[335], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:29:07,335][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:29:07,498][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:29:07,501][INFO ][plugins ] [elastic_0] loaded [searchguard], sites [kopf]

[2015-06-05 07:29:09,748][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-05 07:29:10,017][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-05 07:29:10,023][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /./searchguard_node_key.key

{1.5.0}: Initialization Failed …

  1. ElasticsearchException[You’re trying to run elasticsearch as root or Windows Administrator and thats forbidden.]

But if i disable searchguard the node starts normally:

root@c06aa3566663:/# sudo /usr/share/elasticsearch/elasticsearch-1.5.0/bin/elasticsearch -Des.config=“/tmp/dldm/elasticsearchConfig/elasticsearch.yml”

[2015-06-05 07:37:56,178][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit).

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] version[1.5.0], pid[364], build[5448160/2015-03-23T14:30:58Z]

[2015-06-05 07:37:56,266][INFO ][node ] [elastic_0] initializing …

[2015-06-05 07:37:56,457][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful

[2015-06-05 07:37:56,461][INFO ][plugins ] [elastic_0] loaded [searchguard (disabled)], sites [kopf]

[2015-06-05 07:37:58,807][INFO ][node ] [elastic_0] initialized

[2015-06-05 07:37:58,808][INFO ][node ] [elastic_0] starting …

[2015-06-05 07:37:58,868][INFO ][transport ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9504]}, publish_address {inet[/192.168.1.100:9504]}

[2015-06-05 07:37:58,877][INFO ][discovery ] [elastic_0] data_manager/eez6GFaeSW-EN-pZhDhYaQ

[2015-06-05 07:38:01,898][INFO ][cluster.service ] [elastic_0] new_master [elastic_0][eez6GFaeSW-EN-pZhDhYaQ][c06aa3566663][inet[/192.168.1.100:9504]]{max_local_storage_nodes=1, master=true}, reason: zen-disco-join (elected_as_master)

[2015-06-05 07:38:01,915][INFO ][http ] [elastic_0] bound_address {inet[/0:0:0:0:0:0:0:0:9505]}, publish_address {inet[/192.168.1.100:9505]}

[2015-06-05 07:38:01,915][INFO ][node ] [elastic_0] started

[2015-06-05 07:38:01,928][INFO ][gateway ] [elastic_0] recovered [0] indices into cluster_state

^C[2015-06-05 07:38:21,775][INFO ][node ] [elastic_0] stopping …

[2015-06-05 07:38:21,800][INFO ][node ] [elastic_0] stopped

[2015-06-05 07:38:21,801][INFO ][node ] [elastic_0] closing …

[2015-06-05 07:38:21,811][INFO ][node ] [elastic_0] closed

I’m running elasticsearch inside a docker container.