Dear Search Guard Community,
I am trying to install the Search Guard Plugin to elasticstack products running with/on a docker container and my final aim is to automate this partly with a script (attached) and some commands in the dockerfile.
My problem:
If I run sgadmin with the script this very classic error message appears:
"Search Guard Admin v6
Will connect to localhost:9300
ERR: Seems there is no Elasticsearch running on localhost:9300 - Will exit"
If I execute sgadmin a second time (manually) in the container (exact parameters given in the script), the following message appears:
Will connect to localhost:9300 … done
Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost
ERR: CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:
- “CN=kirk.localhost,OU=Ops,O=localhost, Inc.,DC=localhost”
So both messages are mentioned in your documentation sgadmin Troubleshooting | Security for Elasticsearch | Search Guard and as far as I understand I did list searchguard.authcz.admin_dn in my elasticsearch.yml and "kirk" is my amdin, because I declared "admin: true2 -right?!
Considering the elastic logs, there are "issues" with kibana and x-pack, but if I configure kibana (right now uncommented in the script) I still can't execute sg_admin (bellow).
I would be absolutly greatful for any answer. Thank you for Search Guard and your answersanyways <3
config_sg_sh.txt (3.13 KB)
elasticsearch.yml (3.43 KB)
config.yml (838 Bytes)
···
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
search-guard-6:6.4.2-23.1, elasticsearchversion 6.4.2
- Installed and used enterprise modules, if any
none
- JVM version and operating system version
openjdk version “1.8.0_181”
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-0ubuntu0.16.04.1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) running in a docker container
- Search Guard configuration files
attached
- Elasticsearch log messages on debug level
{“type”:“log”,“@timestamp”:“2019-01-17T17:14:26Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}
{“type”:“error”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {"path":"/.kibana/_search","query":{"ignore_unavailable":true,"filter_path":"aggregations.types.buckets"},"body":"{\"size\":0,\"query\":{\"terms\":{\"type\":[\"dashboard\",\"visualization\",\"search\",\"index-pattern\",\"graph-workspace\",\"timelion-sheet\"]}},\"aggs\":{\"types\":{\"terms\":{\"field\":\"type\",\"size\":6}}}}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“Authentication Exception”}
{“type”:“log”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {"path":"/.kibana/doc/config%3A6.4.2","query":{},"statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“Authentication Exception”}
{“type”:“log”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“error”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“level”:“error”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {"path":"/.reporting-*/_search","query":{"filter_path":"hits.total,aggregations.jobTypes.buckets,aggregations.objectTypes.buckets,aggregations.layoutTypes.buckets,aggregations.statusTypes.buckets"},"body":"{\"size\":0,\"aggs\":{\"jobTypes\":{\"terms\":{\"field\":\"jobtype\",\"size\":2}},\"objectTypes\":{\"terms\":{\"field\":\"meta.objectType.keyword\",\"size\":3}},\"layoutTypes\":{\"terms\":{\"field\":\"meta.layout.keyword\",\"size\":3}},\"statusTypes\":{\"terms\":{\"field\":\"status\",\"size\":4}}}}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:111:20)\n at IncomingMessage.emit (events.js:208:7)\n at endReadableNT (_stream_readable.js:1064:12)\n at _combinedTickCallback (internal/process/next_tick.js:138:11)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“Authentication Exception”}
{“type”:“log”,“@timestamp”:“2019-01-17T17:14:36Z”,“tags”:[“warning”,“stats-collection”],“pid”:295,“message”:“Unable to fetch data from reporting collector”}
- Other installed Elasticsearch or Kibana plugins, if any
none