Can I use X-Pack java client to create transport connection to search guard ssl?
I tried it with minimum configuration:
TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
.put("cluster.name", "elasticsearch")
.put("xpack.security.user", "admin:admin")
...
.build())
.addTransportAddress(new InetSocketTransportAddress("localhost", 9300));
but it didn't work.
I'm getting error when making a request:
> Exception in thread "main" NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
> at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
> at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)
The version of ES and SG is 5.0 and I run it with default setting following this instruction: https://github.com/floragunncom/search-guard/wiki/Search-Guard-Bundle
Nevertheless you need a ssl certificate to make the connection, username/password alone is not sufficient cause ssl for transport layer is mandatory with Search Guard.
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)
I found CN=localhost-keystore.jks and truststore.jks on elasticsearch-5.0.0-localhost’s config folder so I use those keystore & truststore on the code. I also found their password from config/elasticsearch.yml.
Nevertheless you need a ssl certificate to make the connection, username/password alone is not sufficient cause ssl for transport layer is mandatory with Search Guard.
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)
I found CN=localhost-keystore.jks and truststore.jks on elasticsearch-5.0.0-localhost’s config folder so I use those keystore & truststore on the code. I also found their password from config/elasticsearch.yml.
Nevertheless you need a ssl certificate to make the connection, username/password alone is not sufficient cause ssl for transport layer is mandatory with Search Guard.
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)
Hello Ben,
I’m trying to setup SSL using search guard in elastic search similar to what you have done. could you please help me in providing the documentation for this.
···
On Wednesday, December 21, 2016 at 6:48:04 AM UTC-6, Ben Kaffani wrote:
The needs of setting “path.home” is bugging me, since I’m using transport client not node client, why is there a need to set the path.home?
Is there a way to disable the path.home validation?
On Wednesday, December 21, 2016 at 6:41:46 PM UTC+7, Andi B wrote:
Thank you.
So I had made it working with this steps:
Add dependency to search-guard-ssl plugin on maven pom.xml:
I found CN=localhost-keystore.jks and truststore.jks on elasticsearch-5.0.0-localhost’s config folder so I use those keystore & truststore on the code. I also found their password from config/elasticsearch.yml.
Nevertheless you need a ssl certificate to make the connection, username/password alone is not sufficient cause ssl for transport layer is mandatory with Search Guard.
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)
Hello Ben,
I’m trying to setup SSL using search guard in elastic search similar to what you have done. could you please help me in providing the documentation for this.
On Wednesday, December 21, 2016 at 6:48:04 AM UTC-6, Ben Kaffani wrote:
The needs of setting “path.home” is bugging me, since I’m using transport client not node client, why is there a need to set the path.home?
Is there a way to disable the path.home validation?
On Wednesday, December 21, 2016 at 6:41:46 PM UTC+7, Andi B wrote:
Thank you.
So I had made it working with this steps:
Add dependency to search-guard-ssl plugin on maven pom.xml:
I found CN=localhost-keystore.jks and truststore.jks on elasticsearch-5.0.0-localhost’s config folder so I use those keystore & truststore on the code. I also found their password from config/elasticsearch.yml.
Nevertheless you need a ssl certificate to make the connection, username/password alone is not sufficient cause ssl for transport layer is mandatory with Search Guard.
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{XeBoeAgsR_2kcJT9KTnQ6g}{127.0.0.1}{127.0.0.1:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:314)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:228)