Not executing initial sgadmin

Dear Search Guard Community,

I am trying to install the Search Guard Plugin to elasticstack products running with/on a docker container and my final aim is to automate this partly with a script (attached) and some commands in the dockerfile.

My problem:

If I run sgadmin with the script this very classic error message appears:

"Search Guard Admin v6

Will connect to localhost:9300

ERR: Seems there is no Elasticsearch running on localhost:9300 - Will exit"

If I execute sgadmin a second time (manually) in the container (exact parameters given in the script), the following message appears:

Will connect to localhost:9300 … done

Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost
ERR: CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:

  • “CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost”

So both messages are mentioned in your documentation https://docs.search-guard.com/latest/troubleshooting-sgadmin.html and as far as I understand I did list searchguard.authcz.admin_dn in my elasticsearch.yml and "kirk" is my amdin, because I declared "admin: true2 -right?!

Considering the elastic logs, there are "issues" with kibana and x-pack, but if I configure kibana (right now uncommented in the script) I still can't execute sg_admin (bellow).

I would be absolutly greatful for any answer. Thank you for Search Guard and your answersanyways <3

config_sg_sh.txt (3.13 KB)

elasticsearch.yml (3.43 KB)

config.yml (838 Bytes)

···

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

search-guard-6:6.4.2-23.1, elasticsearchversion 6.4.2

  • Installed and used enterprise modules, if any

none

  • JVM version and operating system version

openjdk version “1.8.0_181”
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-0ubuntu0.16.04.1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) running in a docker container

  • Search Guard configuration files

attached

  • Elasticsearch log messages on debug level

{“type”:“log”,"@timestamp":“2019-01-17T17:14:26Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/_search",“query”:{“ignore_unavailable”:true,“filter_path”:“aggregations.types.buckets”},“body”:"{\“size\”:0,\“query\”:{\“terms\”:{\“type\”:[\“dashboard\”,\“visualization\”,\“search\”,\“index-pattern\”,\“graph-workspace\”,\“timelion-sheet\”]}},\“aggs\”:{\“types\”:{\“terms\”:{\“field\”:\“type\”,\“size\”:6}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/doc/config%3A6.4.2",“query”:{},“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.reporting-*/_search",“query”:{“filter_path”:“hits.total,aggregations.jobTypes.buckets,aggregations.objectTypes.buckets,aggregations.layoutTypes.buckets,aggregations.statusTypes.buckets”},“body”:"{\“size\”:0,\“aggs\”:{\“jobTypes\”:{\“terms\”:{\“field\”:\“jobtype\”,\“size\”:2}},\“objectTypes\”:{\“terms\”:{\“field\”:\“meta.objectType.keyword\”,\“size\”:3}},\“layoutTypes\”:{\“terms\”:{\“field\”:\“meta.layout.keyword\”,\“size\”:3}},\“statusTypes\”:{\“terms\”:{\“field\”:\“status\”,\“size\”:4}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}

  • Other installed Elasticsearch or Kibana plugins, if any

none

What you can try in your script is to wait until sgadmin.sh was successful like

until ./sgadmin.sh --fail-fast -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk.key ; do
   sleep 10
done

and to solve your admin certificate problem i think the configuration in elasticsearch.yml should look like

searchguard.authcz.admin_dn:
  - CN=kirk.localhost,OU=Ops,O=localhost\, Inc.,DC=localhost

Please validate with "cat elasticsearch.yml" (maybe the \ needs to be escaped due to sed)

···

Am 17.01.2019 um 18:46 schrieb Natalie Goldman <empoerterkolibri@gmail.com>:

Dear Search Guard Community,

I am trying to install the Search Guard Plugin to elasticstack products running with/on a docker container and my final aim is to automate this partly with a script (attached) and some commands in the dockerfile.
My problem:
If I run sgadmin with the script this very classic error message appears:

"Search Guard Admin v6
Will connect to localhost:9300
ERR: Seems there is no Elasticsearch running on localhost:9300 - Will exit"

If I execute sgadmin a second time (manually) in the container (exact parameters given in the script), the following message appears:

Will connect to localhost:9300 ... done

Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk.localhost,OU=Ops,O=localhost\, Inc.,DC=localhost
ERR: CN=kirk.localhost,OU=Ops,O=localhost\, Inc.,DC=localhost is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:
  - "CN=kirk.localhost,OU=Ops,O=localhost\, Inc.,DC=localhost"

So both messages are mentioned in your documentation https://docs.search-guard.com/latest/troubleshooting-sgadmin.html and as far as I understand I did list searchguard.authcz.admin_dn in my elasticsearch.yml and "kirk" is my amdin, because I declared "admin: true2 -right?!

Considering the elastic logs, there are "issues" with kibana and x-pack, but if I configure kibana (right now uncommented in the script) I still can't execute sg_admin (bellow).

