Missing file keystore.jks

plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts

plugins/search-guard-2/sgconfig/truststore.jks -nhnv

``

Hello,

I’m trying to deploy SG in my Elasticsearch cluster, so I followed the doc but I have a problem on this step and get the following error :

Connect to localhost:9300

Exception in thread “main” ElasticsearchException[Unable to read /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/keystore.jks (/usr/share/elasticsearch/plugins/search-guard-2/sgconfig/keystore.jks) Please make sure this files exists and is readable regarding to permissions]

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.checkStorePath(SearchGuardKeyStore.java:443)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:173)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.(SearchGuardKeyStore.java:132)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:29)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:116)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:139)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:134)

In /usr/share/elasticsearch/plugins/search-guard-2/sgconfig I have some .jks files but no “keystore,jks” !

-rw-r–r-- 1 root root 386 Apr 20 14:25 elasticsearch.yml.example

-rw-r–r-- 1 root root 4423 Apr 20 14:25 kirk-keystore.jks

-rw-r–r-- 1 root root 4480 Apr 20 14:25 node-0-keystore.jks

-rw-r–r-- 1 root root 4479 Apr 20 14:25 node-1-keystore.jks

-rw-r–r-- 1 root root 4483 Apr 20 14:25 node-2-keystore.jks

-rw-r–r-- 1 root root 878 Apr 20 14:25 sg_action_groups.yml

-rw-r–r-- 1 root root 1313 Apr 20 14:25 sg_config.yml

-rw-r–r-- 1 root root 1069 Apr 20 14:25 sg_internal_users.yml

-rw-r–r-- 1 root root 666 Apr 20 14:25 sg_roles_mapping.yml

-rw-r–r-- 1 root root 3406 Apr 20 14:25 sg_roles.yml

-rw-r–r-- 1 root root 4425 Apr 20 14:25 spock-keystore.jks

-rw-r–r-- 1 root root 1096 Apr 20 14:25 truststore.jks

Where I’m supposed to get this file ?

Anyway it is possible to implement Search-Guard without search guard SSL?

I would like to use searchguard without SSL so I put
searchguard.ssl.transport.enabled: false

``

in my elastic config and when I try to start elasticsearch service on my node, I get the following error.

So how can I use SG without SSL plugin ?

[2016-04-20 14:51:06,939][ERROR][bootstrap ] Exception

ElasticsearchException[Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]]; nested: InvocationTargetException; nested: IllegalStateException[searchguard.ssl.transport.enabled must be set to ‘true’];

at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:483)

at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:432)

at org.elasticsearch.plugins.PluginsService.(PluginsService.java:129)

at org.elasticsearch.node.Node.(Node.java:158)

at org.elasticsearch.node.Node.(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

Caused by: java.lang.reflect.InvocationTargetException

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)

at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:472)

… 8 more

Caused by: java.lang.IllegalStateException: searchguard.ssl.transport.enabled must be set to ‘true’

at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:58)

… 13 more

I would like to use searchguard without SSL so I put
searchguard.ssl.transport.enabled: false
in my elastic config and when I try to start elasticsearch service on my node, I get the following error.

So how can I use SG without SSL plugin ?

its not possible, you have to use SSL plugin if you want to use SG
see also GitHub - floragunncom/search-guard: Search Guard Plugin - Security for Elasticsearch

···

Am 20.04.2016 um 14:57 schrieb S Bobylev <simeon.bobylev@gmail.com>:

[2016-04-20 14:51:06,939][ERROR][bootstrap ] Exception
ElasticsearchException[Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]]; nested: InvocationTargetException; nested: IllegalStateException[searchguard.ssl.transport.enabled must be set to 'true'];
      at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:483)
      at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:432)
      at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:129)
      at org.elasticsearch.node.Node.<init>(Node.java:158)
      at org.elasticsearch.node.Node.<init>(Node.java:140)
      at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
      at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
      at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
      at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Caused by: java.lang.reflect.InvocationTargetException
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:472)
      ... 8 more
Caused by: java.lang.IllegalStateException: searchguard.ssl.transport.enabled must be set to 'true'
      at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:58)
      ... 13 more

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/56435640-6c21-43d6-be32-3060765a4501%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.