I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.
the following are the only configuration options I have activated.
cluster.name: cluster
node.name: “testnode1”
node.master: false
node.data: false
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]
searchguard.enabled: true
searchguard.key_path: /etc/elasticsearch/
searchguard.rewrite_get_as_search: false
searchguard.transport_auth.enabled: false
searchguard.ssl.transport.node.enabled: false
searchguard.ssl.transport.http.enabled: false
searchguard.http.xforwardedfor.header: X-Forwarded-For
searchguard.http.xforwardedfor.trustedproxies: null
searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator
searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]
searchguard.authentication.proxy.header: X-Authenticated-User
My ACL’s are from the suggested defaults when first installing.
{
“_index” : “searchguard”,
“_type” : “ac”,
“_id” : “ac”,
“_version” : 1,
“found” : true,
“_source”:{
“acl”: [
{
“Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,
“filters_bypass”: ,
“filters_execute”:
},
{
“Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,
“roles”: [
“admin”
],
“filters_bypass”: [“*”],
“filters_execute”:
}
]
}
}
[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key
[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]
[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C
BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed
[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized
[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …
[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres
s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]
[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]
[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}
[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg
[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]
java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V
at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)
at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)
at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)
at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)
at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)
at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)
at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]
java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V
at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)
at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)
at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)
at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)
at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)
at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)
at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.