I would be absolutly greatful for any answer. Thank you for Search Guard and your answersanyways <3

----
When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
search-guard-6:6.4.2-23.1, elasticsearchversion 6.4.2

* Installed and used enterprise modules, if any
none
* JVM version and operating system version
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-0ubuntu0.16.04.1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) running in a docker container

* Search Guard configuration files
attached

* Elasticsearch log messages on debug level

{"type":"log","@timestamp":"2019-01-17T17:14:26Z","tags":["warning","stats-collection"],"pid":295,"message":"Unable to fetch data from reporting collector"}
{"type":"error","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"level":"error","error":{"message":"Authentication Exception","name":"Error","stack":"Authentication Exception :: {\"path\":\"/.kibana/_search\",\"query\":{\"ignore_unavailable\":true,\"filter_path\":\"aggregations.types.buckets\"},\"body\":\"{\\\"size\\\":0,\\\"query\\\":{\\\"terms\\\":{\\\"type\\\":[\\\"dashboard\\\",\\\"visualization\\\",\\\"search\\\",\\\"index-pattern\\\",\\\"graph-workspace\\\",\\\"timelion-sheet\\\"]}},\\\"aggs\\\":{\\\"types\\\":{\\\"terms\\\":{\\\"field\\\":\\\"type\\\",\\\"size\\\":6}}}}\",\"statusCode\":401,\"response\":\"Unauthorized\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"Search Guard\\\"\"}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector.<anonymous> (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},"message":"Authentication Exception"}
{"type":"log","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"message":"Unable to fetch data from kibana collector"}
{"type":"error","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"level":"error","error":{"message":"Authentication Exception","name":"Error","stack":"Authentication Exception :: {\"path\":\"/.kibana/doc/config%3A6.4.2\",\"query\":{},\"statusCode\":401,\"response\":\"Unauthorized\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"Search Guard\\\"\"}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector.<anonymous> (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},"message":"Authentication Exception"}
{"type":"log","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"message":"Unable to fetch data from kibana_settings collector"}
{"type":"error","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"level":"error","error":{"message":"Authentication Exception","name":"Error","stack":"Authentication Exception :: {\"path\":\"/.reporting-*/_search\",\"query\":{\"filter_path\":\"hits.total,aggregations.jobTypes.buckets,aggregations.objectTypes.buckets,aggregations.layoutTypes.buckets,aggregations.statusTypes.buckets\"},\"body\":\"{\\\"size\\\":0,\\\"aggs\\\":{\\\"jobTypes\\\":{\\\"terms\\\":{\\\"field\\\":\\\"jobtype\\\",\\\"size\\\":2}},\\\"objectTypes\\\":{\\\"terms\\\":{\\\"field\\\":\\\"meta.objectType.keyword\\\",\\\"size\\\":3}},\\\"layoutTypes\\\":{\\\"terms\\\":{\\\"field\\\":\\\"meta.layout.keyword\\\",\\\"size\\\":3}},\\\"statusTypes\\\":{\\\"terms\\\":{\\\"field\\\":\\\"status\\\",\\\"size\\\":4}}}}\",\"statusCode\":401,\"response\":\"Unauthorized\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"Search Guard\\\"\"}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector.<anonymous> (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},"message":"Authentication Exception"}
{"type":"log","@timestamp":"2019-01-17T17:14:36Z","tags":["warning","stats-collection"],"pid":295,"message":"Unable to fetch data from reporting collector"}

* Other installed Elasticsearch or Kibana plugins, if any
none

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/05bb786c-b751-420e-9718-ad02c513e225%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<config_sg_sh.txt><elasticsearch.yml><config.yml>

Dear Search Guard Community,

I am trying to install the Search Guard Plugin to elasticstack products running with/on a docker container and my final aim is to automate this partly with a script (attached) and some commands in the dockerfile.

My problem:

If I run sgadmin with the script this very classic error message appears:

"Search Guard Admin v6

Will connect to localhost:9300

ERR: Seems there is no Elasticsearch running on localhost:9300 - Will exit"

If I execute sgadmin a second time (manually) in the container (exact parameters given in the script), the following message appears:

Will connect to localhost:9300 … done

Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost
ERR: CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:

  • “CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost”

So both messages are mentioned in your documentation https://docs.search-guard.com/latest/troubleshooting-sgadmin.html and as far as I understand I did list searchguard.authcz.admin_dn in my elasticsearch.yml and "kirk" is my amdin, because I declared "admin: true2 -right?!

Considering the elastic logs, there are "issues" with kibana and x-pack, but if I configure kibana (right now uncommented in the script) I still can't execute sg_admin (bellow).

