Searchguard cluster configuration

Search Guard
1

Hi All,

I struck with suarchguard configuration for cluster environme. Below is my environment

  • Search Guard and Elasticsearch version: 5.5

  • JVM version and operating system version: 1.8

elasticsearch.yml

···

cluster.name: log-collector
path.data: /var/lib/elasticsearch/log-collector
path.logs: /var/log/elasticsearch
node.master: true
node.data: false
bootstrap.memory_lock: true # this one added new
indices.fielddata.cache.size: 40%
indices.breaker.fielddata.limit: 60%
indices.breaker.request.limit: 40%
indices.breaker.total.limit: 70%
bootstrap.system_call_filter: false
network.host: 0.0.0.0
network.publish_host: eth0

######## Start Search Guard Demo Configuration ########
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: changeit
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: changeit
searchguard.authcz.admin_dn:

  • CN=spock,OU=client,O=client,L=test,C=de

searchguard.nodes_dn:

######## End Search Guard Demo Configuration ########
“/etc/elasticsearch/elasticsearch.yml” 46L, 2015C

Generated a node certificate using gen_node_cert.sh from PKI scripts… with updated IP configuration

I’ve executed sgadmin

/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cn log-collector -kspass changeit -ks /etc/elasticsearch/spock-keystore.jks -tspass changeit -ts /etc/elasticsearch/truststore.jks -nhnv --diagnose

I see below error in Master node

[root@LOG-COLLECTOR tools]# ./sgadmin_demo.sh
Search Guard Admin v5
Will connect to 10.207.99.125:9300 … done

LICENSE NOTICE Search Guard

If you use one or more of the following features in production
make sure you have a valid Search Guard license
(See Licensing | Search Guard Community, Enterprise and Compliance Edition)

  • Kibana Multitenancy
  • LDAP authentication/authorization
  • Active Directory authentication/authorization
  • REST Management API
  • JSON Web Token (JWT) authentication/authorization
  • Kerberos authentication/authorization
  • Document- and Fieldlevel Security (DLS/FLS)
  • Auditlogging

In case of any doubt mail to sales@floragunn.com
###################################
Diagnostic trace written to: /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin_diag_trace_2017-Oct-30_10-50-35.txt
Contacting elasticsearch cluster ‘log-collector’ and wait for YELLOW clusterstate …
Clustername: log-collector
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 0
searchguard index already exists, so we do not need to create one.
INFO: searchguard index state is YELLOW, it seems you miss some replicas
Populate config from /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/
Will update ‘config’ with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_config.yml
FAIL: Configuration for ‘config’ failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][config][0], source[n/a, actual length: [3.1kb], max length: 2kb]}] and a refresh]]
Will update ‘roles’ with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles.yml
FAIL: Configuration for ‘roles’ failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][roles][0], source[n/a, actual length: [3.4kb], max length: 2kb]}] and a refresh]]
Will update ‘rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles_mapping.yml
FAIL: Configuration for ‘rolesmapping’ failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][rolesmapping][0], source[{“rolesmapping”:“eyJzZ19hbGxfYWNjZXNzIjp7InVzZXJzIjpbImFkbWluIl19LCJzZ19sb2dzdGFzaCI6eyJ1c2VycyI6WyJsb2dzdGFzaCJdfSwic2dfa2liYW5hX3NlcnZlciI6eyJ1c2VycyI6WyJraWJhbmFzZXJ2ZXIiXX0sInNnX2tpYmFuYSI6eyJiYWNrZW5kcm9sZXMiOlsia2liYW5hcm9sZSJdfSwic2dfbW9uaXRvciI6eyJiYWNrZW5kcm9sZXMiOlsia2liYW5hcm9sZSJdfSwic2dfYWxlcnRpbmciOnsiYmFja2VuZHJvbGVzIjpbImtpYmFuYXJvbGUiXX0sInNnX3B1YmxpYyI6eyJ1c2VycyI6WyIqIl19LCJzZ19yZWFkYWxsIjp7InVzZXJzIjpbInJlYWRhbGwiXX0sInNnX293bl9pbmRleCI6eyJ1c2VycyI6WyIqIl19LCJzZ19yb2xlX3N0YXJmbGVldCI6eyJiYWNrZW5kcm9sZXMiOlsic3RhcmZsZWV0IiwiY2FwdGFpbnMiLCJkZWZlY3RvcnMiLCJjbj1sZGFwcm9sZSxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1jb20iXSwiaG9zdHMiOlsiKi5zdGFyZmxlZXRpbnRyYW5ldC5jb20iXSwidXNlcnMiOlsid29yZiIsInJpa2VyIiwidHJvaWQiXX0sInNnX3JvbGVfc3RhcmZsZWV0X2NhcHRhaW5zIjp7ImJhY2tlbmRyb2xlcyI6WyJjYXB0YWlucyJdfSwic2dfcm9sZV9rbGluZ29uczEiOnsiYmFja2VuZHJvbGVzIjpbImtsaW5nb24iXSwiaG9zdHMiOlsiKi5rbGluZ29uZ292LmtsaSJdLCJ1c2VycyI6WyJ3b3JmIl19LCJzZ19raWJhbmFfdGVzdGluZGV4Ijp7InVzZXJzIjpbInRlc3QiXX0sInNnX3JlYWRvbmx5X2Rsc2ZscyI6eyJ1c2VycyI6WyJkbHNmbHN1c2VyIl19fQ==”}]}] and a refresh]]

Someone please help me to understand the problem and certificate generation / configuration.

