Search Guard for Elasticsearch 2 is coming Februar 2016

Search Guard for Elasticsearch 2 is coming Februar 2016

first alpha released https://github.com/floragunncom/search-guard/tree/master2.1

···

Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb info@search-guard.com:

Search Guard for Elasticsearch 2 is coming Februar 2016

Unfortunately, it does not want to work for me :frowning:
Spent a lot of time trying though.
Any idea why the handshake is not happening?

Thanx,

–mike

···

This is alpha software, do not use in production


[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting …
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)

Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :

first alpha released https://github.com/floragunncom/search-guard/tree/master2.1

Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:

Search Guard for Elasticsearch 2 is coming Februar 2016

set

searchguard.ssl.transport.enforce_hostname_verification: false

and/or disable open ssl

searchguard.ssl.transport.enable_openssl_if_available: false

BTW: Thats a very old OpenSSL version you're using

···

Am 08.01.2016 um 16:20 schrieb Mike Niemaz <mike.niemaz@gmail.com>:

Unfortunately, it does not want to work for me :frowning:
Spent a lot of time trying though.
Any idea why the handshake is not happening?

Thanx,

--mike

************************************************
This is alpha software, do not use in production
************************************************
[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting ...
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
    at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)

Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1

Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e5978f1d-973d-4ab3-86ae-1d27310cb58a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

seems thats a netty issue: https://github.com/netty/netty/issues/4722

···

Am 13.01.2016 um 22:14 schrieb SG <info@search-guard.com>:

set

searchguard.ssl.transport.enforce_hostname_verification: false

and/or disable open ssl

searchguard.ssl.transport.enable_openssl_if_available: false

BTW: Thats a very old OpenSSL version you're using

Am 08.01.2016 um 16:20 schrieb Mike Niemaz <mike.niemaz@gmail.com>:

Unfortunately, it does not want to work for me :frowning:
Spent a lot of time trying though.
Any idea why the handshake is not happening?

Thanx,

--mike

************************************************
This is alpha software, do not use in production
************************************************
[2016-01-08 16:05:37,447][INFO ][plugins ] [Alcmena] loaded [search-guard-ssl, search-guard-2], sites [head]
[2016-01-08 16:05:37,464][INFO ][env ] [Alcmena] using [1] data paths, mounts [[/home/mike (/home/mike/.Private)]], net usable_space [85.9gb], net total_space [149.2gb], spins? [possibly], types [ecryptfs]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.1f 6 Jan 2014 available
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL available ciphers [ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, SRP-DSS-AES-256-CBC-SHA, SRP-RSA-AES-256-CBC-SHA, SRP-AES-256-CBC-SHA, DHE-DSS-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA256, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, AECDH-AES256-SHA, ADH-AES256-GCM-SHA384, ADH-AES256-SHA256, ADH-AES256-SHA, ADH-CAMELLIA256-SHA, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, CAMELLIA256-SHA, PSK-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, SRP-DSS-3DES-EDE-CBC-SHA, SRP-RSA-3DES-EDE-CBC-SHA, SRP-3DES-EDE-CBC-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, AECDH-DES-CBC3-SHA, ADH-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-DES-CBC3-SHA, DES-CBC3-SHA, PSK-3DES-EDE-CBC-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, SRP-DSS-AES-128-CBC-SHA, SRP-RSA-AES-128-CBC-SHA, SRP-AES-128-CBC-SHA, DHE-DSS-AES128-GCM-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-DSS-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, AECDH-AES128-SHA, ADH-AES128-GCM-SHA256, ADH-AES128-SHA256, ADH-AES128-SHA, ADH-SEED-SHA, ADH-CAMELLIA128-SHA, ECDH-RSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA, ECDH-ECDSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, PSK-AES128-CBC-SHA, ECDHE-RSA-RC4-SHA, ECDHE-ECDSA-RC4-SHA, AECDH-RC4-SHA, ADH-RC4-MD5, ECDH-RSA-RC4-SHA, ECDH-ECDSA-RC4-SHA, RC4-SHA, RC4-MD5, PSK-RC4-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA, ADH-DES-CBC-SHA, DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-ADH-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-ADH-RC4-MD5, EXP-RC4-MD5]
[2016-01-08 16:05:37,522][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL ALPN supported false
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportClientProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslTransportServerProvider:OPENSSL
[2016-01-08 16:05:37,540][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] sslHTTPProvider:null
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isOpenSSL:true
[2016-01-08 16:05:37,576][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] isJDKSSL:false
[2016-01-08 16:05:37,804][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2016-01-08 16:05:37,805][INFO ][transport ] [Alcmena] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2016-01-08 16:05:38,669][INFO ][node ] [Alcmena] initialized
[2016-01-08 16:05:38,670][INFO ][node ] [Alcmena] starting ...
[2016-01-08 16:05:38,743][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Alcmena] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2016-01-08 16:05:38,749][DEBUG][action.admin.cluster.health] [Alcmena] no known master node, scheduling a retry
[2016-01-08 16:05:38,749][INFO ][discovery ] [Alcmena] elasticsearch/0MAXxFqgRaq3rYT2-sBoYw
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake status: NOT_HANDSHAKING
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : handshake session: io.netty.handler.ssl.OpenSslEngine$OpenSslSession@7c5f9760
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer host: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : peer port: -1
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : task: null
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : sup protocols nb: 6
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : mode: false
[2016-01-08 16:05:38,946][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] SslHandler found : protocol: TLSv1.2
[2016-01-08 16:05:38,947][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor] Can not verify SSL peer (SG 13) due to javax.net.ssl.SSLPeerUnverifiedException: peer not verified
javax.net.ssl.SSLPeerUnverifiedException: peer not verified
   at io.netty.handler.ssl.OpenSslEngine$OpenSslSession.getPeerCertificates(OpenSslEngine.java:1626)

