If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.
**Elasticsearch version: 5.5.0
Server OS version: Windows 2012
Kibana version (if relevant):
**Browser version (if relevant): IE 11
Browser OS version (if relevant):
Describe the issue:
Search guard initialization fails with the below error:
sgadmin.bat --diagnose -ks "D:/Program Files/HPE/CSA/elasticsearch-5.5.0/config/CSAKS.jks" -kst JKS -kspass xxxx -ts "D:/Program Files/HPE/CSA/elasticsearch-5.5.0/config/CSATS.jks" -tst JKS -tspass xxxx -h xxxx.com -p 9300 -cd D:/Program Files/HPE/CSA/elasticsearch-5.5.0/plugins/elasticsearch/sgconfig" -arc -icl
ClusterHealthRequest:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{qKUaaqawSvGJCg0ZSWNpsQ}{xxxxx.com}{x.x.x.x:9300}]]
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:347)
at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:245)
at org.elasticsearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:59)
at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:363)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:397)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.execute(AbstractClient.java:724)
at org.elasticsearch.client.support.AbstractClient$ClusterAdmin.health(AbstractClient.java:746)
at com.floragunn.searchguard.tools.SearchGuardAdmin.generateDiagnoseTrace(SearchGuardAdmin.java:740)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:421)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:109)
The elastic search yaml entries are:
cluster.name: "csacluster"
#node.name: "node1"
#node.master: true
network.host: 0.0.0.0
transport.host: 0.0.0.0
http.port: 9201
transport.tcp.port: 9300
http.enabled: true
searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_password: xxxx
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_password: xxxx
searchguard.ssl.http.keystore_type: JKS
searchguard.ssl.http.keystore_password: xxxx
searchguard.ssl.http.truststore_type: JKS
searchguard.ssl.http.truststore_password: xxxx
path.data: D:\Program Files\xxxx/elasticsearch-5.5.0/data
path.logs: D:\Program Files\xxxx/elasticsearch-5.5.0/logs
discovery.zen.ping.unicast.hosts: ['xxxx.com']
searchguard.ssl.http.enabled: true
#searchguard.ssl.transport.enabled: false
searchguard.ssl.http.keystore_filepath: D:\Program Files\xxxx/elasticsearch-5.5.0/config/CSAKS.jks
#searchguard.ssl.http.keystore_password: xxxx
searchguard.ssl.http.truststore_filepath: D:\Program Files\xxxx\elasticsearch-5.5.0\config/cacerts
searchguard.ssl.transport.keystore_filepath: D:\Program Files\xxxx/elasticsearch-5.5.0/config/CSAKS.jks
searchguard.ssl.transport.truststore_filepath: D:\Program Files\xxxx\elasticsearch-5.5.0\config/cacerts
searchguard.ssl.transport.enforce_hostname_verification: false
bootstrap.system_call_filter: false
searchguard.authcz.admin_dn:
- CN=xxxx.com, OU=xxxx, O=xxxx, L=Newbury, ST=Berkshire, C=UK
There is only one node and search guard is installed on it. We are running the command on this host. The CN provided in the searchguard.authcz.admin_dn has the same hostname.
We get the same error even when we comment out the clustername
Steps to reproduce:
- Run the sgadmin command as specified above.
- Elastic search service is running fine
- The sgadmin command fails with error - none of the configured nodes are available.
Expected behavior:
Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)
Provide logs:
Elasticsearch
Kibana (if relevant)
Screenshots (if relevant):
Errors in browser console (if relevant):
Additional data: