Hello! I am running ES Cluster 6.2 with SG.
Last week accidentally one data node was spinned up with 6.8 version of ES and SG. It was deallocated and stopped. Now cluster running back again all nodes with 6.2. version. Bu something looks like was broken in SG index with 6.8 node and now it is incompatible with 6.2 version. At least:
- New node with 6.2. unable to authenticate users
- I am not able to retrieve SG config from old nodes with sg_admin.sh
when I am trying to retrieve config with
/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /tmp/ -r -icl -nhnv -cacert /tmp/es_root_ca.pem -cert /tmp/es_admin.pem -key /tmp/es_admin.key -keypass xxx
i receive error msg
Cannot retrieve cluster state due to: no permissions for [cluster:monitor/health] and User [name=CN=admin-eu,OU=x,O=y,DC=e,DC=s,DC=com, roles=, requestedTenant=null]. This is not an error, will keep on trying ... Root cause: ElasticsearchSecurityException[no permissions for [cluster:monitor/health] and User [name=CN=admin-eu,OU=x,O=y,DC=e,DC=s,DC=com, roles=, requestedTenant=null]] (org.elasticsearch.ElasticsearchSecurityException/org.elasticsearch.ElasticsearchSecurityException)
same message when I am trying to do diagnose with -dg key.
For me looks a strange empty list of roles.
When I am trying to retrieve SG config from the node which was started right after this incident with 6.2 version i am getting
FAIL: Get configuration for 'roles' because it does not exist"
Looking forward to hearing any advice!