Le lundi 28 décembre 2015 02:13:33 UTC+1, in...@search-guard.com a écrit :
first alpha released https://github.com/floragunncom/search-guard/tree/master2.1

Am Samstag, 12. Dezember 2015 21:00:50 UTC+1 schrieb in...@search-guard.com:
Search Guard for Elasticsearch 2 is coming Februar 2016

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e5978f1d-973d-4ab3-86ae-1d27310cb58a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9BE722E7-FD5F-4CA1-B375-5D15ACE84AB3%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

···

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

···

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh <dimitri.missoh@gmail.com>:

I'm giving a try to the alpha in the context of a big project here in Germany (I'm using ES 2.1.0).

I couldn't manage to make it work (expect the search-guard-ssl plugin which works fine). The error "[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized" is thrown for each request, and there is not a clue on how to solve it.

I know it's an open source project but it's a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

When in February? Beginning, middle, end of February?

Thanks,

Gabe

···

On Saturday, December 12, 2015 at 2:00:50 PM UTC-6, in...@search-guard.com wrote:

Search Guard for Elasticsearch 2 is coming Februar 2016

assume end of february

···

Am Dienstag, 26. Januar 2016 19:48:41 UTC+1 schrieb Gabe N:

When in February? Beginning, middle, end of February?

Thanks,

Gabe

On Saturday, December 12, 2015 at 2:00:50 PM UTC-6, in...@search-guard.com wrote:

Search Guard for Elasticsearch 2 is coming Februar 2016

Hi everyone,

I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !

Now i need use the sgadmin.sh script but keystore and trustore are needed ?

Can i use the kirk or spock keystore but how generate the trustore ?

Regards,

···

Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi,

Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:

  • “CN=kirk,OU=client,O=client,l=tEst, C=De”
    searchguard.ssl.transport.enabled: true
    searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
    searchguard.ssl.transport.truststore_filepath: truststore.jks

Start elasticsearch

Go into /usr/share/elasticsearch

Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.

Hope that helps,

Ronny B.

···

On Mon, Mar 21, 2016 at 10:26 PM, apino.superviseur@gmail.com wrote:

Hi everyone,

I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !

Now i need use the sgadmin.sh script but keystore and trustore are needed ?

Can i use the kirk or spock keystore but how generate the trustore ?

Regards,

Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Evening guys,

Thanks for help but it doesn’t work. I can’t unserstand how it could work :

  • passwords and aliases are needed but i added the lines in elasticsearch.yml.

