Search Guard for Elasticsearch 2 is coming Februar 2016
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1
···
Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb info@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016
Unfortunately, it does not want to work for me
Spent a lot of time trying though.
Any idea why the handshake is not happening?
Thanx,
–mike
···
This is alpha software, do not use in production
[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting …
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)
Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1
Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016
set
searchguard.ssl.transport.enforce_hostname_verification: false
and/or disable open ssl
searchguard.ssl.transport.enable_openssl_if_available: false
BTW: Thats a very old OpenSSL version you're using
···
Am 08.01.2016 um 16:20 schrieb Mike Niemaz <mike.niemaz@gmail.com>:
Unfortunately, it does not want to work for me
Spent a lot of time trying though.
Any idea why the handshake is not happening?Thanx,
--mike
************************************************
This is alpha software, do not use in production
************************************************
[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting ...
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e5978f1d-973d-4ab3-86ae-1d27310cb58a%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
seems thats a netty issue: SSLPeerUnverifiedException: peer not verified when using OpenSSL provider · Issue #4722 · netty/netty · GitHub
···
Am 13.01.2016 um 22:14 schrieb SG <info@search-guard.com>:
set
searchguard.ssl.transport.enforce_hostname_verification: false
and/or disable open ssl
searchguard.ssl.transport.enable_openssl_if_available: false
BTW: Thats a very old OpenSSL version you're using
Am 08.01.2016 um 16:20 schrieb Mike Niemaz <mike.niemaz@gmail.com>:
Unfortunately, it does not want to work for me
Spent a lot of time trying though.
Any idea why the handshake is not happening?Thanx,
--mike
************************************************
This is alpha software, do not use in production
************************************************
[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting ...
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e5978f1d-973d-4ab3-86ae-1d27310cb58a%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9BE722E7-FD5F-4CA1-B375-5D15ACE84AB3%40search-guard.com\.
For more options, visit https://groups.google.com/d/optout\.
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
···
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
···
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh <dimitri.missoh@gmail.com>:
I'm giving a try to the alpha in the context of a big project here in Germany (I'm using ES 2.1.0).
I couldn't manage to make it work (expect the search-guard-ssl plugin which works fine). The error "[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized" is thrown for each request, and there is not a clue on how to solve it.
I know it's an open source project but it's a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
When in February? Beginning, middle, end of February?
Thanks,
Gabe
···
On Saturday, December 12, 2015 at 2:00:50 PM UTC-6, in...@search-guard.com wrote:
Search Guard for Elasticsearch 2 is coming Februar 2016
assume end of february
···
Am Dienstag, 26. Januar 2016 19:48:41 UTC+1 schrieb Gabe N:
When in February? Beginning, middle, end of February?
Thanks,
Gabe
On Saturday, December 12, 2015 at 2:00:50 PM UTC-6, in...@search-guard.com wrote:
Search Guard for Elasticsearch 2 is coming Februar 2016
Hi everyone,
I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !
Now i need use the sgadmin.sh script but keystore and trustore are needed ?
Can i use the kirk or spock keystore but how generate the trustore ?
Regards,
···
Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi,
Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:
- “CN=kirk,OU=client,O=client,l=tEst, C=De”
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
Start elasticsearch
Go into /usr/share/elasticsearch
Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.
Hope that helps,
Ronny B.
···
On Mon, Mar 21, 2016 at 10:26 PM, apino.superviseur@gmail.com wrote:
Hi everyone,
I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !
Now i need use the sgadmin.sh script but keystore and trustore are needed ?
Can i use the kirk or spock keystore but how generate the trustore ?
Regards,
Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Evening guys,
Thanks for help but it doesn’t work. I can’t unserstand how it could work :
-
passwords and aliases are needed but i added the lines in elasticsearch.yml.
-
for sgadmin, keystore.jks is not found, so i use node-01-keystore.jks copied in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
-
keystore and truststore password are needed but you can add them :
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -kspass ks_password -ts plugins/search-guard-2/sgconfig/truststore.jks -tspass ts_password -nhnv
Then sgadmin start but a new warning appear :
[WARN ] org.elasticsearch.client.transport - [Ramshot] node {#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300} not part of the cluster Cluster [elasticsearch], ignoring…
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300}]]
Any ideas ?
···
Le mardi 22 mars 2016 15:17:23 UTC+1, Ronny Bradston a écrit :
Hi,
Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:
- “CN=kirk,OU=client,O=client,l=tEst, C=De”
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
Start elasticsearch
Go into /usr/share/elasticsearch
Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.
