Search Guard 2 with Search Guard SSL (Elasticsearch 2.2.0): No such keystore file /etc/elasticsearch

m0numentum · March 2, 2016, 10:08am

Hello everyone.

I’ve an issue when configuring Search Guard 2 for Elasticsearch 2.2.0.

When I start Elasticsearch, I meet this error:

[2016-03-02 10:19:25,767][ERROR][bootstrap ] Exception
ElasticsearchException[No such keystore file /etc/elasticsearch]
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:162)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.(SearchGuardKeyStore.java:130)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:113)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.(Node.java:166)
at org.elasticsearch.node.Node.(Node.java:128)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:145)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

Here is my configuration in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/elasticsearch.yml:

searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.keystore_alias: node-1
searchguard.ssl.transport.keystore_password: azerty

searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca
searchguard.ssl.transport.truststore_password: azerty
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: true

Furthermore, I have a doubt on the configuration file has to be edited.
If I put those lines in /etc/elasticsearch/elasticsearch.yml, Elasticsearch doesn’t start anymore. So I don’t know which configuration file I have to edit to make it right.

Thank you very much for your help.

m0numentum · March 2, 2016, 10:13am

Hello everyone.

I’ve an issue when configuring Search Guard 2 for Elasticsearch 2.2.0.

When I start Elasticsearch, I meet this error:

[2016-03-02 10:19:25,767][ERROR][bootstrap ] Exception
ElasticsearchException[No such keystore file /etc/elasticsearch]
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:162)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.(SearchGuardKeyStore.java:130)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:113)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.(Node.java:166)
at org.elasticsearch.node.Node.(Node.java:128)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:145)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

Here is my configuration in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/elasticsearch.yml:

searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.keystore_alias: node-1
searchguard.ssl.transport.keystore_password: azerty

searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca
searchguard.ssl.transport.truststore_password: azerty
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: true

Furthermore, I have a doubt on the configuration file has to be edited.
If I put those lines in /etc/elasticsearch/elasticsearch.yml, Elasticsearch doesn’t start anymore. So I don’t know which configuration file I have to edit to make it right.

The keystore and the trutstore files are located in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig and /etc/elasticsearch/ both to make sure it doesn’t make any problem.

···

Le mercredi 2 mars 2016 11:08:51 UTC+1, m0numentum a écrit :

Thank you very much for your help.

Daniil_Svetlov · March 2, 2016, 4:40pm

Hello!

You need to add SG configuration lines in /etc/elasticsearch/elasticsearch.yml

Just place your truststore and keystore in /etc/elasticsearch/

Look at first line “ElasticsearchException[No such keystore file /etc/elasticsearch]”.

···

среда, 2 марта 2016 г., 13:08:51 UTC+3 пользователь m0numentum написал:

Hello everyone.

I’ve an issue when configuring Search Guard 2 for Elasticsearch 2.2.0.

When I start Elasticsearch, I meet this error:

[2016-03-02 10:19:25,767][ERROR][bootstrap ] Exception
ElasticsearchException[No such keystore file /etc/elasticsearch]
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:162)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.(SearchGuardKeyStore.java:130)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:113)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.(Node.java:166)
at org.elasticsearch.node.Node.(Node.java:128)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:145)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

Here is my configuration in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/elasticsearch.yml:

searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.keystore_alias: node-1
searchguard.ssl.transport.keystore_password: azerty

searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca
searchguard.ssl.transport.truststore_password: azerty
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: true

Furthermore, I have a doubt on the configuration file has to be edited.
If I put those lines in /etc/elasticsearch/elasticsearch.yml, Elasticsearch doesn’t start anymore. So I don’t know which configuration file I have to edit to make it right.

Thank you very much for your help.

Topic		Replies	Views
ES 2.2.0 - Just SearchGuard with out SSL Search Guard	1	350	February 26, 2016
search-guard-2 not working with ES 2.3.1 Search Guard	2	481	June 27, 2016
Search guard config Search Guard	8	1030	December 13, 2018
Search Guard SSL Search Guard	2	477	July 23, 2018
Missing file keystore.jks Search Guard	2	443	April 21, 2016

Search Guard 2 with Search Guard SSL (Elasticsearch 2.2.0): No such keystore file /etc/elasticsearch

Related topics