Installing search-guard-kibana-plugin failed

Search Guard
1

Hello,

I downloaded the search-guard-kibana-plugin-6.3.2-14.zip and sftp to the Kibana server (elasticseach on the same server).

executed the installation as below, it failed. Any idea what went wrong?

[root@xxxx kibana]# ./bin/kibana-plugin install file:search-guard-kibana-plugin-6.3.2-14.zip

Found previous install attempt. Deleting…

Attempting to transfer from file:search-guard-kibana-plugin-6.3.2-14.zip

Transferring 3101353 bytes…

Transfer complete

Retrieving metadata from plugin archive

Extracting plugin archive

Extraction complete

Optimizing and caching browser bundles…

Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli --env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR YAMLException: can not read a block mapping entry; a multiline key may not be an implicit key at line 41, column 1:

The default application to load.

^

at generateError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:160:10)

at throwError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:166:9)

at readBlockMapping (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1027:9)

at composeNode (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1315:12)

at readDocument (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1478:3)

at loadDocuments (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1538:5)

at load (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1555:19)

at safeLoad (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1573:10)

at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:56)

at Array.map ()

"

···

===============

Thanks in advance

Li

2

My best guess here is that your kibana.yml has some syntax errors. Does Kibana start without SG installed? Can you post your kibana.yml here?

···

On Wednesday, August 22, 2018 at 12:26:06 AM UTC-5, Li Cui wrote:

Hello,

I downloaded the search-guard-kibana-plugin-6.3.2-14.zip and sftp to the Kibana server (elasticseach on the same server).

executed the installation as below, it failed. Any idea what went wrong?

[root@xxxx kibana]# ./bin/kibana-plugin install file:search-guard-kibana-plugin-6.3.2-14.zip

Found previous install attempt. Deleting…

Attempting to transfer from file:search-guard-kibana-plugin-6.3.2-14.zip

Transferring 3101353 bytes…

Transfer complete

Retrieving metadata from plugin archive

Extracting plugin archive

Extraction complete

Optimizing and caching browser bundles…

Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli –env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR YAMLException: can not read a block mapping entry; a multiline key may not be an implicit key at line 41, column 1:

The default application to load.

^

at generateError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:160:10)

at throwError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:166:9)

at readBlockMapping (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1027:9)

at composeNode (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1315:12)

at readDocument (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1478:3)

at loadDocuments (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1538:5)

at load (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1555:19)

at safeLoad (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1573:10)

at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:56)

at Array.map ()

"

===============

Thanks in advance

Li

3

Thank you this was due my tapo in the kibana.yml
Now Kibana, Elasticsearch, and logstash all are up and running.

What should we do on the clients, eg… on the filebeat, metricbeat, winlogbeat, etc on separated servers?

I could not find the information on how to set up SG for filebeat/metricbeat…

I started my filebeat on a remote linux server, it is set to send logs to logstash, but I don’t see any incoming data events on kibana…

When trying to push the dashboards to kibana, I got the following, it looks like filebeat communicates with Elastic using HTTP instead of HTTPS.

If we enable HTTPS on filebeat, do we have to ship the client certificates to the filebeat server?

Do you have any documents on how to set up filebeat/metricbeat… etc with search-guard enabled?

[ec2-user@ixxxxxx ~]$ sudo filebeat setup --dashboards

Loading dashboards (Kibana must be running and reachable)

Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kibana: Error importing directory /usr/share/filebeat/kibana: Failed to import index-pattern: Failed to load directory /usr/share/filebeat/kibana/6/index-pattern:

error loading /usr/share/filebeat/kibana/6/index-pattern/filebeat.json: fail to execute the HTTP POST request: Post http://xx.xx.xx.xx.:5601/api/kibana/dashboards/import?force=true: net/http: request canceled (Client.Timeout exceeded while awaiting headers). Response:

Here is the logstash pipeline.yml on logstash node:

elasticsearch-sg.yml (3.94 KB)

logstash-sg.yml (8.18 KB)

filebeat_sg.yml (7.41 KB)

···

On Wed, Aug 22, 2018 at 9:48 AM, Jochen Kressin jkressin@floragunn.com wrote:

My best guess here is that your kibana.yml has some syntax errors. Does Kibana start without SG installed? Can you post your kibana.yml here?

On Wednesday, August 22, 2018 at 12:26:06 AM UTC-5, Li Cui wrote:

Hello,

I downloaded the search-guard-kibana-plugin-6.3.2-14.zip and sftp to the Kibana server (elasticseach on the same server).

executed the installation as below, it failed. Any idea what went wrong?

[root@xxxx kibana]# ./bin/kibana-plugin install file:search-guard-kibana-plugin-6.3.2-14.zip

Found previous install attempt. Deleting…

Attempting to transfer from file:search-guard-kibana-plugin-6.3.2-14.zip

Transferring 3101353 bytes…

Transfer complete

Retrieving metadata from plugin archive

Extracting plugin archive

Extraction complete

Optimizing and caching browser bundles…

Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli –env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR YAMLException: can not read a block mapping entry; a multiline key may not be an implicit key at line 41, column 1:

The default application to load.

^

at generateError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:160:10)

at throwError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:166:9)

at readBlockMapping (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1027:9)

at composeNode (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1315:12)

at readDocument (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1478:3)

at loadDocuments (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1538:5)

at load (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1555:19)

at safeLoad (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1573:10)

at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:56)

at Array.map ()

"

===============

Thanks in advance

Li

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0430cc87-b710-44c6-8b40-a68561cf8d01%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

4

I saw in the elasticsearch log a lot of WARNINGs as below:

==============\

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]

[2018-08-23T02:40:37,613][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [node1] caught exception while handling client http traffic, closing connection [id: 0x09b5e18c, L:0.0.0.0/0.0.0.0:9

200 ! R:/18.220.19.163:35512]

java.lang.NullPointerException: ssl

at io.netty.internal.tcnative.SSL.getHandshakeCount(Native Method) ~[netty-tcnative-openssl-1.0.2-dynamic-2.0.7.Final-fedora-linux-x86_64.jar:2.0.7.Final]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.rejectRemoteInitiatedRenegotiation(ReferenceCountedOpenSslEngine.java:1118) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1081) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1170) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]

···

On Wed, Aug 22, 2018 at 12:26 AM, Li Cui lcuicsc@gmail.com wrote:

Hello,

I downloaded the search-guard-kibana-plugin-6.3.2-14.zip and sftp to the Kibana server (elasticseach on the same server).

executed the installation as below, it failed. Any idea what went wrong?

[root@xxxx kibana]# ./bin/kibana-plugin install file:search-guard-kibana-plugin-6.3.2-14.zip

Found previous install attempt. Deleting…

Attempting to transfer from file:search-guard-kibana-plugin-6.3.2-14.zip

Transferring 3101353 bytes…

Transfer complete

Retrieving metadata from plugin archive

Extracting plugin archive

Extraction complete

Optimizing and caching browser bundles…

Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli –env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR YAMLException: can not read a block mapping entry; a multiline key may not be an implicit key at line 41, column 1:

The default application to load.

^

at generateError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:160:10)

at throwError (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:166:9)

at readBlockMapping (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1027:9)

at composeNode (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1315:12)

at readDocument (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1478:3)

at loadDocuments (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1538:5)

at load (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1555:19)

at safeLoad (/usr/share/kibana/node_modules/js-yaml/lib/js-yaml/loader.js:1573:10)

at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:56)

at Array.map ()

"

===============

Thanks in advance

Li

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/f76893a1-c566-4075-8ebf-806a7a3a430a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

5

i checked my kibana.yml and it seems good to me but still i am getting installation error.

please see the logs

Attempting to transfer from https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.3.2-15/search-guard-kibana-plugin-6.3.2-15.zip
Transferring 2054581 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation was unsuccessful due to error "Command failed: /usr/share/kibana/node/bin/node /usr/share/kibana/src/cli --env.name=production --optimize.useBundleCache=false --server.autoListen=false --plugins.initialize=false --uiSettings.enabled=false

FATAL CLI ERROR Error: ENOENT: no such file or directory, open ‘/usr/share/kibana/config/kibana.yml’
at Object.fs.openSync (fs.js:646:18)
at fs.readFileSync (fs.js:551:33)
at files.map.path (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:78)
at Array.map ()
at readYamlConfig (/usr/share/kibana/src/cli/serve/read_yaml_config.js:52:23)
at readServerSettings (/usr/share/kibana/src/cli/serve/serve.js:150:57)
at getCurrentSettings (/usr/share/kibana/src/cli/serve/serve.js:32:38)
at Command. (/usr/share/kibana/src/cli/serve/serve.js:33:22)
at Command. (/usr/share/kibana/src/cli/command.js:97:20)
at Command.listener (/usr/share/kibana/node_modules/commander/index.js:301:8)
"
The command ‘/bin/sh -c kibana-plugin install https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.3.2-15/search-guard-kibana-plugin-6.3.2-15.zip’ returned a non-zero code: 70
ERROR: Job failed: exit code 1