kubernetes

Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.

Have some issues setting up the Certificates:

At the moment have 2 images

1 image is used for the server (data nodes and master)

1 image is used for the client

using the following settings in elasticsearch.yml

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_filepath: certs/keystore.jks

searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.transport.enforce_hostname_verification: false

getting lots of errors about

[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty

and errors about ip’s and certificates.

Anybody got any tips?

Cheers,

Owen

It seems you did not install the correct certificates on the nodes. You need to generate a so-called “server certificate”, identified by a specific oid as SAN value. Please see here:

and the section “Generating a server certificate.”

Hope this helps.

···

On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:

Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.

Have some issues setting up the Certificates:

At the moment have 2 images

1 image is used for the server (data nodes and master)

1 image is used for the client

using the following settings in elasticsearch.yml

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_filepath: certs/keystore.jks

searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.transport.enforce_hostname_verification: false

getting lots of errors about

[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty

and errors about ip’s and certificates.

Anybody got any tips?

Cheers,

Owen

That the guide I was following. Think https://groups.google.com/forum/#!topic/search-guard/LoPkTNViCFM will help a lot towards simplifying this.

Anyway will give it a another shot.

···

On Thursday, 14 July 2016 17:12:47 UTC+1, in...@search-guard.com wrote:

It seems you did not install the correct certificates on the nodes. You need to generate a so-called “server certificate”, identified by a specific oid as SAN value. Please see here:

https://github.com/floragunncom/search-guard-docs/blob/master/installation.md

and the section “Generating a server certificate.”

Hope this helps.

On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:

Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.

Have some issues setting up the Certificates:

At the moment have 2 images

1 image is used for the server (data nodes and master)

1 image is used for the client

using the following settings in elasticsearch.yml

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_filepath: certs/keystore.jks

searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.transport.enforce_hostname_verification: false

getting lots of errors about

[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty

and errors about ip’s and certificates.

Anybody got any tips?

Cheers,

Owen

you can also have a look here https://github.com/floragunncom/search-guard/blob/master/Vagrantfile

···

Am 15.07.2016 um 09:10 schrieb Owen Haynes <owen.haynes@thefoundry.co.uk>:

That the guide I was following. Think https://groups.google.com/forum/#!topic/search-guard/LoPkTNViCFM will help a lot towards simplifying this.

Anyway will give it a another shot.

On Thursday, 14 July 2016 17:12:47 UTC+1, in...@search-guard.com wrote:
It seems you did not install the correct certificates on the nodes. You need to generate a so-called "server certificate", identified by a specific oid as SAN value. Please see here:

https://github.com/floragunncom/search-guard-docs/blob/master/installation.md

and the section "Generating a server certificate."

Hope this helps.

On Thursday, 14 July 2016 17:18:40 UTC+2, Owen Haynes wrote:

Trying to set up SearchGaurd on a kubernetes cluster for elastic search you know as containers rock.

Have some issues setting up the Certificates:

At the moment have 2 images
1 image is used for the server (data nodes and master)
1 image is used for the client

using the following settings in elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: certs/keystore.jks
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enforce_hostname_verification: false

getting lots of errors about
[ERROR][com.floragunn.searchguard.transport.SearchGuardTransportService] Internal or shard requests not allowed from a non-server node for transport type netty

and errors about ip's and certificates.

Anybody got any tips?

Cheers,

Owen

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0f01996c-f863-483b-84c9-4570132ca4a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.