I would be absolutly greatful for any answer. Thank you for Search Guard and your answersanyways <3


When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

search-guard-6:6.4.2-23.1, elasticsearchversion 6.4.2

  • Installed and used enterprise modules, if any

none

  • JVM version and operating system version

openjdk version “1.8.0_181”
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-0ubuntu0.16.04.1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) running in a docker container

  • Search Guard configuration files

attached

  • Elasticsearch log messages on debug level

{“type”:“log”,"@timestamp":“2019-01-17T17:14:26Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/_search",“query”:{“ignore_unavailable”:true,“filter_path”:“aggregations.types.buckets”},“body”:"{\“size\”:0,\“query\”:{\“terms\”:{\“type\”:[\“dashboard\”,\“visualization\”,\“search\”,\“index-pattern\”,\“graph-workspace\”,\“timelion-sheet\”]}},\“aggs\”:{\“types\”:{\“terms\”:{\“field\”:\“type\”,\“size\”:6}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/doc/config%3A6.4.2",“query”:{},“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.reporting-*/_search",“query”:{“filter_path”:“hits.total,aggregations.jobTypes.buckets,aggregations.objectTypes.buckets,aggregations.layoutTypes.buckets,aggregations.statusTypes.buckets”},“body”:"{\“size\”:0,\“aggs\”:{\“jobTypes\”:{\“terms\”:{\“field\”:\“jobtype\”,\“size\”:2}},\“objectTypes\”:{\“terms\”:{\“field\”:\“meta.objectType.keyword\”,\“size\”:3}},\“layoutTypes\”:{\“terms\”:{\“field\”:\“meta.layout.keyword\”,\“size\”:3}},\“statusTypes\”:{\“terms\”:{\“field\”:\“status\”,\“size\”:4}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}

  • Other installed Elasticsearch or Kibana plugins, if any

none

···

Am Donnerstag, 17. Januar 2019 18:46:28 UTC+1 schrieb Natalie Goldman:

It worked out! Thank you so, so much! To escape the / was the main issue in the script… I totally overlooked that. THANK YOU!

···

Am Donnerstag, 17. Januar 2019 23:39:09 UTC+1 schrieb Natalie Goldman:

Am Donnerstag, 17. Januar 2019 18:46:28 UTC+1 schrieb Natalie Goldman:

Dear Search Guard Community,

I am trying to install the Search Guard Plugin to elasticstack products running with/on a docker container and my final aim is to automate this partly with a script (attached) and some commands in the dockerfile.

My problem:

If I run sgadmin with the script this very classic error message appears:

"Search Guard Admin v6

Will connect to localhost:9300

ERR: Seems there is no Elasticsearch running on localhost:9300 - Will exit"

If I execute sgadmin a second time (manually) in the container (exact parameters given in the script), the following message appears:

Will connect to localhost:9300 … done

Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost
ERR: CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:

  • “CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost”

So both messages are mentioned in your documentation https://docs.search-guard.com/latest/troubleshooting-sgadmin.html and as far as I understand I did list searchguard.authcz.admin_dn in my elasticsearch.yml and "kirk" is my amdin, because I declared "admin: true2 -right?!

Considering the elastic logs, there are "issues" with kibana and x-pack, but if I configure kibana (right now uncommented in the script) I still can't execute sg_admin (bellow).

I would be absolutly greatful for any answer. Thank you for Search Guard and your answersanyways <3


When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

search-guard-6:6.4.2-23.1, elasticsearchversion 6.4.2

  • Installed and used enterprise modules, if any

none

  • JVM version and operating system version

openjdk version “1.8.0_181”
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-0ubuntu0.16.04.1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) running in a docker container

  • Search Guard configuration files

attached

  • Elasticsearch log messages on debug level

{“type”:“log”,"@timestamp":“2019-01-17T17:14:26Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/_search",“query”:{“ignore_unavailable”:true,“filter_path”:“aggregations.types.buckets”},“body”:"{\“size\”:0,\“query\”:{\“terms\”:{\“type\”:[\“dashboard\”,\“visualization\”,\“search\”,\“index-pattern\”,\“graph-workspace\”,\“timelion-sheet\”]}},\“aggs\”:{\“types\”:{\“terms\”:{\“field\”:\“type\”,\“size\”:6}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.kibana/doc/config%3A6.4.2",“query”:{},“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“error”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.reporting-*/_search",“query”:{“filter_path”:“hits.total,aggregations.jobTypes.buckets,aggregations.objectTypes.buckets,aggregations.layoutTypes.buckets,aggregations.statusTypes.buckets”},“body”:"{\“size\”:0,\“aggs\”:{\“jobTypes\”:{\“terms\”:{\“field\”:\“jobtype\”,\“size\”:2}},\“objectTypes\”:{\“terms\”:{\“field\”:\“meta.objectType.keyword\”,\“size\”:3}},\“layoutTypes\”:{\“terms\”:{\“field\”:\“meta.layout.keyword\”,\“size\”:3}},\“statusTypes\”:{\“terms\”:{\“field\”:\“status\”,\“size\”:4}}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)"},“message”:“Authentication Exception”}
{“type”:“log”,"@timestamp":“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}

  • Other installed Elasticsearch or Kibana plugins, if any

none