kibana status RED after configuring Search Guard with Kibana

Hi folks,

I’m using kibana, elasticsearch and searchguard 5 latest versions

java version “1.8.0_112”

on two nodes cluster: 192.168.40.174 and 192.168.40.175 and I included all the configuration from the first node

I configured SSL communication between nodes successfully and search guard with kibana too:

tools/sgadmin.sh -cd sgconfig/ -ks sgconfig/kirk-keystore.jks -ts sgconfig/truststore.jks -nhnv -h 192.168.40.174 -h 192.168.40.175

Search Guard Admin v5

Will connect to 192.168.40.174:9300 … done

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: elasticsearch

Clusterstate: GREEN

Number of nodes: 2

Number of data nodes: 2

searchguard index already exists, so we do not need to create one.

Populate config from /usr/share/elasticsearch/plugins/search-guard-5/sgconfig

Will update ‘config’ with sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘roles’ with sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

But as you can see from the attachement Unable to connect to Elasticsearch at https://192.168.40.174:9200.

Thanks,

elasticsearch.yml (1.09 KB)

jvm.options (2.82 KB)

log4j2.properties (3.9 KB)

node-0-keystore.jks (4.39 KB)

truststore.jks (1.07 KB)

kibana.yml (3.55 KB)

root-ca.pem (1.41 KB)

sg_roles.yml (155 Bytes)

elasticsearch.yml.example (3.11 KB)

kirk-keystore.jks (4.32 KB)

node-0-keystore.jks (4.39 KB)

sg_action_groups.yml (1.16 KB)

sg_config.yml (8.59 KB)

sg_internal_users.yml (1.41 KB)

sg_roles.yml (4.5 KB)

sg_roles_mapping.yml (951 Bytes)

truststore.jks (1.07 KB)

Pls send us the complete logfile (from the point in time elasticsearch starts until sgadmin finishs) on DEBUG level.
Looking on your config files it seems you mix yml with json somehow?

···

Am 27.01.2017 um 15:18 schrieb Oucéma Bellagha <bellagha.oucema@gmail.com>:

Hi folks,

I'm using kibana, elasticsearch and searchguard 5 latest versions
java version "1.8.0_112"

on two nodes cluster: 192.168.40.174 and 192.168.40.175 and I included all the configuration from the first node
I configured SSL communication between nodes successfully and search guard with kibana too:

tools/sgadmin.sh -cd sgconfig/ -ks sgconfig/kirk-keystore.jks -ts sgconfig/truststore.jks -nhnv -h 192.168.40.174 -h 192.168.40.175
Search Guard Admin v5
Will connect to 192.168.40.174:9300 ... done
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: elasticsearch
Clusterstate: GREEN
Number of nodes: 2
Number of data nodes: 2
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-5/sgconfig
Will update 'config' with sgconfig/sg_config.yml
   SUCC: Configuration for 'config' created or updated
Will update 'roles' with sgconfig/sg_roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update 'rolesmapping' with sgconfig/sg_roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with sgconfig/sg_internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update 'actiongroups' with sgconfig/sg_action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Done with success

But as you can see from the attachement Unable to connect to Elasticsearch at https://192.168.40.174:9200.

Thanks,

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/f92544ef-d07d-491d-8f87-8f1065423553%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<kibanana.JPG><elasticsearch.yml><jvm.options><log4j2.properties><node-0-keystore.jks><truststore.jks><kibana.yml><root-ca.pem><sg_roles.yml><elasticsearch.yml.example><kirk-keystore.jks><node-0-keystore.jks><sg_action_groups.yml><sg_config.yml><sg_internal_users.yml><sg_roles.yml><sg_roles_mapping.yml><truststore.jks>

Here’s the debug file.

I need to fix this for a POC so mixing json somehow is not and answer.

Thanks,

sgadmin_diag_trace_2017-Jan-30_08-25-27.txt (149 KB)

searchfuard conf.rar (25.4 KB)

···

In /var/log/elasticsearch/elasticsearch.log

[c.f.s.h.SearchGuardHttpServerTransport] [ekf1] Someone speaks plaintext instead of ssl, will close the channel

If you use TLS on the REST layer (“https”), you need to configure Kibana to use HTTPS as well, as described in the docs:

elasticsearch.url: “https://example.com:9200/

If you use self-signed certificates, disable verification as well:

elasticsearch.ssl.verify: false

···

On Monday, 30 January 2017 10:15:03 UTC+1, Oucema Bellagha wrote:

[c.f.s.h.SearchGuardHttpServerTransport] [ekf1] Someone speaks plaintext instead of ssl, will close the channel

In /var/log/elasticsearch/elasticsearch.log

I configured kibana to use TLS as described in https://github.com/floragunncom/search-guard-docs/blob/master/kibana.md here’s my kibana.yml now:

console.proxyConfig:

···

match:

protocol: https

ssl:

verify: false

elasticsearch.password: kibanaserver

elasticsearch.ssl.ca: /etc/kibana/root-ca.pem

elasticsearch.url: “https://192.168.40.174:9200

elasticsearch.username: kibanaserver

server.host: “192.168.40.174”

server.port: 5601

but nothing shows up in https://192.168.40.174:5601/

in logs when refresh the page https://192.168.40.174:5601/ I get this error message:

{“type”:“log”,"@timestamp":“2017-01-30T09:34:08Z”,“tags”:[“connection”,“client”,“error”],“pid”:45612,“level”:“error”,“message”:“Parse Error”,“error”:{“message”:“Parse Error”,“name”:“Error”,“stack”:“Error: Parse Error\n at Error (native)”,“code”:“HPE_INVALID_METHOD”}}

Thanks,