Please find elasticsearch.yml file as below.
···
NOTE: Elasticsearch comes with reasonable defaults for most settings.
Before you set out to tweak and tune the configuration, make sure you
understand what are you trying to accomplish and the consequences.
The primary way of configuring a node is via this file. This template lists
the most important settings you may want to configure for a production cluster.
Please consult the documentation for further information on configuration options:
---------------------------------- Cluster -----------------------------------
Use a descriptive name for your cluster:
cluster.name: MWBW_GMH_DEV
------------------------------------ Node ------------------------------------
Use a descriptive name for the node:
node.name: lonrs11800
node.master: true
node.data: true
Add custom attributes to the node:
node.attr.rack: r1
----------------------------------- Paths ------------------------------------
Path to directory where to store the data (separate multiple locations by comma):
path.data: /opt/app/tibco/install/elasticsearch-6.2.2/data
Path to log files:
path.logs: /opt/app/tibco/install/elasticsearch-6.2.2/logs
----------------------------------- Memory -----------------------------------
Lock the memory on startup:
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
Make sure that the heap size is set to about half the memory available
on the system and that the owner of the process is allowed to use this
limit.
Elasticsearch performs poorly when the system is swapping the memory.
---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
network.host: 11.195.97.46
network.bind_host: 11.195.97.46
transport.host: localhost
Set a custom port for HTTP:
http.port: 9200
For more information, consult the network module documentation.
--------------------------------- Discovery ----------------------------------
Pass an initial list of hosts to perform discovery when new node is started:
The default list of hosts is [“127.0.0.1”, “[::1]”]
discovery.zen.ping.unicast.hosts: [“lonrs11800”, “lonrs11819”]
Prevent the “split brain” by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
discovery.zen.minimum_master_nodes: 1
For more information, consult the zen discovery module documentation.
---------------------------------- Gateway -----------------------------------
Block initial recovery after a full cluster restart until N nodes are started:
gateway.recover_after_nodes: 1
For more information, consult the gateway module documentation.
---------------------------------- Various -----------------------------------
Require explicit names when deleting indices:
action.destructive_requires_name: true
cluster.routing.allocation.enable: all
######## Start Search Guard Demo Configuration ########
WARNING: revise all the lines below before you go into production
searchguard.authcz.admin_dn: cn=app-mware_bwadmin,ou=application,ou=generic accounts,ou=user environment,dc=fm,dc=rbsgrp,dc=net
searchguard.nodes_dn: cn=app-mware_bwadmin,ou=application,ou=generic accounts,ou=user environment,dc=fm,dc=rbsgrp,dc=net
searchguard.ssl.transport.enabled: false
######## End Search Guard Demo Configuration ########
when i disable ssl and trying to start elasticsearch, facing below exceptions. Could you please help.
[2018-08-13T06:06:53,718][ERROR][o.e.b.Bootstrap ] Exception
java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:146) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:303) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:246) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) [elasticsearch-6.2.2.jar:6.2.2]
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) ~[?:1.8.0_65]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.2.jar:6.2.2]
… 15 more
Caused by: java.lang.IllegalStateException: searchguard.ssl.transport.enabled must be set to ‘true’
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:240) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) ~[?:1.8.0_65]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.2.jar:6.2.2]
… 15 more
[2018-08-13T06:06:53,726][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [lonrs11800] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.2.jar:6.2.2]
Caused by: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:146) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:303) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:246) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
… 6 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) ~[?:1.8.0_65]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:146) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:303) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:246) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
… 6 more
Caused by: java.lang.IllegalStateException: searchguard.ssl.transport.enabled must be set to ‘true’
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:240) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) ~[?:1.8.0_65]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:146) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:303) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.node.Node.(Node.java:246) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
… 6 more
On Friday, 10 August 2018 09:55:29 UTC+1, Jochen Kressin wrote:
You can find the connection settings for LDAP in the docs:
Connecting to LDAP:
https://docs.search-guard.com/latest/active-directory-ldap-connection
If you do not want to use TLS for your LDAP connection then simply do not configure it.
On Friday, August 10, 2018 at 7:59:25 AM UTC+2, harika gudumasu wrote:
My point is our LDAP configuration do not use SSL/TLS. How can i disable it in elasticsearch.yml or at searchguard level.
