Search Guard Refresh Interval Error

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -ks /etc/elasticsearch/admin-keystore.jks -kspass Alcatraz2.0 -ts /etc/elasticsearch/truststore.jks -tspass Alcatraz2.0 -nhnv -icl -h 127.0.0.1 -port 9740

Search Guard Admin v6

Will connect to 127.0.0.1:9740 … done

Elasticsearch Version: 6.3.0

Search Guard Version: 6.3.0-22.3

Connected as CN=admin,OU=client,O=client,L=Test,C=DE

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: my-new-cluster

Clusterstate: GREEN

Number of nodes: 1

Number of data nodes: 1

searchguard index does not exists, attempt to create it … done (0-all replicas)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XPUT --insecure -u admin:password123 “https://localhost:9640/*/_settings” -H ‘Content-Type: application/json’ -d ‘{ “index” : { “refresh_interval” : “180s” } }’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”},“status”:403}root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools#

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XGET -u admin:password123 --insecure https://localhost:9640/_cluster/health?pretty

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# systemctl status elasticsearch

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)

Active: active (running) since Thu 2018-11-15 17:15:37 IST; 9min ago

Docs: http://www.elastic.co

Main PID: 866 (java)

Tasks: 57

Memory: 1.3G

CPU: 31.486s

CGroup: /system.slice/elasticsearch.service

├─866 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+

└─932 /usr/share/elasticsearch/modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 15 17:15:37 k8sslave02 systemd[1]: Started Elasticsearch.

On Thursday, November 15, 2018 at 1:04:41 PM UTC+1, Bishwajit Samanta wrote:

Hi Team,

I am facing Search Guard refresh interval error. Though it seems cluster state is healthy, but some where permission issues coming. Can any one help me onto this.

Elasticsearch 6.3

Search Guard: 6.3

Output Logs::-

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -ks /etc/elasticsearch/admin-keystore.jks -kspass Alcatraz2.0 -ts /etc/elasticsearch/truststore.jks -tspass Alcatraz2.0 -nhnv -icl -h 127.0.0.1 -port 9740

Search Guard Admin v6

Will connect to 127.0.0.1:9740 … done

Elasticsearch Version: 6.3.0

Search Guard Version: 6.3.0-22.3

Connected as CN=admin,OU=client,O=client,L=Test,C=DE

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: my-new-cluster

Clusterstate: GREEN

Number of nodes: 1

Number of data nodes: 1

searchguard index does not exists, attempt to create it … done (0-all replicas)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XPUT --insecure -u admin:password123 “https://localhost:9640/*/_settings” -H ‘Content-Type: application/json’ -d ‘{ “index” : { “refresh_interval” : “180s” } }’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”},“status”:403}root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools#

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XGET -u admin:password123 --insecure https://localhost:9640/_cluster/health?pretty

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# systemctl status elasticsearch

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)

Active: active (running) since Thu 2018-11-15 17:15:37 IST; 9min ago

Docs: http://www.elastic.co

Main PID: 866 (java)

Tasks: 57

Memory: 1.3G

CPU: 31.486s

CGroup: /system.slice/elasticsearch.service

├─866 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+

└─932 /usr/share/elasticsearch/modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 15 17:15:37 k8sslave02 systemd[1]: Started Elasticsearch.

Bishwajit Samanta

+919933399865

On Thursday, November 15, 2018 at 3:16:34 PM UTC+1, Bishwajit Samanta wrote:

Hi Jochen,

Thank you for you reply, Please find the below curl response,

root@k8sslave02:~# curl -XGET --insecure -u admin:password123 “https://localhost:9640/*/_searchguard/authinfo?pretty”

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [indices:data/read/get] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [indices:data/read/get] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

On Thu, Nov 15, 2018 at 6:48 PM Jochen Kressin jkressin@floragunn.com wrote:

Maybe there’s something wrong with the roles setup. Can you do a curl GET with your admin user against /_searchguard/authinfo?pretty and post the output here?

On Thursday, November 15, 2018 at 1:04:41 PM UTC+1, Bishwajit Samanta wrote:

Hi Team,

I am facing Search Guard refresh interval error. Though it seems cluster state is healthy, but some where permission issues coming. Can any one help me onto this.

Elasticsearch 6.3

Search Guard: 6.3

Output Logs::-

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -ks /etc/elasticsearch/admin-keystore.jks -kspass Alcatraz2.0 -ts /etc/elasticsearch/truststore.jks -tspass Alcatraz2.0 -nhnv -icl -h 127.0.0.1 -port 9740

Search Guard Admin v6

Will connect to 127.0.0.1:9740 … done

Elasticsearch Version: 6.3.0

Search Guard Version: 6.3.0-22.3

Connected as CN=admin,OU=client,O=client,L=Test,C=DE

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: my-new-cluster

Clusterstate: GREEN

Number of nodes: 1

Number of data nodes: 1

searchguard index does not exists, attempt to create it … done (0-all replicas)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XPUT --insecure -u admin:password123 “https://localhost:9640/*/_settings” -H ‘Content-Type: application/json’ -d ‘{ “index” : { “refresh_interval” : “180s” } }’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”},“status”:403}root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools#

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XGET -u admin:password123 --insecure https://localhost:9640/_cluster/health?pretty

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# systemctl status elasticsearch

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)

Active: active (running) since Thu 2018-11-15 17:15:37 IST; 9min ago

Docs: http://www.elastic.co

Main PID: 866 (java)

Tasks: 57

Memory: 1.3G

CPU: 31.486s

CGroup: /system.slice/elasticsearch.service

├─866 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+

└─932 /usr/share/elasticsearch/modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 15 17:15:37 k8sslave02 systemd[1]: Started Elasticsearch.

–

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9978f0f4-94f8-4dc5-88ef-0af942f0c695%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Bishwajit Samanta

+919933399865

Bishwajit Samanta

+919933399865

On Thursday, November 15, 2018 at 7:06:22 PM UTC+1, Bishwajit Samanta wrote:

Sorry for my mistake, please find the below output:-

root@k8sslave02:~# curl -XGET --insecure -u admin:password123 “https://localhost:9640/_searchguard/authinfo?pretty”

{

“user” : “User [name=admin, roles=, requestedTenant=null]”,

“user_name” : “admin”,

“user_requested_tenant” : null,

“remote_address” : “[::1]:45454”,

“backend_roles” : ,

“custom_attribute_names” : ,

“sg_roles” : [

“sg_own_index”

],

“sg_tenants” : {

“admin” : true

},

“principal” : null,

“peer_certificates” : “0”

}

On Thu, Nov 15, 2018 at 9:16 PM Jochen Kressin jkressin@floragunn.com wrote:

This is not the output of the authinfo endpoint, you need to use:

curl -XGET --insecure -u admin:password123 “https://localhost:9640/_searchguard/authinfo?pretty”

``

On Thursday, November 15, 2018 at 3:16:34 PM UTC+1, Bishwajit Samanta wrote:

Hi Jochen,

Thank you for you reply, Please find the below curl response,

root@k8sslave02:~# curl -XGET --insecure -u admin:password123 “https://localhost:9640/*/_searchguard/authinfo?pretty”

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [indices:data/read/get] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [indices:data/read/get] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

On Thu, Nov 15, 2018 at 6:48 PM Jochen Kressin jkressin@floragunn.com wrote:

Maybe there’s something wrong with the roles setup. Can you do a curl GET with your admin user against /_searchguard/authinfo?pretty and post the output here?

On Thursday, November 15, 2018 at 1:04:41 PM UTC+1, Bishwajit Samanta wrote:

Hi Team,

I am facing Search Guard refresh interval error. Though it seems cluster state is healthy, but some where permission issues coming. Can any one help me onto this.

Elasticsearch 6.3

Search Guard: 6.3

Output Logs::-

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -ks /etc/elasticsearch/admin-keystore.jks -kspass Alcatraz2.0 -ts /etc/elasticsearch/truststore.jks -tspass Alcatraz2.0 -nhnv -icl -h 127.0.0.1 -port 9740

Search Guard Admin v6

Will connect to 127.0.0.1:9740 … done

Elasticsearch Version: 6.3.0

Search Guard Version: 6.3.0-22.3

Connected as CN=admin,OU=client,O=client,L=Test,C=DE

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Clustername: my-new-cluster

Clusterstate: GREEN

Number of nodes: 1

Number of data nodes: 1

searchguard index does not exists, attempt to create it … done (0-all replicas)

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

SUCC: Configuration for ‘config’ created or updated

Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

SUCC: Configuration for ‘roles’ created or updated

Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

SUCC: Configuration for ‘rolesmapping’ created or updated

Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

SUCC: Configuration for ‘internalusers’ created or updated

Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

SUCC: Configuration for ‘actiongroups’ created or updated

Done with success

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XPUT --insecure -u admin:password123 “https://localhost:9640/*/_settings” -H ‘Content-Type: application/json’ -d ‘{ “index” : { “refresh_interval” : “180s” } }’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [indices:admin/settings/update] and User [name=admin, roles=, requestedTenant=null]”},“status”:403}root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools#

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# curl -XGET -u admin:password123 --insecure https://localhost:9640/_cluster/health?pretty

{

“error” : {

“root_cause” : [

{

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

}

],

“type” : “security_exception”,

“reason” : “no permissions for [cluster:monitor/health] and User [name=admin, roles=, requestedTenant=null]”

},

“status” : 403

}

root@k8sslave02:/usr/share/elasticsearch/plugins/search-guard-6/tools# systemctl status elasticsearch

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)

Active: active (running) since Thu 2018-11-15 17:15:37 IST; 9min ago

Docs: http://www.elastic.co

Main PID: 866 (java)

Tasks: 57

Memory: 1.3G

CPU: 31.486s

CGroup: /system.slice/elasticsearch.service

├─866 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+

└─932 /usr/share/elasticsearch/modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 15 17:15:37 k8sslave02 systemd[1]: Started Elasticsearch.

–

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9978f0f4-94f8-4dc5-88ef-0af942f0c695%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Bishwajit Samanta

+919933399865

–

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/894c599b-cc22-49f7-8440-8c3d40956db1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Bishwajit Samanta

+919933399865