Dear Kressin,
logstash setting:
output {
if [type] == “nginx2017” {
elasticsearch {
hosts => [“https://127.0.0.1:9200”]
password => logstash
ssl => “true”
ssl_certificate_verification => “false”
user => logstash
truststore => “/data/program/elasticsearch-2.3.3-node1/config/truststore.jks”
truststore_password => “changeit”
sniffing => true
manage_template => false
index => “logstash-%{type}-%{+YYYY.MM.dd}”
#document_id => “%{log_id}”
}
}
stdout { codec => rubydebug }
}
``
why show "http://10.45.184.171:9200: The target server failed to respond " ?
五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute
信息: I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {}->http://10.45.184.171:9200: The target server failed to respond
五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute
信息: Retrying request to {}->http://10.45.184.171:9200
五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute
信息: Retrying request to {}->http://10.45.184.171:9200
10.45.184.171:9200 failed to respond {:class=>“Manticore::ClientProtocolException”, :backtrace=>[“/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:37:in `initialize’”, “org/jruby/RubyProc.java:281:in `call’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:79:in `call’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:256:in `call_once’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:153:in `code’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:71:in `perform_request’”, “org/jruby/RubyProc.java:281:in `call’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:201:in `perform_request’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in `perform_request’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:in `hosts’”, “org/jruby/ext/timeout/Timeout.java:147:in `timeout’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:in `hosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in `reload_connections!'”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:in `sniff!'”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in `start_sniffing!'”, “org/jruby/ext/thread/Mutex.java:149:in `synchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in `start_sniffing!'”, “org/jruby/RubyKernel.java:1479:in `loop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!'”], :level=>:error}
``
Jochen Kressin於 2017年5月22日星期一 UTC+8下午5時20分34秒寫道:
···
The two issues are completely unrelated. Your permission settings look fine after you’ve added the missing cluster permission.
Regarding this one:
[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
As the message says, someone is trying to access your cluster via http, not https. Probably logstash.
You have two options, either configure logstash (or any other service that accesses your cluster via the REST Api) to use HTTPS instead of HTTP. This is recommended. For logstash, please refer to the documentation:
https://github.com/floragunncom/search-guard-docs/blob/master/logstash.md
Or, if you cannot use HTTPS, you can also disable TLS on the REST layer, and access your cluster via HTTP. This is not recommended since it’s insecure. In elasticsearch.yml, set:
searchguard.ssl.http.enabled: false
On Sunday, May 21, 2017 at 6:28:18 PM UTC+2, zim so wrote:
es 2.3.3
loginstash 2.2.2
search-guard-ssl-2.3.3.21
search-guard-2-2.3.3.12
sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
indices:
‘logstash-':
'’:
- CRUD
- CREATE_INDEX
‘beat’:
‘*’:
- CRUD
- CREATE_INDEX
``
logstash error log:
{:timestamp=>“2017-05-22T00:17:14.684000+0800”, :message=>“[403] {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for cluster:monitor/nodes/info"}],"type":"security_exception","reason":"no permissions for cluster:monitor/nodes/info"},"status":403}”, :class=>“Elasticsearch::Transport::Transport::Errors::Forbidden”, :backtrace=>[“/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:146:in `__raise_transport_error’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:256:in `perform_request’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in `perform_request’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:in `hosts’”, “org/jruby/ext/timeout/Timeout.java:147:in `timeout’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:in `hosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in `reload_connections!'”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:in `sniff!'”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in `start_sniffing!'”, “org/jruby/ext/thread/Mutex.java:149:in `synchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in `start_sniffing!'”, “org/jruby/RubyKernel.java:1479:in `loop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!'”], :level=>:error}
``
``
es error log:
[2017-05-22 00:22:50,087][INFO ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for User [name=logstash, roles=] [IndexType [index=_all, type=*]] [Action [cluster:monitor/nodes/info]] [RolesChecked [sg_logstash, sg_own_index, sg_public]]
``
``
try add to sd_logstash
sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘logstash-':
'’:
- CRUD
- CREATE_INDEX
‘beat’:
‘*’:
- CRUD
- CREATE_INDEX
``
error ,
[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52746) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52747) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,970][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52748) speaks http plaintext instead of ssl, will close the channel
``
How to add the permissions ?