Hope that helps,
Ronny B.
On Mon, Mar 21, 2016 at 10:26 PM, apino.su...@gmail.com wrote:
Hi everyone,
I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !
Now i need use the sgadmin.sh script but keystore and trustore are needed ?
Can i use the kirk or spock keystore but how generate the trustore ?
Regards,
Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
There is now also a Vagrantfile for SG https://github.com/floragunncom/search-guard/blob/2.2/Vagrantfile
···
Am Dienstag, 22. März 2016 23:40:32 UTC+1 schrieb a....ur@gmail.com:
Evening guys,
Thanks for help but it doesn’t work. I can’t unserstand how it could work :
- passwords and aliases are needed but i added the lines in elasticsearch.yml.
- for sgadmin, keystore.jks is not found, so i use node-01-keystore.jks copied in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
- keystore and truststore password are needed but you can add them :
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -kspass ks_password -ts plugins/search-guard-2/sgconfig/truststore.jks -tspass ts_password -nhnv
Then sgadmin start but a new warning appear :
[WARN ] org.elasticsearch.client.transport - [Ramshot] node {#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300} not part of the cluster Cluster [elasticsearch], ignoring…
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300}]]
Any ideas ?
Le mardi 22 mars 2016 15:17:23 UTC+1, Ronny Bradston a écrit :
Hi,
Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:
- “CN=kirk,OU=client,O=client,l=tEst, C=De”
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
Start elasticsearch
Go into /usr/share/elasticsearch
Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.
Hope that helps,
Ronny B.
On Mon, Mar 21, 2016 at 10:26 PM, apino.su...@gmail.com wrote:
Hi everyone,
I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !
Now i need use the sgadmin.sh script but keystore and trustore are needed ?
Can i use the kirk or spock keystore but how generate the trustore ?
Regards,
Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Did you ever manage to get this issue resolved ? I’m having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:
[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
Therefore I’m not able to execute this step
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
The Manual that I’m using is
I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log
[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv
Connect to elasticsearch.localdomain:9300
[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring…
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav
at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)
Kind Regards,
John
···
Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No, I’m sorry I did not. I just gave up and implemented my own security plugin instead.
And the current version of search guard doesn’t support DLS what I actually need.
Regards,
Dimitri.
···
On Fri, 22 Apr 2016 at 12:35, John Bakker johnbakker@gmail.com wrote:
Did you ever manage to get this issue resolved ? I’m having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:
[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
Therefore I’m not able to execute this step
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv
The Manual that I’m using is
I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log
[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv
Connect to elasticsearch.localdomain:9300
[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring…
Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav
at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)
Kind Regards,
John
Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:
Hi Dimitri,
did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?
Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:
I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).
I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.
I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi John, Hi Dimitri,
sorry to hear that.
Pls. check the vagrant demo to see a working installation: https://github.com/floragunncom/search-guard/blob/master/Vagrantfile
@Dimitri: We are interested in your DLS implementation, maybe you want share your thoughts with us?
Thx
···
Am 22.04.2016 um 21:46 schrieb Dimitri Missoh <dimitri.missoh@gmail.com>:
No, I'm sorry I did not. I just gave up and implemented my own security plugin instead.
And the current version of search guard doesn't support DLS what I actually need.Regards,
Dimitri.
On Fri, 22 Apr 2016 at 12:35, John Bakker <johnbakker@gmail.com> wrote:
Did you ever manage to get this issue resolved ? I'm having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
Therefore I'm not able to execute this step
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnvThe Manual that I'm using is
GitHub - floragunncom/search-guard: Search Guard Plugin - Security for Elasticsearch
I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log
[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv
Connect to elasticsearch.localdomain:9300
[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring...
Exception in thread "main" NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav
at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)Kind Regards,
John
Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:
Hi Dimitri,did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?Thanks
Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh <dimitri...@gmail.com>:
I'm giving a try to the alpha in the context of a big project here in Germany (I'm using ES 2.1.0).
I couldn't manage to make it work (expect the search-guard-ssl plugin which works fine). The error "[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized" is thrown for each request, and there is not a clue on how to solve it.
I know it's an open source project but it's a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).
Cheers.
Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAJxY_m%2BPTiTZ%3Dx_n0GbmgwqU1K65WEaMx4jvMj%2BdcC6oE4JAow%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.