How to install search guard 6.1.3 plugin for ES 6.1.3 ?

Am 22.02.2018 um 08:58 schrieb 'Raju Manikala' via Search Guard Community Forum <search-guard@googlegroups.com>:

add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer -y

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.1.3.deb
chmod +x elasticsearch-6.1.3.deb
dpkg -i /home/ubuntu/elasticsearch-6.1.3.deb

Changed elasticsearch.yml as follows
network.host: 0.0.0.0
http.port: 9200

update-rc.d elasticsearch defaults 95 10

service elasticsearch restart

I accessed ES as https://<hostname>:<HTTP port> and I got below output
  {
  "name" : "acvff",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "-Hqx5vMgSbaZdM4-hjzMEQ",
  "version" : {
    "number" : "6.1.3",
    "build_hash" : "601be4a",
    "build_date" : "2017-11-04T09:22:03.333Z",
    "build_snapshot" : false,
    "lucene_version" : "7.0.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
   }

root@ip-10-0-0-248:/usr/share/elasticsearch# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.1.3-21.0
-> Downloading com.floragunn:search-guard-6:6.1.3-21.0 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission /proc/sys/net/core/somaxconn read
* java.lang.RuntimePermission accessClassInPackage.sun.misc
* java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
* java.lang.RuntimePermission accessClassInPackage.sun.security.x509
* java.lang.RuntimePermission accessDeclaredMembers
* java.lang.RuntimePermission accessUserInformation
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission loadLibrary.*
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission shutdownHooks
* java.lang.reflect.ReflectPermission suppressAccessChecks
* java.net.NetPermission getNetworkInformation
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
* java.security.SecurityPermission insertProvider.BC
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setProperty.ocsp.enable
* java.util.PropertyPermission com.sun.security.enableCRLDP write
* java.util.PropertyPermission es.set.netty.runtime.available.processors write
* java.util.PropertyPermission java.security.debug write
* java.util.PropertyPermission java.security.krb5.conf write
* java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
* java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* java.util.PropertyPermission sun.security.krb5.debug write
* java.util.PropertyPermission sun.security.spnego.debug write
* javax.security.auth.AuthPermission doAs
* javax.security.auth.AuthPermission modifyPrivateCredentials
* javax.security.auth.kerberos.ServicePermission * accept
See Permissions in the JDK
for descriptions of what these permissions allow and the associated risks.
-> Installed search-guard-6
root@ip-10-0-0-248:/usr/share/elasticsearch# cd plugins/search-guard-6/tools/
root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ls
hash.bat hash.sh install_demo_configuration.sh sgadmin.bat sgadmin.sh
root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ./install_demo_configuration.sh
bash: ./install_demo_configuration.sh: Permission denied
root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# chmod +x install_demo_configuration.sh
root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ls
hash.bat hash.sh install_demo_configuration.sh sgadmin.bat sgadmin.sh
root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ./install_demo_configuration.sh
Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)
    See Virtual memory | Elasticsearch Guide [8.11] | Elastic

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for 'sudo' privileges
Elasticsearch install type: rpm/deb on DISTRIB_ID=Ubuntu
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: cli-6.1.3
Detected Search Guard Version: 6.1.3-21.0

### Success
### Execute this script now on all your nodes and then start all nodes
### Search Guard will be automatically initialized.
### If you like to change the runtime configuration
### change the files in ../sgconfig and execute:
sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /etc/elasticsearch/kirk-key.pem -cert /etc/elasticsearch/kirk.pem -cacert /etc/elasticsearch/root-ca.pem -nhnv
### or run ./sgadmin_demo.sh
### To use the Search Guard Configuration GUI see Search Guard Documentation 404 | Security for Elasticsearch | Search Guard
### To access your Search Guard secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)

root@ip-10-0-0-110:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig# service elasticsearch restart
* Stopping Elasticsearch Server [ OK ]
* Starting Elasticsearch Server [ OK ]
root@ip-10-0-0-110:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig# cd
root@ip-10-0-0-110:~# sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /etc/elasticsearch/kirk-key.pem -cert /etc/elasticsearch/kirk.pem -cacert /etc/elasticsearch/root-ca.pem -nhnv
WARNING: JAVA_HOME not set, will use /usr/bin/java
Search Guard Admin v6
Will connect to localhost:9300 ... done
Elasticsearch Version: 6.1.3
Search Guard Version: 6.1.3-21.0
Connected as CN=kirk,OU=client,O=client,L=Test,C=DE
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
INFO: searchguard index state is YELLOW, it seems you miss some replicas
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update 'sg/config' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
   FAIL: Configuration for 'config' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]
Will update 'sg/roles' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
   FAIL: Configuration for 'roles' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]
Will update 'sg/rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
   FAIL: Configuration for 'rolesmapping' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]
Will update 'sg/internalusers' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
   FAIL: Configuration for 'internalusers' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]
Will update 'sg/actiongroups' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
   FAIL: Configuration for 'actiongroups' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]
FAIL: Expected 1 nodes to return response, but got only 0
Done with failures

I got error as below

Search Guard not initialized (SG11). See Search Guard Documentation 404 | Security for Elasticsearch | Search Guard

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e7098f7a-c873-414d-91c4-6e8b9019c4e7%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.