I have the same problem as described in the link below with locking out of SearchGuard while running out of disk space - searchguard index marked as read-only, and I cannot make any updates to it
Hi,
I’m using Elasticsearch 6.7 with search guard. Everything was good until the Elasticsearch hard disk reaches to 90% limitation. Elasticsearch goes to block writing in all indices. Using the following command I try to re-enable writing:
PUT _all/_settings
{
“index.blocks.read_only_allow_delete”: null
}
However, this command does not work since the following error:
{
“error”: {
“root_cause”: [
{
“type”: “security_exception”,
“reason”: “no permissions for and User [name=myuser, …
I have an access to the truststore and keystore, how can I export certificates to PEM format so the certs can be used by mentioned curl command?
curl -k \
--cert "/path/to/admin-cert.pem" \
--key "/path/to/admin-key.pem" \
-XPUT "https://sgssl-0.example.com:9200/_all/_settings" \
-H 'Content-Type: application/json' \
-d '{ "index.blocks.read_only_allow_delete": null }'
I’ve managed to convert certs from keystore to PEM, but still no luck
keytool -importkeystore -srckeystore elasticsearch-01-keystore.jks -destkeystore elasticsearch-01-keystore.p12 -srcstoretype jks -deststoretype pkcs12
openssl pkcs12 -in elasticsearch-01-keystore.p12 -out ca.pem -cacerts -nokeys
openssl pkcs12 -in elasticsearch-01-keystore.p12 -out client.pem -clcerts -nokeys
openssl pkcs12 -in elasticsearch-01-keystore.p12 -out key.pem -nocerts
curl -ivk --cacert ca.pem \
--cert client.pem --key key.pem \
-XPUT -H "Content-Type: application/json" https://localhost:9200/_all/_settings \
-d '{ "index.blocks.read_only_allow_delete": null }'
the curl output is
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: ca.pem
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=COM; OU=SSL; CN=elasticsearch-01
* start date: Jan 2 13:12:51 2019 GMT
* expire date: Jan 1 13:12:51 2021 GMT
* issuer: O=_RPLC_ORG_NAME; OU=_RPLC_ORG_NAME Signing CA; CN=_RPLC_ORG_NAME
Signing CA
* SSL certificate verify ok.
> PUT /_all/_settings HTTP/1.1
> Host: localhost:9200
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 47
>
* upload completely sent off: 47 out of 47 bytes
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Search Guard"
WWW-Authenticate: Basic realm="Search Guard"
< content-type: text/plain; charset=UTF-8
content-type: text/plain; charset=UTF-8
< content-length: 12
content-length: 12
managed to resolve it - removed searchguard index by running sgadmin with -dci key and re-created it by running sgadmin as usual (updating SG config)
system
September 29, 2020, 6:31am
4
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.