Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.
Have some issues setting up the Certificates:
At the moment have 2 images
1 image is used for the server (data nodes and master)
1 image is used for the client
using the following settings in elasticsearch.yml
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: certs/keystore.jks
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enforce_hostname_verification: false
getting lots of errors about
[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty
and errors about ip’s and certificates.
Anybody got any tips?
Cheers,
Owen
It seems you did not install the correct certificates on the nodes. You need to generate a so-called “server certificate”, identified by a specific oid as SAN value. Please see here:
https://github.com/floragunncom/search-guard-docs/blob/master/installation.md
and the section “Generating a server certificate.”
Hope this helps.
···
On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:
Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.
Have some issues setting up the Certificates:
At the moment have 2 images
1 image is used for the server (data nodes and master)
1 image is used for the client
using the following settings in elasticsearch.yml
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: certs/keystore.jks
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enforce_hostname_verification: false
getting lots of errors about
[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty
and errors about ip’s and certificates.
Anybody got any tips?
Cheers,
Owen
That the guide I was following. Think Redirecting to Google Groups will help a lot towards simplifying this.
Anyway will give it a another shot.
···
On Thursday, 14 July 2016 17:12:47 UTC+1, in...@search-guard.com wrote:
It seems you did not install the correct certificates on the nodes. You need to generate a so-called “server certificate”, identified by a specific oid as SAN value. Please see here:
https://github.com/floragunncom/search-guard-docs/blob/master/installation.md
and the section “Generating a server certificate.”
Hope this helps.
On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:
Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.
Have some issues setting up the Certificates:
At the moment have 2 images
1 image is used for the server (data nodes and master)
1 image is used for the client
using the following settings in elasticsearch.yml
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: certs/keystore.jks
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enforce_hostname_verification: false
getting lots of errors about
[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty
and errors about ip’s and certificates.
Anybody got any tips?
Cheers,
Owen
you can also have a look here https://github.com/floragunncom/search-guard/blob/master/Vagrantfile
···
Am 15.07.2016 um 09:10 schrieb Owen Haynes <owen.haynes@thefoundry.co.uk>:
That the guide I was following. Think Redirecting to Google Groups will help a lot towards simplifying this.
Anyway will give it a another shot.
On Thursday, 14 July 2016 17:12:47 UTC+1, in...@search-guard.com wrote:
It seems you did not install the correct certificates on the nodes. You need to generate a so-called "server certificate", identified by a specific oid as SAN value. Please see here:
https://github.com/floragunncom/search-guard-docs/blob/master/installation.md
and the section "Generating a server certificate."
Hope this helps.
On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:
Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.
Have some issues setting up the Certificates:
At the moment have 2 images
1 image is used for the server (data nodes and master)
1 image is used for the client
using the following settings in elasticsearch.yml
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: certs/keystore.jks
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enforce_hostname_verification: false
getting lots of errors about
[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty
and errors about ip's and certificates.
Anybody got any tips?
Cheers,
Owen
--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0f01996c-f863-483b-84c9-4570132ca4a8%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.