On Thursday, 9 August 2018 04:10:55 UTC+1, harika gudumasu wrote:
Please find attached sgconfig.yml wherein i have provided all our ldap configuration level details.Coul dyou please verify it once. Now, i still have a doubt about tls certificates as don’t want to use either ssl or tls.
How can i disable certificate validation the below part in the documentation section.
Certificate validation
By default Search Guard validates the TLS certificate of the LDAP server(s) against the Root CA configured in elasticsearch.yml, either as PEM certificate or a truststore:
searchguard.ssl.transport.pemtrustedcas_filepath: ...
searchguard.ssl.http.truststore_filepath: ...
If your server uses a certificate signed by a different CA, import this CA to your truststore or add it to your trusted CA file on each node.
You can also use a separate root CA in PEM format by setting one of the following configuration options:
config:
pemtrustedcas_filepath: /path/to/trusted_cas.pem
On Tuesday, 7 August 2018 20:14:55 UTC+1, Jochen Kressin wrote:
There are three chapters about LDAP integration in the docs:
Connecting to LDAP:
https://docs.search-guard.com/latest/active-directory-ldap-connection
LDAP authentication:
https://docs.search-guard.com/latest/active-directory-ldap-authentication
LDAP authorization:
https://docs.search-guard.com/latest/active-directory-ldap-authorisation
I think you should go through them, in this order, and configure LDAP accordingly.
On Tuesday, August 7, 2018 at 6:40:00 AM UTC+2, harika gudumasu wrote:
I have ELK up and running currently and i am able to see logs properly in Kibana. Now my requirement is to integrate it with LDAP. I have base DN and password for it.
I don’t have any certificates or TLS is not required for our project.
How can i proceed further?
On Tuesday, 31 July 2018 10:36:22 UTC+1, Jochen Kressin wrote:
If you want to use your own certificates then you need to install and configure them. It is not sufficient to just change the DNs. You still have the demo certificates configure in elasticsearch.yml. You cannot remove the configuration but update it to use your own certificates. You need node certificates and at least one admin certificate.
TLS configuration:
https://docs.search-guard.com/latest/configuring-tls
Types of certificates.
https://docs.search-guard.com/latest/tls-in-production#types-of-certificates
On Tuesday, July 31, 2018 at 11:22:02 AM UTC+2, harika gudumasu wrote:
Hi Jochen,
Thanks for your reply. My intention is to use our own ldap dn’s and do not want to use “CN=kirk,OU=client,O=client,L=test,C=de”. Hence, i have updated below.
searchguard.authcz.admin_dn: cn=app-mware_bwadmin,ou=application,ou=generic accounts,ou=user environment,dc=fm,dc=rbsgrp,dc=net
searchguard.nodes_dn: cn=app-mware_bwadmin,ou=application,ou=generic accounts,ou=user environment,dc=fm,dc=rbsgrp,dc=net
Does that mean that i am not supposed to use demo certificates, can i remove all the below lines in my case?
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
On Saturday, 28 July 2018 10:39:53 UTC+1, harika gudumasu wrote:
Hi Team,
Please find the details as below:
ELK versions as below
drwxr-xr-x 9 bwadmind mwbwdev 4096 Apr 13 06:19 elasticsearch-6.2.2
drwxr-xr-x 7 bwadmind mwbwdev 4096 Apr 26 08:25 filebeat-6.2.2-linux-x86_64
drwxr-xr-x 13 bwadmind mwbwdev 4096 Jun 4 11:28 kibana-6.2.2-linux-x86_64
drwxr-xr-x 12 bwadmind mwbwdev 4096 Jun 2 00:38 logstash-6.2.2
Searchguard vesion and installable
https://oss.sonatype.org/content/repositories/releases/com/floragunn/search-guard-6/6.2.2-22.3/search-guard-6-6.2.2-22.3.zip
While running sgadmin_demo.sh facing the below error. LDAP configuarions which i have provided it is not able to pick up. Instead it is taking the default one’s. Could you please help.
(UAT) bwadmind@lonrs11800$ ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /usr/bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk,OU=client,O=client,L=test,C=de
ERR: CN=kirk,OU=client,O=client,L=test,C=de is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:
- “CN=kirk,OU=client,O=client,L=test,C=de”