discovery.zen.ping.unicast failed to send ping

I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.

the following are the only configuration options I have activated.

cluster.name: cluster

node.name: “testnode1”

node.master: false

node.data: false

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]

searchguard.enabled: true

searchguard.key_path: /etc/elasticsearch/

searchguard.rewrite_get_as_search: false

searchguard.transport_auth.enabled: false

searchguard.ssl.transport.node.enabled: false

searchguard.ssl.transport.http.enabled: false

searchguard.http.xforwardedfor.header: X-Forwarded-For

searchguard.http.xforwardedfor.trustedproxies: null

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.proxy.header: X-Authenticated-User

My ACL’s are from the suggested defaults when first installing.

{

“_index” : “searchguard”,

“_type” : “ac”,

“_id” : “ac”,

“_version” : 1,

“found” : true,

“_source”:{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

}

[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key

[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C

BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed

[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized

[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …

[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres

s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]

[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]

[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}

[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg

[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.

Could you please add to your master list the ports of your listening masters ? By default it is 9300. I had the same problem hosting multiple nodes on the same physical server. You could check if these help you out too:

···

transport.tcp.port: 9300-9400
discovery.zen.ping.multicast.enabled: false
network.host: testnode1

On Monday, June 29, 2015 at 10:40:49 PM UTC+2, Brian Sanders wrote:

I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.

the following are the only configuration options I have activated.

cluster.name: cluster

node.name: “testnode1”

node.master: false

node.data: false

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]

searchguard.enabled: true

searchguard.key_path: /etc/elasticsearch/

searchguard.rewrite_get_as_search: false

searchguard.transport_auth.enabled: false

searchguard.ssl.transport.node.enabled: false

searchguard.ssl.transport.http.enabled: false

searchguard.http.xforwardedfor.header: X-Forwarded-For

searchguard.http.xforwardedfor.trustedproxies: null

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.proxy.header: X-Authenticated-User

My ACL’s are from the suggested defaults when first installing.

{

“_index” : “searchguard”,

“_type” : “ac”,

“_id” : “ac”,

“_version” : 1,

“found” : true,

“_source”:{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

}

[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key

[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C

BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed

[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized

[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …

[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres

s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]

[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]

[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}

[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg

[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.

I can try these. As soon as I get a chance to run this test again I’ll let you know the results.

···

On Tuesday, June 30, 2015 at 7:40:39 AM UTC-4, simon....@gmail.com wrote:

Could you please add to your master list the ports of your listening masters ? By default it is 9300. I had the same problem hosting multiple nodes on the same physical server. You could check if these help you out too:

transport.tcp.port: 9300-9400
discovery.zen.ping.multicast.enabled: false
network.host: testnode1

On Monday, June 29, 2015 at 10:40:49 PM UTC+2, Brian Sanders wrote:

I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.

the following are the only configuration options I have activated.

cluster.name: cluster

node.name: “testnode1”

node.master: false

node.data: false

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]

searchguard.enabled: true

searchguard.key_path: /etc/elasticsearch/

searchguard.rewrite_get_as_search: false

searchguard.transport_auth.enabled: false

searchguard.ssl.transport.node.enabled: false

searchguard.ssl.transport.http.enabled: false

searchguard.http.xforwardedfor.header: X-Forwarded-For

searchguard.http.xforwardedfor.trustedproxies: null

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.proxy.header: X-Authenticated-User

My ACL’s are from the suggested defaults when first installing.

{

“_index” : “searchguard”,

“_type” : “ac”,

“_id” : “ac”,

“_version” : 1,

“found” : true,

“_source”:{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

}

[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key

[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C

BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed

[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized

[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …

[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres

s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]

[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]

[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}

[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg

[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.

I have added the ports to the masters, as well as added all the suggested settings. Still get the exact same error messages when search-guard is loaded. With out it elasticsearch joins just fine, and it would seem the error is occuring

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

···

On Tuesday, June 30, 2015 at 9:18:31 AM UTC-4, Brian Sanders wrote:

I can try these. As soon as I get a chance to run this test again I’ll let you know the results.

On Tuesday, June 30, 2015 at 7:40:39 AM UTC-4, simon....@gmail.com wrote:

Could you please add to your master list the ports of your listening masters ? By default it is 9300. I had the same problem hosting multiple nodes on the same physical server. You could check if these help you out too:

transport.tcp.port: 9300-9400
discovery.zen.ping.multicast.enabled: false
network.host: testnode1

On Monday, June 29, 2015 at 10:40:49 PM UTC+2, Brian Sanders wrote:

I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.

the following are the only configuration options I have activated.

cluster.name: cluster

node.name: “testnode1”

node.master: false

node.data: false

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]

searchguard.enabled: true

searchguard.key_path: /etc/elasticsearch/

searchguard.rewrite_get_as_search: false

searchguard.transport_auth.enabled: false

searchguard.ssl.transport.node.enabled: false

searchguard.ssl.transport.http.enabled: false

searchguard.http.xforwardedfor.header: X-Forwarded-For

searchguard.http.xforwardedfor.trustedproxies: null

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.proxy.header: X-Authenticated-User

My ACL’s are from the suggested defaults when first installing.