Thanks in advance

2

You have no data node (Number of data nodes: 0)

···

Am 30.10.2017 um 12:40 schrieb sankar dunga <sankardunga@gmail.com>:

Hi All,

I struck with suarchguard configuration for cluster environme. Below is my environment

* Search Guard and Elasticsearch version: 5.5
* JVM version and operating system version: 1.8

elasticsearch.yml
-------------------------------------------------------
cluster.name: log-collector
path.data: /var/lib/elasticsearch/log-collector
path.logs: /var/log/elasticsearch
node.master: true
node.data: false
bootstrap.memory_lock: true # this one added new
indices.fielddata.cache.size: 40%
indices.breaker.fielddata.limit: 60%
indices.breaker.request.limit: 40%
indices.breaker.total.limit: 70%
bootstrap.system_call_filter: false
network.host: 0.0.0.0
network.publish_host: _eth0_

######## Start Search Guard Demo Configuration ########
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: changeit
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: changeit
searchguard.authcz.admin_dn:
  - CN=spock,OU=client,O=client,L=test,C=de

searchguard.nodes_dn:
   - CN=node-0-example.com,OU=SSL,O=test,L=test,C=de

######## End Search Guard Demo Configuration ########
"/etc/elasticsearch/elasticsearch.yml" 46L, 2015C

-------------------------------------------------------
Generated a node certificate using gen_node_cert.sh from PKI scripts... with updated IP configuration
-------------------------------------------------------
I've executed sgadmin
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cn log-collector -kspass changeit -ks /etc/elasticsearch/spock-keystore.jks -tspass changeit -ts /etc/elasticsearch/truststore.jks -nhnv --diagnose

I see below error in Master node

[root@LOG-COLLECTOR tools]# ./sgadmin_demo.sh
Search Guard Admin v5
Will connect to 10.207.99.125:9300 ... done

### LICENSE NOTICE Search Guard ###

If you use one or more of the following features in production
make sure you have a valid Search Guard license
(See Security and Alerting for Elasticsearch and Kibana | Search Guard)

* Kibana Multitenancy
* LDAP authentication/authorization
* Active Directory authentication/authorization
* REST Management API
* JSON Web Token (JWT) authentication/authorization
* Kerberos authentication/authorization
* Document- and Fieldlevel Security (DLS/FLS)
* Auditlogging

In case of any doubt mail to <sales@floragunn.com>
###################################
Diagnostic trace written to: /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin_diag_trace_2017-Oct-30_10-50-35.txt
Contacting elasticsearch cluster 'log-collector' and wait for YELLOW clusterstate ...
Clustername: log-collector
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 0
searchguard index already exists, so we do not need to create one.
INFO: searchguard index state is YELLOW, it seems you miss some replicas
Populate config from /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/
Will update 'config' with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_config.yml
   FAIL: Configuration for 'config' failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][config][0], source[n/a, actual length: [3.1kb], max length: 2kb]}] and a refresh]]
Will update 'roles' with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles.yml
   FAIL: Configuration for 'roles' failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][roles][0], source[n/a, actual length: [3.4kb], max length: 2kb]}] and a refresh]]
Will update 'rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles_mapping.yml
   FAIL: Configuration for 'rolesmapping' failed because of UnavailableShardsException[[searchguard][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[searchguard][0]] containing [index {[searchguard][rolesmapping][0], source[{"rolesmapping":"eyJzZ19hbGxfYWNjZXNzIjp7InVzZXJzIjpbImFkbWluIl19LCJzZ19sb2dzdGFzaCI6eyJ1c2VycyI6WyJsb2dzdGFzaCJdfSwic2dfa2liYW5hX3NlcnZlciI6eyJ1c2VycyI6WyJraWJhbmFzZXJ2ZXIiXX0sInNnX2tpYmFuYSI6eyJiYWNrZW5kcm9sZXMiOlsia2liYW5hcm9sZSJdfSwic2dfbW9uaXRvciI6eyJiYWNrZW5kcm9sZXMiOlsia2liYW5hcm9sZSJdfSwic2dfYWxlcnRpbmciOnsiYmFja2VuZHJvbGVzIjpbImtpYmFuYXJvbGUiXX0sInNnX3B1YmxpYyI6eyJ1c2VycyI6WyIqIl19LCJzZ19yZWFkYWxsIjp7InVzZXJzIjpbInJlYWRhbGwiXX0sInNnX293bl9pbmRleCI6eyJ1c2VycyI6WyIqIl19LCJzZ19yb2xlX3N0YXJmbGVldCI6eyJiYWNrZW5kcm9sZXMiOlsic3RhcmZsZWV0IiwiY2FwdGFpbnMiLCJkZWZlY3RvcnMiLCJjbj1sZGFwcm9sZSxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1jb20iXSwiaG9zdHMiOlsiKi5zdGFyZmxlZXRpbnRyYW5ldC5jb20iXSwidXNlcnMiOlsid29yZiIsInJpa2VyIiwidHJvaWQiXX0sInNnX3JvbGVfc3RhcmZsZWV0X2NhcHRhaW5zIjp7ImJhY2tlbmRyb2xlcyI6WyJjYXB0YWlucyJdfSwic2dfcm9sZV9rbGluZ29uczEiOnsiYmFja2VuZHJvbGVzIjpbImtsaW5nb24iXSwiaG9zdHMiOlsiKi5rbGluZ29uZ292LmtsaSJdLCJ1c2VycyI6WyJ3b3JmIl19LCJzZ19raWJhbmFfdGVzdGluZGV4Ijp7InVzZXJzIjpbInRlc3QiXX0sInNnX3JlYWRvbmx5X2Rsc2ZscyI6eyJ1c2VycyI6WyJkbHNmbHN1c2VyIl19fQ=="}]}] and a refresh]]

-------------------------------------------------------

Someone please help me to understand the problem and certificate generation / configuration.
Thanks in advance

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/709618e2-43f8-4f38-ab9b-9a89c91fd156%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.