Search Guard integration with ECK operator

Search Guard
1

Hi ALL,

I am trying to integrate search guard with eck operator and for that these are the specifications i am using

  • elasticsearch - 7.4.0
  • searchguard - 7.4.0

and i am creating a custom Image by disabling xpack , where i am installing the search guard myself and invoking the demo_installations script as mentioned here Demo Installer | Security for Elasticsearch | Search Guard

but i am getting this error in elasticsearch deployment

"Caused by: org.elasticsearch.ElasticsearchException: searchguard.ssl.transport.keystore_filepath or searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.",

but if i see my search guard setting all certs are generated and pointed to correct location

######## Start Search Guard Demo Configuration ########
# WARNING: revise all the lines below before you go into production
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["SGS_ALL_ACCESS"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
xpack.security.enabled: false
######## End Search Guard Demo Configuration ########

let me know what should i update.

2

Hi. Can you please post the error stack trace? Or better post all Elasticsearch log beginning from the start.
Also, show me what files you have in Elasticsearch config folder. You should have the following files

$ ls -lh elasticsearch/config/
total 112
-rw-r-----  1 user  staff   3.9K May  4 13:05 elasticsearch.yml
-rw-r--r--  1 user  staff   1.7K May  4 13:05 esnode-key.pem
-rw-r--r--  1 user  staff   1.7K May  4 13:05 esnode.pem
-rw-r-----  1 user  staff   2.2K Mar 26 07:28 jvm.options
-rw-r--r--  1 user  staff   1.7K May  4 13:05 kirk-key.pem
-rw-r--r--  1 user  staff   1.6K May  4 13:05 kirk.pem
-rw-r-----  1 user  staff    17K Mar 26 07:36 log4j2.properties
-rw-r-----  1 user  staff   473B Mar 26 07:36 role_mapping.yml
-rw-r-----  1 user  staff   197B Mar 26 07:36 roles.yml
-rw-r--r--  1 user  staff   1.4K May  4 13:05 root-ca.pem
-rw-r-----  1 user  staff     0B Mar 26 07:36 users
-rw-r-----  1 user  staff     0B Mar 26 07:36 users_roles

Did you configure any file in elasticsearch/plugins/search-guard-7/sgconfig/ folder? If yes, send the changes you applied.

3

Hi,

Thanks Sergey for the prompt reply , i see the following files

[root@569dc7284b45 config]# ls -lh
total 44K
-rw-r–r-- 1 elasticsearch root 1.2K May 2 19:36 elasticsearch.yml
-rw-r–r-- 1 root root 1.7K May 2 19:36 esnode-key.pem
-rw-r–r-- 1 root root 1.7K May 2 19:36 esnode.pem
-rw-rw---- 1 elasticsearch root 3.6K Sep 27 2019 jvm.options
-rw-r–r-- 1 root root 1.7K May 2 19:36 kirk-key.pem
-rw-r–r-- 1 root root 1.6K May 2 19:36 kirk.pem
-rw-r–r-- 1 elasticsearch root 7.7K Sep 27 2019 log4j2.properties
drwxr-x— 2 elasticsearch root 31 Apr 28 12:40 repository-s3
-rw-rw---- 1 elasticsearch root 473 Sep 27 2019 role_mapping.yml
-rw-rw---- 1 elasticsearch root 197 Sep 27 2019 roles.yml
-rw-r–r-- 1 root root 1.5K May 2 19:36 root-ca.pem
-rw-rw---- 1 elasticsearch root 0 Sep 27 2019 users
-rw-rw---- 1 elasticsearch root 0 Sep 27 2019 users_roles

and i did not configure any files in elasticsearch/plugins/search-guard-7/sgconfig/ folder

thanks in advance

4

I can’t reproduce the error. You can see what I did in my log - log.txt (105.3 KB)

Thus I need more data from you in order to reproduce it

  1. Entire Elasticsearch log beginning from the start
  2. The Dockerfile of the image you run
  3. Entire elasticsearch/config/elasticsearch.yml
  4. All files you find in the folder elasticsearch/plugins/search-guard-7/sgconfig/
5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.