  • for sgadmin, keystore.jks is not found, so i use node-01-keystore.jks copied in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/

  • keystore and truststore password are needed but you can add them :

plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -kspass ks_password -ts plugins/search-guard-2/sgconfig/truststore.jks -tspass ts_password -nhnv

Then sgadmin start but a new warning appear :

[WARN ] org.elasticsearch.client.transport - [Ramshot] node {#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300} not part of the cluster Cluster [elasticsearch], ignoring…

Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300}]]

Any ideas ?

···

Le mardi 22 mars 2016 15:17:23 UTC+1, Ronny Bradston a écrit :

Hi,

Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:

  • “CN=kirk,OU=client,O=client,l=tEst, C=De”
    searchguard.ssl.transport.enabled: true
    searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
    searchguard.ssl.transport.truststore_filepath: truststore.jks

Start elasticsearch

Go into /usr/share/elasticsearch

Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.

Hope that helps,

Ronny B.

On Mon, Mar 21, 2016 at 10:26 PM, apino.su...@gmail.com wrote:

Hi everyone,

I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !

Now i need use the sgadmin.sh script but keystore and trustore are needed ?

Can i use the kirk or spock keystore but how generate the trustore ?

Regards,

Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

There is now also a Vagrantfile for SG https://github.com/floragunncom/search-guard/blob/2.2/Vagrantfile

···

Am Dienstag, 22. März 2016 23:40:32 UTC+1 schrieb a....ur@gmail.com:

Evening guys,

Thanks for help but it doesn’t work. I can’t unserstand how it could work :

  • passwords and aliases are needed but i added the lines in elasticsearch.yml.
  • for sgadmin, keystore.jks is not found, so i use node-01-keystore.jks copied in /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/
  • keystore and truststore password are needed but you can add them :

plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -kspass ks_password -ts plugins/search-guard-2/sgconfig/truststore.jks -tspass ts_password -nhnv

Then sgadmin start but a new warning appear :

[WARN ] org.elasticsearch.client.transport - [Ramshot] node {#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300} not part of the cluster Cluster [elasticsearch], ignoring…

Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{localhost/127.0.0.1:9300}]]

Any ideas ?

Le mardi 22 mars 2016 15:17:23 UTC+1, Ronny Bradston a écrit :

Hi,

Here is a simple configuration, I did and it worked:
Install search-guard ssl and search-guard plugins
Copy /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks and /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks into /etc/elasticsearch
Edit your /etc/elasticsearch/elasticsearch.yml as follow:
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:

  • “CN=kirk,OU=client,O=client,l=tEst, C=De”
    searchguard.ssl.transport.enabled: true
    searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
    searchguard.ssl.transport.truststore_filepath: truststore.jks

Start elasticsearch

Go into /usr/share/elasticsearch

Initialize searchguard as follow:
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

If everything works fine, searchguard index will be created and every user defined in /usr/share/elasticsearch/sgconfig/sg_internal_users.yml will be also created.

Hope that helps,

Ronny B.

On Mon, Mar 21, 2016 at 10:26 PM, apino.su...@gmail.com wrote:

Hi everyone,

I follow the instructions but i’m a bit lost : i use the vagrant scripts to generate keystore and trustore for transport ssl. That’s ok !

Now i need use the sgadmin.sh script but keystore and trustore are needed ?

Can i use the kirk or spock keystore but how generate the trustore ?

Regards,

Le jeudi 21 janvier 2016 22:07:36 UTC+1, in...@search-guard.com a écrit :

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2928f921-79f0-4e49-8059-48bd23e6c4cd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Did you ever manage to get this issue resolved ? I’m having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:

[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized

Therefore I’m not able to execute this step

plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

The Manual that I’m using is

I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log

[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv

Connect to elasticsearch.localdomain:9300

[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring…

Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav

at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)

at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)

at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)

Kind Regards,

John

···

Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

No, I’m sorry I did not. I just gave up and implemented my own security plugin instead.
And the current version of search guard doesn’t support DLS what I actually need.

Regards,

Dimitri.

