Removing Search-guard

Search Guard
1

Hello there,

I need to remove search-guard, I did the following:

  1. Stopped full cluster.

  2. Renamed the plugins/search-guard-6 folder to a different name

  3. Deleted all Search Guard configuration from elasticsearch.yml.

However, when I restarted elasticseach node, I got:

[2018-09-24T14:18:58,003][INFO ][o.e.n.Node ] [node-01] JVM arguments [-Xms4g, -Xmx4g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.XwrTMNAk, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm]

[2018-09-24T14:19:01,750][INFO ][c.f.s.SearchGuardPlugin ] ES Config path is /etc/elasticsearch

[2018-09-24T14:19:02,188][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 (268443839) available

[2018-09-24T14:19:02,197][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively

[2018-09-24T14:19:02,281][ERROR][o.e.b.Bootstrap ] Exception

java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]

at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:701) ~[elasticsearch-6.3.2.jar:6.3.2]

at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:643) ~[elasticsearch-6.3.2.jar:6.3.2]

at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.2.jar:6.3.2]

at org.elasticsearch.plugins.PluginsService.(PluginsService.java:162) ~[elasticsearch-6.3.2.jar:6.3.2]

Please help on how to remove search-guard cleanly so we can do an reinstall…

I attached the elasticsearch.log and elasticsearch.yml

Thank you in advance

Li

elasticsearch-1.log (12 KB)

dev-elastic-no-sg.yml (2.87 KB)

2
···

Am 24.09.2018 um 22:11 schrieb Li Cui <lcuicsc@gmail.com>:

Hello there,

I need to remove search-guard, I did the following:

0. Stopped full cluster.
1. Renamed the plugins/search-guard-6 folder to a different name
2. Deleted all Search Guard configuration from elasticsearch.yml.

However, when I restarted elasticseach node, I got:

[2018-09-24T14:18:58,003][INFO ][o.e.n.Node ] [node-01] JVM arguments [-Xms4g, -Xmx4g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.XwrTMNAk, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm]
[2018-09-24T14:19:01,750][INFO ][c.f.s.SearchGuardPlugin ] ES Config path is /etc/elasticsearch
[2018-09-24T14:19:02,188][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 (268443839) available
[2018-09-24T14:19:02,197][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively
[2018-09-24T14:19:02,281][ERROR][o.e.b.Bootstrap ] Exception
java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:701) ~[elasticsearch-6.3.2.jar:6.3.2]
        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:643) ~[elasticsearch-6.3.2.jar:6.3.2]
        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.2.jar:6.3.2]
        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:162) ~[elasticsearch-6.3.2.jar:6.3.2]

....

Please help on how to remove search-guard cleanly so we can do an reinstall...

I attached the elasticsearch.log and elasticsearch.yml

Thank you in advance

Li

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9cb2154b-3c7e-417c-86b9-a1927d39c186%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
<elasticsearch-1.log><dev-elastic-no-sg.yml>

3

Yes, I did follow the instruction in the link
https://docs.search-guard.com/latest/disabling-removing-search-guard#disabling-or-removing-search-guard.
Please review the attached elasticsearch.yml… Also, I did renamed the search-guard plugins directory to a different name.

Removed all certificates and pem files from /etc/elasticsearch directory…

Still can not start elasticsearch… please take review the attached files and help…

Thanks in advance

Li

···

On Mon, Sep 24, 2018 at 3:16 PM SG info@search-guard.com wrote:

https://docs.search-guard.com/latest/disabling-removing-search-guard#disabling-or-removing-search-guard

Am 24.09.2018 um 22:11 schrieb Li Cui lcuicsc@gmail.com:

Hello there,

I need to remove search-guard, I did the following:

  1. Stopped full cluster.
  1. Renamed the plugins/search-guard-6 folder to a different name
  1. Deleted all Search Guard configuration from elasticsearch.yml.

However, when I restarted elasticseach node, I got:

[2018-09-24T14:18:58,003][INFO ][o.e.n.Node ] [node-01] JVM arguments [-Xms4g, -Xmx4g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.XwrTMNAk, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm]

[2018-09-24T14:19:01,750][INFO ][c.f.s.SearchGuardPlugin ] ES Config path is /etc/elasticsearch

[2018-09-24T14:19:02,188][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 (268443839) available

[2018-09-24T14:19:02,197][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively

[2018-09-24T14:19:02,281][ERROR][o.e.b.Bootstrap ] Exception

java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]

    at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:701) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:643) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:162) ~[elasticsearch-6.3.2.jar:6.3.2]

Please help on how to remove search-guard cleanly so we can do an reinstall…

I attached the elasticsearch.log and elasticsearch.yml

Thank you in advance

Li

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9cb2154b-3c7e-417c-86b9-a1927d39c186%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<elasticsearch-1.log><dev-elastic-no-sg.yml>

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/C524F3A4-3D84-4314-9FD4-7C5A6CEE3263%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.

4

I think I figured out, I had to totally remove the search-guard-6 directory from ./plugins/… renaming this search-guard-6 directory won’t work…
Just for someone who might hit the same issue going forward…

Thanks, please close this case.

···

On Mon, Sep 24, 2018 at 3:28 PM Li Cui lcuicsc@gmail.com wrote:

Yes, I did follow the instruction in the link
https://docs.search-guard.com/latest/disabling-removing-search-guard#disabling-or-removing-search-guard.
Please review the attached elasticsearch.yml… Also, I did renamed the search-guard plugins directory to a different name.

Removed all certificates and pem files from /etc/elasticsearch directory…

Still can not start elasticsearch… please take review the attached files and help…

Thanks in advance

Li

On Mon, Sep 24, 2018 at 3:16 PM SG info@search-guard.com wrote:

https://docs.search-guard.com/latest/disabling-removing-search-guard#disabling-or-removing-search-guard

Am 24.09.2018 um 22:11 schrieb Li Cui lcuicsc@gmail.com:

Hello there,

I need to remove search-guard, I did the following:

  1. Stopped full cluster.
  1. Renamed the plugins/search-guard-6 folder to a different name
  1. Deleted all Search Guard configuration from elasticsearch.yml.

However, when I restarted elasticseach node, I got:

[2018-09-24T14:18:58,003][INFO ][o.e.n.Node ] [node-01] JVM arguments [-Xms4g, -Xmx4g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.XwrTMNAk, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm]

[2018-09-24T14:19:01,750][INFO ][c.f.s.SearchGuardPlugin ] ES Config path is /etc/elasticsearch

[2018-09-24T14:19:02,188][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 (268443839) available

[2018-09-24T14:19:02,197][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively

[2018-09-24T14:19:02,281][ERROR][o.e.b.Bootstrap ] Exception

java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]

    at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:701) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:643) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.2.jar:6.3.2]

    at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:162) ~[elasticsearch-6.3.2.jar:6.3.2]

Please help on how to remove search-guard cleanly so we can do an reinstall…

I attached the elasticsearch.log and elasticsearch.yml

Thank you in advance

Li

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9cb2154b-3c7e-417c-86b9-a1927d39c186%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<elasticsearch-1.log><dev-elastic-no-sg.yml>

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/C524F3A4-3D84-4314-9FD4-7C5A6CEE3263%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.