Freezing SearchGuard Initialization issue

Search Guard
1

When trying to initialize the searchguard index using the sgadmin tool, it keeps waiting for clusterstate as shown below :

[root@elasticNode1 tools]# bash sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /e/elasticsearch/ssl/test.key -cert /etc/elasticsearch/ssl/test.pem -cacert /etc/elasticsearch/ssl/root-ca.pem -nhnv -h node1.test.wali
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to node1.test.wali:9300 ... done
Elasticsearch Version: 6.7.2
Search Guard Version: 6.7.2-25.1
Connected as CN=root.test.wali,OU=Ops,O=BugBear Com\, Inc.,DC=example,DC=com
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate .

I’m adding as well that i have been able to enable the shard allocation correctly as shown below :

[root@elasticNode1 tools]# bash sgadmin.sh --enable-shard-allocation -key /etc/elasticsearch/ssl/wazuh.key -cert /etc/elasticsearch/ssl/test.pem -cacert /etc/elasticsearch/ssl/root-ca.pem -icl -nhnv -h node1.test.waliWARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to node1.test.wali:9300 ... done
Elasticsearch Version: 6.7.2
Search Guard Version: 6.7.2-25.1
Connected as CN=root.test.wali,OU=Ops,O=BugBear Com\, Inc.,DC=example,DC=com
Persistent and transient shard allocation enabled

Any help would be very appreciated. Thanks in advance

  • Your Search Guard configuration files

I’m using the default configuration

  • Your elasticsearch.yml configuration file
[root@elasticNode1 tools]# cat /etc/elasticsearch/elasticsearch.yml | grep -v "#"
cluster.name: test-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.zen.ping.unicast.hosts: ["node2.test.wali", "node3.test.wali"]
xpack.security.enabled: false
 
 
searchguard.ssl.transport.pemcert_filepath: ssl/node1.pem
searchguard.ssl.transport.pemkey_filepath: ssl/node1.key
searchguard.ssl.transport.pemtrustedcas_filepath: ssl/root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: ssl/node1_http.pem
searchguard.ssl.http.pemkey_filepath: ssl/node1_http.key
searchguard.ssl.http.pemtrustedcas_filepath: ssl/root-ca.pem
searchguard.nodes_dn:
- CN=node1.test.wali,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com
- CN=node2.test.wali,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com
- CN=node3.test.wali,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com
searchguard.authcz.admin_dn:
- CN=root.test.wali,OU=Ops,O=BugBear Com\, Inc.,DC=example,DC=com
3

Progress :

I have end up allowing sgadmin to operate on a red cluster

[root@elasticNode1 tools]# bash sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /e/elasticsearch/ssl/test.key -cert /etc/elasticsearch/ssl/test.pem -cacert /etc/elasticsearch/ssl/root-ca.pem -nhnv -h node1.test.wali --accept-red-cluster
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to node1.test.wali:9300 ... done
Elasticsearch Version: 6.7.2
Search Guard Version: 6.7.2-25.1
Connected as CN=root.test.wali,OU=Ops,O=BugBear Com\, Inc.,DC=example,DC=com
Contacting elasticsearch cluster 'elasticsearch' ...
Clustername: test-cluster
Clusterstate: RED
Number of nodes: 1
Number of data nodes: 1
searchguard index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update 'sg/config' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml 
   SUCC: Configuration for 'config' created or updated
Will update 'sg/roles' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update 'sg/rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update 'sg/internalusers' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update 'sg/actiongroups' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Done with success

I will proceed with finish the task for the cluster now and keep you posted.

Although i would like to know if this action (performing on a red cluster) has any side effect to the cluster ?

Regards,
Wali

4

Well, having a red cluster state is never good :wink: So you would first need to find out why the cluster state is red in your case. For example, if there are any problems with the primary and/or replica shards, that could lead to side effects. But without knowing the real cause for the red cluster it is hard to tell.

@cstaley any additional input from your side?

5

Hello @jkressin

Thanks for your prompt response.

Indeed after fixing my red index, i was able to initialize the searchguard successfully and i have be able to add a new user and refresh the index with new user.

Thanks again for the product and keep it up.

You can close this ticket :slight_smile: