SearchGuard on windows 10 with ElasticSearch 5.5.0

Search Guard
1

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.

2
  1. You need to enable HTTPS in elasticsearch.yml as described in:

searchguard.ssl.http.enabled: true

And you need to configure the keystore and the truststore for the HTTP layer as well. You can use the same keystore and truststore files as for the transport layer. The linked article of the docs has all the details.

  1. You need to install the Search Guard Kibana plugin, and especially configure the Kibana server user which is used by Kibana internally to talk to ES:
  1. To change configuration settings, you need to edit the configuration files (sg_internal_users.yml in your case) and use sgadmin to upload it to the cluster:

As an alternative, you can also use the REST management API:

Hope that helps!

···

On Thursday, August 17, 2017 at 11:08:09 AM UTC+2, Ahmad Bukhari wrote:

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.

3

Thankyou Jochen,
I’ve successfully configured Kibana with search guard plugin and now its working fine.

I added REST layer SSL and now its running on https perfectly.

There is a slight issue now, after injecting SSL configuration in elasticsearch.yml kibana is not able to authenticate user. I’ve attached the screen shot. Please have a look.

···

On Saturday, August 19, 2017 at 1:24:44 AM UTC+5, Jochen Kressin wrote:

  1. You need to enable HTTPS in elasticsearch.yml as described in:

http://floragunncom.github.io/search-guard-docs/tls_configuration.html

searchguard.ssl.http.enabled: true

And you need to configure the keystore and the truststore for the HTTP layer as well. You can use the same keystore and truststore files as for the transport layer. The linked article of the docs has all the details.

  1. You need to install the Search Guard Kibana plugin, and especially configure the Kibana server user which is used by Kibana internally to talk to ES:

http://floragunncom.github.io/search-guard-docs/kibana.html

  1. To change configuration settings, you need to edit the configuration files (sg_internal_users.yml in your case) and use sgadmin to upload it to the cluster:

http://floragunncom.github.io/search-guard-docs/sgadmin.html

As an alternative, you can also use the REST management API:

http://floragunncom.github.io/search-guard-docs/managementapi.html

Hope that helps!

On Thursday, August 17, 2017 at 11:08:09 AM UTC+2, Ahmad Bukhari wrote:

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.

4

Hello Ahmad,

this is a reply to your ‘slight issue’ subsequently showing after your changes according to the answer from Jochen below:
There is a slight issue now, after injecting SSL configuration in elasticsearch.yml kibana is not able to authenticate user. I’ve attached the screen shot. Please have a look.

According to the screenshot you added it looks like there is no communication between Search Guard and Kibana.
This may happen due to several reasons, see Redirecting… for details.
Most likely that error is related to your configuration with TLS.

Please check your elasticsearch URL in your kibana.yml file:
if you use TLS on the Elasticsearch REST layer, you need to configure Kibana accordingly.
Make sure you set the protocol on the entry elasticsearch.url to https:

elasticsearch.url: “https://localhost:9200

Please cross check your elasticsearch.yml and your kibana.yml files:
if you set ssl enabled true for elasticsearch, kibana has to have https configured as well, otherwise,

If you can not find the non-matching piece, please post your complete elasticsearch.yml and your kibana.yml file

Thanks for your question, I hope this answer helps,

regards, Urs.

···

Urs Armbruster

Community Manager

floragunn GmbH

Tempelhofer Ufer 16

10963 Berlin

Amtsgericht Charlottenburg HRB 147010

USt-IdNr.: DE287373363

+++ like us on facebook: https://www.facebook.com/searchguard

+++ follow us on twitter: https://twitter.com/searchguard

On Thursday, August 17, 2017 at 11:08:09 AM UTC+2, Ahmad Bukhari wrote:

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.

5

Thank you Armbruster for your help i updated kibana.yml file and everything is perfectly on track, and sorry for late reply. :slight_smile:

···

On Tuesday, August 22, 2017 at 10:51:44 PM UTC+5, Urs wrote:

Hello Ahmad,

this is a reply to your ‘slight issue’ subsequently showing after your changes according to the answer from Jochen below:
There is a slight issue now, after injecting SSL configuration in elasticsearch.yml kibana is not able to authenticate user. I’ve attached the screen shot. Please have a look.

According to the screenshot you added it looks like there is no communication between Search Guard and Kibana.
This may happen due to several reasons, see http://floragunncom.github.io/search-guard-docs/kibana.html for details.
Most likely that error is related to your configuration with TLS.

Please check your elasticsearch URL in your kibana.yml file:
if you use TLS on the Elasticsearch REST layer, you need to configure Kibana accordingly.
Make sure you set the protocol on the entry elasticsearch.url to https:

elasticsearch.url: “https://localhost:9200

Please cross check your elasticsearch.yml and your kibana.yml files:
if you set ssl enabled true for elasticsearch, kibana has to have https configured as well, otherwise,

If you can not find the non-matching piece, please post your complete elasticsearch.yml and your kibana.yml file

Thanks for your question, I hope this answer helps,

regards, Urs.

Urs Armbruster

Community Manager

floragunn GmbH

Tempelhofer Ufer 16

10963 Berlin

Amtsgericht Charlottenburg HRB 147010

USt-IdNr.: DE287373363

+++ like us on facebook: https://www.facebook.com/searchguard

+++ follow us on twitter: https://twitter.com/searchguard

On Thursday, August 17, 2017 at 11:08:09 AM UTC+2, Ahmad Bukhari wrote:

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.

6

Guys I’ve successfully configured Searchguard and deployed it, and it is working fine on most of the systems but on few while initializing it failed with these errors:

Log Entry : 4:26:26 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

···

Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …

Log Entry : 4:31:20 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

ERR: Timed out while waiting for a green or yellow cluster state.

Log Entry : 4:31:20 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

  • Try running sgadmin.sh with -icl (but no -cl) and -nhnv (If thats works you need to check your clustername as well as hostnames in your SSL certificates)

Log Entry : 4:31:21 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

  • Make also sure that your keystore or cert is a client certificate (not a node certificate) and configured properly in elasticsearch.yml

Log Entry : 4:31:21 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

  • If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)

Log Entry : 4:31:22 PM Friday, August 25, 2017:

ExecuteCommand C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\tools\sgadmin.bat -cd “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\plugins\search-guard-5\sgconfig” -ts “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\truststore.jks” -tspass d6e288f1dc039bc965f7 -ks “C:\Program Files\Imanami\GroupID 8.0\ElasticSearch\elasticsearch-5.5.0\config\CN=sgadmin-keystore.jks” -kspass 52fe5fd4b3affc0ed7fa -nhnv

  • Add --accept-red-cluster to allow sgadmin to operate on a red cluster.

Log Entry : 4:31:22 PM Friday, August 25, 2017:

ExecuteCommand ExitCode: -1

On Monday, August 28, 2017 at 9:29:58 AM UTC+5, Ahmad Bukhari wrote:

Thank you Armbruster for your help i updated kibana.yml file and everything is perfectly on track, and sorry for late reply. :slight_smile:

On Tuesday, August 22, 2017 at 10:51:44 PM UTC+5, Urs wrote:

Hello Ahmad,

this is a reply to your ‘slight issue’ subsequently showing after your changes according to the answer from Jochen below:
There is a slight issue now, after injecting SSL configuration in elasticsearch.yml kibana is not able to authenticate user. I’ve attached the screen shot. Please have a look.

According to the screenshot you added it looks like there is no communication between Search Guard and Kibana.
This may happen due to several reasons, see http://floragunncom.github.io/search-guard-docs/kibana.html for details.
Most likely that error is related to your configuration with TLS.

Please check your elasticsearch URL in your kibana.yml file:
if you use TLS on the Elasticsearch REST layer, you need to configure Kibana accordingly.
Make sure you set the protocol on the entry elasticsearch.url to https:

elasticsearch.url: “https://localhost:9200

Please cross check your elasticsearch.yml and your kibana.yml files:
if you set ssl enabled true for elasticsearch, kibana has to have https configured as well, otherwise,

If you can not find the non-matching piece, please post your complete elasticsearch.yml and your kibana.yml file

Thanks for your question, I hope this answer helps,

regards, Urs.

Urs Armbruster

Community Manager

floragunn GmbH

Tempelhofer Ufer 16

10963 Berlin

Amtsgericht Charlottenburg HRB 147010

USt-IdNr.: DE287373363

+++ like us on facebook: https://www.facebook.com/searchguard

+++ follow us on twitter: https://twitter.com/searchguard

On Thursday, August 17, 2017 at 11:08:09 AM UTC+2, Ahmad Bukhari wrote:

I’ve tried to conficure Search Guard on windows 10 and every thing went almost perfectly. Now when I hit http://localhost:9200 it ask me for user name and password and when i provide admin, admin it work perfectly.
But the issue are:
1: I want to run elastic search on https not on http but it’s still on http how can i move it to https.

2: I’m not able to use it thorugh Kibana it shows Authentication Failed even i updated kibana.yml.

3: How can i change username and password.