{

“_index” : “searchguard”,

“_type” : “ac”,

“_id” : “ac”,

“_version” : 1,

“found” : true,

“_source”:{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

}

[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key

[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C

BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed

[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized

[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …

[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres

s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]

[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]

[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}

[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg

[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.

I apologize, I just realized my cluster is running 1.4.4, not 1.5. I see that my version is not supported, so I will see what level of effort it will be to upgrade my cluster and see if we want to move forward with that or not.

Thank you.

···

On Tuesday, June 30, 2015 at 10:24:52 AM UTC-4, Brian Sanders wrote:

I have added the ports to the masters, as well as added all the suggested settings. Still get the exact same error messages when search-guard is loaded. With out it elasticsearch joins just fine, and it would seem the error is occuring

On Tuesday, June 30, 2015 at 9:18:31 AM UTC-4, Brian Sanders wrote:

I can try these. As soon as I get a chance to run this test again I’ll let you know the results.

On Tuesday, June 30, 2015 at 7:40:39 AM UTC-4, simon....@gmail.com wrote:

Could you please add to your master list the ports of your listening masters ? By default it is 9300. I had the same problem hosting multiple nodes on the same physical server. You could check if these help you out too:

transport.tcp.port: 9300-9400
discovery.zen.ping.multicast.enabled: false
network.host: testnode1

On Monday, June 29, 2015 at 10:40:49 PM UTC+2, Brian Sanders wrote:

I am trying to test search-guard by standing up a single test node in elasticsarch. It seems search-guard is preventing my node from joining the cluster. I think I have all SSL turned off, because I do not wish to install it on all the other nodes, just this one that is for my testing.

the following are the only configuration options I have activated.

cluster.name: cluster

node.name: “testnode1”

node.master: false

node.data: false

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping.unicast.hosts: [“master1”, “master2”, “master3”]

searchguard.enabled: true

searchguard.key_path: /etc/elasticsearch/

searchguard.rewrite_get_as_search: false

searchguard.transport_auth.enabled: false

searchguard.ssl.transport.node.enabled: false

searchguard.ssl.transport.http.enabled: false

searchguard.http.xforwardedfor.header: X-Forwarded-For

searchguard.http.xforwardedfor.trustedproxies: null

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.proxy.header: X-Authenticated-User

My ACL’s are from the suggested defaults when first installing.

{

“_index” : “searchguard”,

“_type” : “ac”,

“_id” : “ac”,

“_version” : 1,

“found” : true,

“_source”:{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For role admin all filters are bypassed (so none will be executed). This means unrestricted access.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

}

[2015-06-29 19:19:49,359][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /etc/elasticsearch/searchguard_node_key.key

[2015-06-29 19:19:49,850][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2]

[2015-06-29 19:19:49,857][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_C

BC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]

[2015-06-29 19:19:49,866][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed

[2015-06-29 19:19:50,034][INFO ][node ] [testnode1] initialized

[2015-06-29 19:19:50,035][INFO ][node ] [testnode1] starting …

[2015-06-29 19:19:50,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compres

s[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb]

[2015-06-29 19:19:50,195][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [testnode1] Bound profile [default] to address [/0:0:0:0:0:0:0:0:9300]

[2015-06-29 19:19:50,203][INFO ][transport ] [testnode1] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/172.16.10.49:9300]}

[2015-06-29 19:19:50,232][INFO ][discovery ] [testnode1] production/itlBsQwRTXyhaUDp2ylssg

[2015-06-29 19:19:50,270][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_1#][testnode1][inet[master1/172.16.10.46:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][discovery.zen.ping.unicast] [testnode1] [1] failed send ping to [#zen_unicast_3#][testnode1][inet[master3/172.16.10.48:9300]]

java.lang.NoSuchMethodError: org.elasticsearch.transport.netty.MessageChannelHandler.(Lorg/elasticsearch/transport/netty/NettyTransport;Lorg/elasticsearch/common/logging/ESLogger;Ljava/lang/String;)V

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)

at com.floragunn.searchguard.transport.SearchGuardNettyTransport$SearchGuardClientChannelPipelineFactory.getPipeline(SearchGuardNettyTransport.java:110)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)

at org.elasticsearch.common.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)

at org.elasticsearch.transport.netty.NettyTransport.connectToChannelsLight(NettyTransport.java:769)

at org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:737)

at org.elasticsearch.transport.netty.NettyTransport.connectToNodeLight(NettyTransport.java:709)

at org.elasticsearch.transport.TransportService.connectToNodeLight(TransportService.java:154)

at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$3.run(UnicastZenPing.java:376)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

[2015-06-29 19:19:50,276][WARN ][netty.channel.socket.nio.AbstractNioSelector] Failed to accept a connection.

at com.floragunn.searchguard.transport.SearchGuardMessageChannelHandler.(SearchGuardMessageChannelHandler.java:39)