···

On Fri, 22 Apr 2016 at 12:35, John Bakker johnbakker@gmail.com wrote:

Did you ever manage to get this issue resolved ? I’m having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:

[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized

Therefore I’m not able to execute this step

plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

The Manual that I’m using is

https://github.com/floragunncom/search-guard

I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log

[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv

Connect to elasticsearch.localdomain:9300

[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring…

Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav

at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)

at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)

at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)

Kind Regards,

John

Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:

Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1

Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh dimitri...@gmail.com:

I’m giving a try to the alpha in the context of a big project here in Germany (I’m using ES 2.1.0).

I couldn’t manage to make it work (expect the search-guard-ssl plugin which works fine). The error “[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized” is thrown for each request, and there is not a clue on how to solve it.

I know it’s an open source project but it’s a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :

Search Guard for Elasticsearch 2 is coming Februar 2016


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi John, Hi Dimitri,

sorry to hear that.

Pls. check the vagrant demo to see a working installation: https://github.com/floragunncom/search-guard/blob/master/Vagrantfile

@Dimitri: We are interested in your DLS implementation, maybe you want share your thoughts with us?

Thx

···

Am 22.04.2016 um 21:46 schrieb Dimitri Missoh <dimitri.missoh@gmail.com>:

No, I'm sorry I did not. I just gave up and implemented my own security plugin instead.
And the current version of search guard doesn't support DLS what I actually need.

Regards,

Dimitri.
On Fri, 22 Apr 2016 at 12:35, John Bakker <johnbakker@gmail.com> wrote:
Did you ever manage to get this issue resolved ? I'm having exactly the same issue, when starting my elasticsearch cluster it gives me the following error:

[2016-04-21 08:30:50,817][WARN ][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized

Therefore I'm not able to execute this step
plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ -ks plugins/search-guard-2/sgconfig/keystore.jks -ts plugins/search-guard-2/sgconfig/truststore.jks -nhnv

The Manual that I'm using is

https://github.com/floragunncom/search-guard

I already created a CA signed server certificate, added it to my keystore and all, but in the step when I want to run the initial configuration it is failing. with the following message in console, and the error above in my elasticsearch cluster log

[root@elasticsearch elasticsearch]# plugins/search-guard-2/tools/sgadmin.sh -cd plugins/search-guard-2/sgconfig/ csearch-keystore.jks -kspass elastic -ts /etc/elasticsearch/elasticsearch-truststore.ts -tspass elastic -host ela9300 -nhnv
Connect to elasticsearch.localdomain:9300
[08:34:31,181][WARN ] org.elasticsearch.client.transport - [Comet Man] node {#transport#-1}{192.168.168.149}{elas.168.149:9300} not part of the cluster Cluster [elasticsearch], ignoring...
Exception in thread "main" NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{h.localdomain/192.168.168.149:9300}]]
       at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClient
       at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.jav
       at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
       at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
       at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
       at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
       at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:848)
       at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:868)
       at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:137)

Kind Regards,

John

Op donderdag 21 januari 2016 22:07:36 UTC+1 schreef in...@search-guard.com:
Hi Dimitri,

did you follow the instructions here?: https://github.com/floragunncom/search-guard/tree/master2.1
Have you pushed your initial configuration via plugins/search-guard-2/tools/sgadmin.sh ?

Thanks

Am 21.01.2016 um 10:41 schrieb Dimitri K. E. Missoh <dimitri...@gmail.com>:

I'm giving a try to the alpha in the context of a big project here in Germany (I'm using ES 2.1.0).

I couldn't manage to make it work (expect the search-guard-ssl plugin which works fine). The error "[com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized" is thrown for each request, and there is not a clue on how to solve it.

I know it's an open source project but it's a pity that no resource is provided (in the documentation) on how to easily test it (like ES Shield does).

Cheers.

Le samedi 12 décembre 2015 21:00:50 UTC+1, in...@search-guard.com a écrit :
Search Guard for Elasticsearch 2 is coming Februar 2016

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf7b9888-9640-4e3f-99c2-da3649251799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAJxY_m%2BPTiTZ%3Dx_n0GbmgwqU1K65WEaMx4jvMj%2BdcC6oE4JAow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.