When asking questions, please provide the following information:
Hi there I would like to ask if anyone has seen the following error.
- Search Guard and Elasticsearch version
6.2.2
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
The one that ships with the offical docker containers
- Search Guard configuration files
Default for now testing TLS setup and deployment
- Elasticsearch log messages on debug level
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
``
- Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only
Based on the error logs , I can understand that ssl is not allowed. So I guess we need to make some changes in elasticsearch.yml post that ssl may be resolved.
···
On Fri 20 Apr, 2018, 23:17 , richardlaing00@gmail.com wrote:
When asking questions, please provide the following information:
Hi there I would like to ask if anyone has seen the following error.
- Search Guard and Elasticsearch version
6.2.2
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
The one that ships with the offical docker containers
- Search Guard configuration files
Default for now testing TLS setup and deployment
- Elasticsearch log messages on debug level
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
``
- Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only
–
You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b7bba6bd-36b5-4570-8244-0f7d7682ec2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Make sure you have disabled X-Pack security in kibana.yml
...
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
···
Am 21.04.2018 um 17:38 schrieb Bishwajit Samanta <bishwajitsamanta1689@gmail.com>:
Based on the error logs , I can understand that ssl is not allowed. So I guess we need to make some changes in elasticsearch.yml post that ssl may be resolved.
On Fri 20 Apr, 2018, 23:17 , <richardlaing00@gmail.com> wrote:
When asking questions, please provide the following information:
Hi there I would like to ask if anyone has seen the following error.
* Search Guard and Elasticsearch version
6.2.2
* Installed and used enterprise modules, if any
None
* JVM version and operating system version
The one that ships with the offical docker containers
* Search Guard configuration files
Default for now testing TLS setup and deployment
* Elasticsearch log messages on debug level
{"type":"error","@timestamp":"2018-04-20T17:41:45Z","tags":["fatal"],"pid":1,"level":"fatal","error":{"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]","name":"ValidationError","stack":"ValidationError: child \"searchguard\" fails because [\"ssl\" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361"},"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]"}
{"type":"error","@timestamp":"2018-04-20T17:41:50Z","tags":["fatal"],"pid":1,"level":"fatal","error":{"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]","name":"ValidationError","stack":"ValidationError: child \"searchguard\" fails because [\"ssl\" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361"},"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]"}
* Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b7bba6bd-36b5-4570-8244-0f7d7682ec2e%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAPkwwd0OHDGX7J2EYULZWM0hpAqs8tGAigWejwVR8jPHrc5B%2BA%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.
Can you please post the contents of your kibana.yml. According to the error message:
“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
It seems you have a configuration entry like:
searchguard.ssl…
in kibana.yml which is not valid. Make sure you do not confuse the settings in elasticsearch.yml with settings in kibana.yml. The error is thrown when Kibana is validating the kibana.yml configuration settings.
···
On Friday, April 20, 2018 at 10:47:43 AM UTC-7, richardlaing00@gmail.com wrote:
When asking questions, please provide the following information:
Hi there I would like to ask if anyone has seen the following error.
- Search Guard and Elasticsearch version
6.2.2
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
The one that ships with the offical docker containers
- Search Guard configuration files
Default for now testing TLS setup and deployment
- Elasticsearch log messages on debug level
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
``
- Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only
The following is my Kibana configuration
···
On 22 April 2018 at 21:26, Jochen Kressin jkressin@floragunn.com wrote:
Can you please post the contents of your kibana.yml. According to the error message:
“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
It seems you have a configuration entry like:
searchguard.ssl…
in kibana.yml which is not valid. Make sure you do not confuse the settings in elasticsearch.yml with settings in kibana.yml. The error is thrown when Kibana is validating the kibana.yml configuration settings.
On Friday, April 20, 2018 at 10:47:43 AM UTC-7, richardlaing00@gmail.com wrote:
When asking questions, please provide the following information:
Hi there I would like to ask if anyone has seen the following error.
- Search Guard and Elasticsearch version
6.2.2
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
The one that ships with the offical docker containers
- Search Guard configuration files
Default for now testing TLS setup and deployment
- Elasticsearch log messages on debug level
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
{“type”:“error”,“@timestamp”:“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child "searchguard" fails because ["ssl" is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child "searchguard" fails because ["ssl" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child "searchguard" fails because ["ssl" is not allowed]”}
``
- Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only
–
You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d5b7c414-2b55-4f27-be16-dc22f80521d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Yours R.Laing BSC Hons
seems you mixed up elasticsearch.yml and kibana.yml
There is no “searchguard.ssl.http.enabled” configuration in kibana.yml
You need to define this in elasticsearch.yml
Pls refer to the SG docs: Security for Elasticsearch | Search Guard Documentation and the kibana docs: Kibana User Guide [6.2] | Elastic
···
On Monday, 23 April 2018 10:50:14 UTC+2, …ard Lai… wrote:
The following is my Kibana configuration
xpack.security.enabled: false
xpack.monitoring.enabled: true
server.name: kibana
server.host: “0”
elasticsearch.url: https://XXX:9200
elasticsearch.username: “XXXXXX”
elasticsearch.password: “XXXXXX”
searchguard.ssl.http.enabled: true
elasticsearch.ssl.verificationMode: certificate
Yeah i noticed that I have been reading up on your website and I have fixed my configuration as exampled by the configuration below, also I read a couple of posts around the user group so thanks for the help.
#xpack settings
xpack.security.enabled: false
xpack.monitoring.enabled: true
#elasticsearch settings
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/certs/XXXXX
elasticsearch.ssl.certificate: /usr/share/kibana/config/certs/XXXXX
elasticsearch.ssl.key: /usr/share/kibana/config/certs/XXXXX
elasticsearch.url: “https://XXX:9200”
elasticsearch.username: “XXXXX”
elasticsearch.password: “XXXXX”
elasticsearch.requestHeadersWhitelist: [ “Authorization”, “x-forwarded-for”, “x-forwarded-by”, “x-proxy-user”, “x-proxy-roles” ]
#server settings
server.name: kibana
server.host: “0”
server.ssl.supportedProtocols:
``
···
On Monday, 23 April 2018 15:05:24 UTC+1, Search Guard wrote:
seems you mixed up elasticsearch.yml and kibana.yml
There is no “searchguard.ssl.http.enabled” configuration in kibana.yml
You need to define this in elasticsearch.yml
Pls refer to the SG docs: https://docs.search-guard.com/latest/index and the kibana docs: https://www.elastic.co/guide/en/kibana/6.2/index.html
On Monday, 23 April 2018 10:50:14 UTC+2, …ard Lai… wrote:
The following is my Kibana configuration
xpack.security.enabled: false
xpack.monitoring.enabled: true
server.name: kibana
server.host: “0”
elasticsearch.url: https://XXX:9200
elasticsearch.username: “XXXXXX”
elasticsearch.password: “XXXXXX”
searchguard.ssl.http.enabled: true
elasticsearch.ssl.verificationMode: certificate