Am 11.08.2016 um 16:58 schrieb Benjamin Shoemaker <bshoemaker@setonhill.edu>:
Unfortunately, no luck there. I'm getting 'Generic Error' timeouts, now.
Thank you for the suggestion, though!
-Ben
[2016-08-11 14:56:59,954][ERROR][com.floragunn.searchguard.configuration.ConfigurationLoader] Generic error: ElasticsearchTimeoutException[Timeout waiting for task.]
[2016-08-11 14:56:59,955][DEBUG][com.floragunn.searchguard.configuration.ConfigurationLoader] Looking for internalusers
[2016-08-11 14:56:59,955][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Action indices:data/read/get from null/
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Context
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Header [_sg_conf_request]
[2016-08-11 14:56:59,956][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] remote address: null
[2016-08-11 14:57:00,870][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] No issuer alternative names (san) found
[2016-08-11 14:57:00,872][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] Is not an inter cluster request
[2016-08-11 14:57:02,681][ERROR][com.floragunn.searchguard.configuration.ConfigurationLoader] Generic error: ElasticsearchTimeoutException[Timeout waiting for task.]
[2016-08-11 14:57:02,681][DEBUG][com.floragunn.searchguard.configuration.ConfigurationLoader] Looking for actiongroups
[2016-08-11 14:57:02,682][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Action indices:data/read/get from null/
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Context
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] Header [_sg_conf_request]
[2016-08-11 14:57:02,683][TRACE][com.floragunn.searchguard.filter.SearchGuardFilter] remote address: null
[2016-08-11 14:57:05,874][TRACE][com.floragunn.searchguard.transport.SearchGuardTransportService] No issuer alternative names (san) found
On Thu, Aug 11, 2016 at 10:21 AM, <info@search-guard.com> wrote:
can you try to install the following Search Guard Version: https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.4.6tm-SNAPSHOT/search-guard-2-2.3.4.6tm-20160811.140959-1.zip
On Thursday, 11 August 2016 15:12:12 UTC+2, Benjamin Shoemaker wrote:
Yep - files are attached.
We're running:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-8u91-b14-3ubuntu1~16.04.1-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
The SSL Truncation Errors in the log appear when I force-killed sgadmin, so I don't think those are necessarily a symptom.
Its also worth noting that I've tried both the JDK and OpenSSL ssl implementations, and both appear to have the same result.
Thanks!
Ben
On Wednesday, August 10, 2016 at 8:43:18 AM UTC-4, Benjamin Shoemaker wrote:
All-
We're attempting to implement SearchGuard.
We seem to have the SearchGuard-SSL side working pretty well - if search guard isn't up, we can serve the REST API over HTTPS.
However, as soon as SearchGuard is installed, the API starts complaining that 'Search Guard not initialized (SG11)' , and we start seeing '[2016-08-10 02:58:55,677][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized' in the logs.
Other threads have suggested that this is resolved by running the sgadmin script, to initialize the base configuration.
However, when we attempted to run the scripts, we're seeing the following:
root@localhost:/usr/share/elasticsearch/plugins/search-guard-2/tools# sudo ./sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn SHU -ks /home/ubuntu/search-guard-ssl/example-pki-scripts/node-0-keystore.jks -kspass changeit -ts /etc/elasticsearch/truststore.jks -tspass changeit -nhnv
Connect to localhost:9300
Clustername: SHU
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index does not exists, attempt to create it ... done
Populate config from /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
Will update 'config' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_config.yml
SUCC Configuration for 'config' created or updated
Will update 'roles' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles.yml
SUCC Configuration for 'roles' created or updated
Will update 'rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
SUCC Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_internal_users.yml
SUCC Configuration for 'internalusers' created or updated
Will update 'actiongroups' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_action_groups.yml
SUCC Configuration for 'actiongroups' created or updated
FAIL: Expected 5 config types for node 66wwVFDqRl-85qwtB3f33Q but got only
Done with failures
In the logs, all we're seeing is:
[2016-08-10 12:34:23,473][TRACE][com.floragunn.searchguard.auth.BackendRegistry] Headers:
Context:
[cursor, index: 3, key: _sg_ssl_cipher, value: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]=null
[cursor, index: 7, key: _sg_ssl_protocol, value: TLSv1.2]=null
[2016-08-10 12:34:23,474][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
[2016-08-10 12:41:23,609][ERROR][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAc
tion] [Vader] Unable to load all configurations types. Loaded '' but should '[config, roles, rolesmapping, internalusers, actiongroups]'
This seems to indicate it needs to be initialized to run the sgadmin script? A catch-22? I imagine I'm doing something incorrect - any thoughts?
Thanks!
Ben
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/1SVq0DCUk50/unsubscribe\.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d2024bfb-0579-4d54-9790-17d690710ec6%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
--
Ben Shoemaker
Programmer/Analyst
bshoemaker@setonhill.edu
This document may contain confidential information and is intended solely
for the use of the addressee. If you received it in error, please contact
the sender at once and destroy the document. The document may contain
information subject to restrictions of the Family Educational Rights and
Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
disclosed or used in any fashion outside the scope of the service for which
you are receiving the information.
--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAD7M0J_SkderQ75F%3DhTtHvPP11vrO8GSO0-hpXZ8vZgREfzA7A%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.