Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL)

Hi,

I have installed elasticsearch-2.3.4 in CentOS7: (Configuration is like: master, data and search nodes which share same binaries but different config files)

Architecture is: x86_64 GNU/Linux

And noticed that either search-guard or search-guard-ssl plugins are not available for this release.

I downloaded search-guard-ssl repository from GIT and modified the version to match ES-2.3.4. Well, its installed.

I ran ./examples.sh file for certificates and configured them for transport. So far no issues. I could able to see logs in Kibana, yet it says Open SSL not available in logs. When tried to access http://localhost:9200/_searchguard/sslinfo?pretty from browser, it was saying Open SSL is not available.

I also wanted to try https, so configured. But the elasticsearch_data logs, I have seen messages like: Someone speaks plaintext instead of ssl, will close the channel

So I really wanted to put my efforts to make search-guard-ssl to find OpenSSL, for that I followed, https://github.com/floragunncom/search-guard-ssl-docs/blob/master/openssl.md link. Since I couldn’t install tomcat and configure OpenSSL for that I have chosen static method. I downloaded netty-tcnative-1.1.33.Fork19-linux-x86_64.jar, placed in plugins/search-guard-ssl/ directory and renamed it to netty-tcnative-linux-x86_64.jar.

According to the OpenSSL documentation, OpenSSL should work doing so… but still I face the same error:

[com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty-tcnative-linux-x86_64, netty-tcnative-linux-x86_64-fedora, netty-tcnative]

Someone please help me to fix this. Is this because, search-guard-ssl was not compatible version to latest elasticsearch-2.3.4? Or anything subtle approach available to make this work?

Would be thankful for the help.

Regards,
Krishna

can you pls try netty-tcnative-1.1.33.Fork17-linux-x86_64-fedora.jar -> http://repo1.maven.org/maven2/io/netty/netty-tcnative/1.1.33.Fork17/netty-tcnative-1.1.33.Fork17-linux-x86_64-fedora.jar
(centos is fedora based)

···

Am 14.07.2016 um 18:10 schrieb SAI KRISHNA GHANTA <ghanta.saikrishna@gmail.com>:

Hi,

I have installed elasticsearch-2.3.4 in CentOS7: (Configuration is like: master, data and search nodes which share same binaries but different config files)

Architecture is: x86_64 GNU/Linux

And noticed that either search-guard or search-guard-ssl plugins are not available for this release.

I downloaded search-guard-ssl repository from GIT and modified the version to match ES-2.3.4. Well, its installed.

I ran ./examples.sh file for certificates and configured them for transport. So far no issues. I could able to see logs in Kibana, yet it says Open SSL not available in logs. When tried to access http://localhost:9200/_searchguard/sslinfo?pretty from browser, it was saying Open SSL is not available.

I also wanted to try https, so configured. But the elasticsearch_data logs, I have seen messages like: Someone speaks plaintext instead of ssl, will close the channel

So I really wanted to put my efforts to make search-guard-ssl to find OpenSSL, for that I followed, https://github.com/floragunncom/search-guard-ssl-docs/blob/master/openssl.md link. Since I couldn't install tomcat and configure OpenSSL for that I have chosen static method. I downloaded netty-tcnative-1.1.33.Fork19-linux-x86_64.jar, placed in plugins/search-guard-ssl/ directory and renamed it to netty-tcnative-linux-x86_64.jar.

According to the OpenSSL documentation, OpenSSL should work doing so.. but still I face the same error:

[com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty-tcnative-linux-x86_64, netty-tcnative-linux-x86_64-fedora, netty-tcnative]

Someone please help me to fix this. Is this because, search-guard-ssl was not compatible version to latest elasticsearch-2.3.4? Or anything subtle approach available to make this work?

Would be thankful for the help.

Regards,
Krishna

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/576ac652-d5f7-4dc0-8bf5-f92359a820d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.