Hi
I am trying to setup searchguard with ES2.3.3. As per the documentation info I am able to create the certificates with provided example.sh script but unable to execute. It gives me error on executing the sgadmin.sh script as follows: (tried with localhost for IP and icl options as well without success).
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -cn ESDBA -h 10.236.133.186 -ks plugins/search-guard-2/sgconfig/node-0-keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
Connect to 10.236.133.186:9300
ERR: Cannot connect to elasticsearch. Please refer to elasticsearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{10.236.133.186}{10.236.133.186:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:290)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:207)
…
Whereas the cluster is up and running:
root@node-0:/usr/local/elasticsearch# curl -XGET ‘http://localhost:9200/_cluster/health?pretty=true’
{
“cluster_name” : “ESTEST-ANS”,
“status” : “green”,
“timed_out” : false,
…
I had modifled the root-ca.conf and signing-ca.conf with my info as below:
0.domainComponent = “dbplat.altus.bblabs.net”
organizationName = “ESDBA.”
organizationalUnitName = “ESDBA. Root CA”
commonName = “ESDBA. Root CA”
executing the script example.sh with these info generated required files and I am using the higlighted files in sgadmin commnd to run . Are these correct files to use for sgadmin ? If not which script generates files for sgadmin use for initial admin user configuration. (Do not have separate certificate to use).
-rw-r–r-- 1 root root 1143 Jul 13 19:07 node-0.csr
-rw-r–r-- 1 root root 4319 Jul 13 19:07 * node-0-keystore.jks*
-rw-r–r-- 1 root root 5076 Jul 13 19:07 node-0-keystore.p12
-rw-r–r-- 1 root root 1436 Jul 13 19:07 node-0-signed.pem
…
-rw-r–r-- 1 root root 4254 Jul 13 19:07 spock-keystore.jks
-rw-r–r-- 1 root root 5002 Jul 13 19:07 spock-keystore.p12
-rw-r–r-- 1 root root 1346 Jul 13 19:07 spock-signed.pem
-rw-r–r-- 1 root root 1032 Jul 13 19:07 * truststore.jks*Does the following entry in elasticsearch.yml file need to be made before ES startup and running sgadmin or after running sgadmin ?
searchguard.authcz.admin_dn:
- cn=admin,ou=Test,ou=ou,dc=company,dc=com
With bundled download it executes properly, but from the scripts/files it is using, it is not clear at which step files needed to run sgadmin
were created as the files are already existing in bundled distribution and example.sh contents are not identical between bundled
release and separately downloaded scripts from master.zip from GIT.
Am I missing some step ?
Thanks in advance for clarification.
Ajay