If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.
**Elasticsearch version:**7.10.2
**Server OS version:**docker
Kibana version (if relevant):
Browser version (if relevant):
Browser OS version (if relevant):
**Describe the issue:**As per the documentation you are providing docker image along with kibana and elastic search, but how to download only searchgaurd image to configure with existing kibana and elasticsearch images on docker?
Steps to reproduce:
1.
2.
3.
Expected behavior:
Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)
… it throwing ssl certificate error for beats connection … can we disable SSL option in elasticsearch image??
It would be very bad do disable SSL in Search Guard. What errors do you see?
I guess it will work if you skip certificate verification in beats. For example, in filebeat the setting is verification_mode: none. Configure SSL | Filebeat Reference [8.11] | Elastic
Exiting: couldn’t connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://...:9200: 401 Unauthorized: Unauthorized]
we are facing below error for heartbeat when we provide elasticsearch public ip
tried with verification_mode:none
and
output.elasticsearch.hosts: [“https://192.168.1.42:9200”]
output.elasticsearch.ssl.certificate_authorities: [“/etc/pki/root/ca.pem”]
output.elasticsearch.ssl.certificate: “/etc/pki/client/cert.pem”
output.elasticsearch.ssl.key: “/etc/pki/client/cert.key”
2021-03-18T14:02:00.571+0530 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://:9200)): Get "https://...:9200": x509: certificate is valid for 127.0.0.1, not ...
Exiting: couldn’t connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://. .. :9200: 401 Unauthorized: Unauthorized]
Is it the same error or you just joined two errors?
2021-03-18T14:02:00.571+0530 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://:9200)): Get "https://... :9200": x509: certificate is valid for 127.0.0.1, not . ..
Where is this error from? It is hard to tell not seeing the entire log.
Please provide 2 logs (entire log for last 1 day):
Elasticsearch log
Beats log. What beats do you use?
Also, provide the configurations (entire files):
elasticsearch.yml
sg_config.yml
beats configuration
The error couldn’t connect to any of the configured Elasticsearch hosts means that the system that produced the log can’t connect to Elasticsearch host. Are you sure the Elasticsearch host is reachable from that system? Maybe a firewall in the middle blocks the connection. Go to that system and check if the Elasticsearch 9200 port is open. You can do it with nmap or netcat.
Can we manually setup seachgaurd plugin as we did for windows in docker container with install command??
elastic is up and running but kibana is not able to connect with elastic even though providing cert paths and auth creds properly
ARG ES_VERSION
ARG SG_VERSION
ARG CONTAINER_NAME
ARG AUTH
FROM docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}
# Must repeat the docker-compose args to make them available after FROM
ARG ES_VERSION
ARG SG_VERSION
ARG CONTAINER_NAME
ARG AUTH
RUN elasticsearch-plugin install --batch https://maven.search-guard.com/search-guard-suite-release/com/floragunn/search-guard-suite-plugin/${ES_VERSION}-${SG_VERSION}/search-guard-suite-plugin-${ES_VERSION}-${SG_VERSION}.zip
# Copy Elasticsearch config
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.pem /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.key /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.readme /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.yml /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.yml.example /usr/share/elasticsearch/config/
# Copy Search Guard config
COPY ./config/${AUTH}/${CONTAINER_NAME}/sgconfig/* /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/
Kibana Dockerfile
ARG SG_VERSION
ARG KIBANA_VERSION
ARG CONTAINER_NAME
ARG AUTH
FROM docker.elastic.co/kibana/kibana:${KIBANA_VERSION}
# Must repeat the docker-compose args to make them available after FROM
ARG SG_VERSION
ARG KIBANA_VERSION
ARG CONTAINER_NAME
ARG AUTH
RUN kibana-plugin install https://maven.search-guard.com/search-guard-kibana-plugin-release/com/floragunn/search-guard-kibana-plugin/${KIBANA_VERSION}-${SG_VERSION}/search-guard-kibana-plugin-${KIBANA_VERSION}-${SG_VERSION}.zip
COPY ./config/${AUTH}/${CONTAINER_NAME} /usr/share/kibana/config/