#Need_help # Unable to run sgadmin.sh through ansible, but it runs manually fine.

ElasticSearch: 2.4.2

Search-Guard-2

Search-Guard-ssl-2.4.2.19

Error Output::-

···

This was the script which was executing through Ansible, which gives below error.

  • name: Executing the script sgadmin

command: /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740

ignore_errors: True

fatal: [192.168.56.121]: FAILED! => {“changed”: true, “cmd”: ["/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh", “-h”, “192.168.56.121”, “-cd”, “/usr/share/elasticsearch/plugins/search-guard-2/sgconfig/”, “-ks”, “/etc/elasticsearch/node-0-keystore.jks”, “-ts”, “/etc/elasticsearch/truststore.jks”, “-nhnv”, “-icl”, “-p”, “9740”], “delta”: “0:00:03.826732”, “end”: “2018-04-21 12:08:18.279157”, “msg”: “non-zero return code”, “rc”: 255, “start”: “2018-04-21 12:08:14.452425”, “stderr”: “[searchguard] IndexAlreadyExistsException[already exists]\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)\n\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)\n\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)\n\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat java.lang.Thread.run(Thread.java:748)”, “stderr_lines”: ["[searchguard] IndexAlreadyExistsException[already exists]", “\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)”, “\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)”, “\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)”, “\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)”, “\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)”, “\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)”, “\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)”, “\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)”, “\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)”, “\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)”, “\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)”, “\tat java.lang.Thread.run(Thread.java:748)”], “stdout”: “Will connect to 192.168.56.121:9740 … done\nContacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …\nClustername: my-second-cluster\nClusterstate: GREEN\nNumber of nodes: 2\nNumber of data nodes: 2\nsearchguard index does not exists, attempt to create it … ERR: An unexpected IndexAlreadyExistsException occured: already exists\nTrace:”, “stdout_lines”: [“Will connect to 192.168.56.121:9740 … done”, “Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …”, “Clustername: my-second-cluster”, “Clusterstate: GREEN”, “Number of nodes: 2”, “Number of data nodes: 2”, “searchguard index does not exists, attempt to create it … ERR: An unexpected IndexAlreadyExistsException occured: already exists”, “Trace:”]}

But if i run the same script manually, it works out::-

root@Ansible-Devops-01:/etc# /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740

Will connect to 192.168.56.121:9740 … done

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: my-second-cluster

Clusterstate: GREEN

Number of nodes: 2

Number of data nodes: 2

searchguard index already exists, so we do not need to create one.

Populate config from /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/

Will update ‘config’ with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘roles’ with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

Also i am noticing some thing in the my-second-cluster.log::


[2018-04-21 12:10:56,222][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:11:39,978][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:13:08,099][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

[2018-04-21 12:13:08,106][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

Elasticsearch and Search Guard 2.4.x is end of life (EOL).
Therefore we do not longer provide support, pls. upgrade to latest 5.6.x or 6.2.x

···

Am 21.04.2018 um 08:49 schrieb Bishwajit Samanta <bishwajitsamanta1689@gmail.com>:

Error Output::-
--------------------

This was the script which was executing through Ansible, which gives below error.

- name: Executing the script sgadmin
  command: /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740
  ignore_errors: True

fatal: [192.168.56.121]: FAILED! => {"changed": true, "cmd": ["/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh", "-h", "192.168.56.121", "-cd", "/usr/share/elasticsearch/plugins/search-guard-2/sgconfig/", "-ks", "/etc/elasticsearch/node-0-keystore.jks", "-ts", "/etc/elasticsearch/truststore.jks", "-nhnv", "-icl", "-p", "9740"], "delta": "0:00:03.826732", "end": "2018-04-21 12:08:18.279157", "msg": "non-zero return code", "rc": 255, "start": "2018-04-21 12:08:14.452425", "stderr": "[searchguard] IndexAlreadyExistsException[already exists]\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)\n\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)\n\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)\n\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)\n\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)\n\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat java.lang.Thread.run(Thread.java:748)", "stderr_lines": ["[searchguard] IndexAlreadyExistsException[already exists]", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validateIndexName(MetaDataCreateIndexService.java:136)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.validate(MetaDataCreateIndexService.java:431)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService.access$100(MetaDataCreateIndexService.java:95)", "\tat org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:190)", "\tat org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)", "\tat org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)", "\tat org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)", "\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)", "\tat org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)", "\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)", "\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)", "\tat java.lang.Thread.run(Thread.java:748)"], "stdout": "Will connect to 192.168.56.121:9740 ... done\nContacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...\nClustername: my-second-cluster\nClusterstate: GREEN\nNumber of nodes: 2\nNumber of data nodes: 2\nsearchguard index does not exists, attempt to create it ... ERR: An unexpected IndexAlreadyExistsException occured: already exists\nTrace:", "stdout_lines": ["Will connect to 192.168.56.121:9740 ... done", "Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...", "Clustername: my-second-cluster", "Clusterstate: GREEN", "Number of nodes: 2", "Number of data nodes: 2", "searchguard index does not exists, attempt to create it ... ERR: An unexpected IndexAlreadyExistsException occured: already exists", "Trace:"]}

But if i run the same script manually, it works out::-
--------------------------------------------------------------------

root@Ansible-Devops-01:/etc# /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.56.121 -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks /etc/elasticsearch/node-0-keystore.jks -ts /etc/elasticsearch/truststore.jks -nhnv -icl -p 9740

Will connect to 192.168.56.121:9740 ... done
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: my-second-cluster
Clusterstate: GREEN
Number of nodes: 2
Number of data nodes: 2
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
Will update 'config' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_config.yml
   SUCC: Configuration for 'config' created or updated
Will update 'roles' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update 'rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update 'actiongroups' with /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/sg_action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Done with success

Also i am noticing some thing in the my-second-cluster.log::
----------------------------------------------------------------------------------

[2018-04-21 12:10:56,222][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel
[2018-04-21 12:11:39,978][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel
[2018-04-21 12:13:08,099][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel
[2018-04-21 12:13:08,106][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [192.168.56.121] Someone speaks plaintext instead of ssl, will close the channel

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2e5028ec-c786-4d44-ab42-98a9fc3bc1e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.