Search Guard pilot project, need some hints

I am working with Search Guard on a single machine with the intent to run it on a small cluster once I am comfortable with it. My current cluster is 5.6.13 with three nodes, I expect to have maybe a dozen users total.

Ubuntu Linux 18.04

Elasticsearch + Kibana 6.4.0

Search Guard - Does 23.1 sound like a version number?

java version “1.8.0_191”

Java™ SE Runtime Environment (build 1.8.0_191-b12)

Java HotSpot™ 64-Bit Server VM (build 25.191-b12, mixed mode)

I’ve been using Elasticsearch for about a year, have digested the O’Reilly Definitive Guide, am at that “know what I don’t know” point, and can Google/read till I get it right. I have a bit of Python code I’ve written, am using the official Elasticsearch Python client. I’ve got SG running, here are a few small puzzles I’m left with after my first day.

  1. I have a number of small scripts that wrap curl one liners to manage the system. I found some documentation on using a cert chain and key, had to hunt a bit to find the right files, placing the root cert and kirk.pem into chain.pem. This gets a curl: (52) Empty reply from server error. What did I do wrong? Is there a way to hand user/pass via curl? I haven’t seen that demonstrated anywhere.

curl --insecure --cert chain.pem --key kirk-key.pem -XGET ‘localhost:9200/_cat/indices?v’

To be clear, I did not generate a TLS config here, post install what I found in /etc/elasticsearch looked to be complete, I just assume the documentation has not caught up yet.

  1. I would be eternally grateful for a pointer to any Github repo with a little Python code that works with ES+SG for auth.

  2. My use case for that first cluster is as an ongoing demo environment. This might evolve to commercial work fairly soon, but I don’t imagine we’d ever be called on to do an enterprise integration of a social media conflict monitoring package. I’d like to just step down from the enterprise trial w/o waiting sixty days, how do I accomplish this?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

Hi!

curl --insecure --cert chain.pem --key kirk-key.pem -XGET ‘localhost:9200/_cat/indices?v’

``

You do not necessarily need a certificate here. The admin certificate is only required if you want to act as root user, thus disabling the SG security checks. If you use HTTP Basic Authentication you can just add the username/password like:

curl --insecure -u admin:admin -XGET ‘localhost:9200/_cat/indices?v’

``

The empty reply from server indicates that you have enabled HTTPS, but in your curl call you use HTTP. You should see a corresponding entry in the ES logfile (“someone speaks plaintext …”). Use:

curl --insecure -u admin:admin -XGET ‘https://localhost:9200/_cat/indices?v

Regarding Python: There are no special requirements here. You would just issue calls against the ES REST API, and

a) add a Basic Authentication header with the user’s credentials (like above)

b) add the TLS root certificate that you used to sign the ES certificates

You can just follow the SSL instructions on the ES Python client docs:

https://elasticsearch-py.readthedocs.io/en/master/

Regarding the free community edition: Just disable all commercial features as described here:

···

On Friday, November 16, 2018 at 10:15:39 AM UTC+1, Neal Rauhauser wrote:

I am working with Search Guard on a single machine with the intent to run it on a small cluster once I am comfortable with it. My current cluster is 5.6.13 with three nodes, I expect to have maybe a dozen users total.

Ubuntu Linux 18.04

Elasticsearch + Kibana 6.4.0

Search Guard - Does 23.1 sound like a version number?

java version “1.8.0_191”

Java™ SE Runtime Environment (build 1.8.0_191-b12)

Java HotSpot™ 64-Bit Server VM (build 25.191-b12, mixed mode)

I’ve been using Elasticsearch for about a year, have digested the O’Reilly Definitive Guide, am at that “know what I don’t know” point, and can Google/read till I get it right. I have a bit of Python code I’ve written, am using the official Elasticsearch Python client. I’ve got SG running, here are a few small puzzles I’m left with after my first day.

  1. I have a number of small scripts that wrap curl one liners to manage the system. I found some documentation on using a cert chain and key, had to hunt a bit to find the right files, placing the root cert and kirk.pem into chain.pem. This gets a curl: (52) Empty reply from server error. What did I do wrong? Is there a way to hand user/pass via curl? I haven’t seen that demonstrated anywhere.

curl --insecure --cert chain.pem --key kirk-key.pem -XGET ‘localhost:9200/_cat/indices?v’

To be clear, I did not generate a TLS config here, post install what I found in /etc/elasticsearch looked to be complete, I just assume the documentation has not caught up yet.

https://search-guard.com/tls-certificate-generator/

  1. I would be eternally grateful for a pointer to any Github repo with a little Python code that works with ES+SG for auth.
  1. My use case for that first cluster is as an ongoing demo environment. This might evolve to commercial work fairly soon, but I don’t imagine we’d ever be called on to do an enterprise integration of a social media conflict monitoring package. I’d like to just step down from the enterprise trial w/o waiting sixty days, how do I accomplish this?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any