Hello,
I’m trying to build a local test setup with the following components:
-
ElasticSearch 5.2.2
-
SearchGuard 5.2.2 (With Enterprise extension for ActiveDirectory usage)
-
X-Pack 5.2.2 (Monitoring only)
Without X-Pack, the environment works fine. When I install X-Pack, I get errors in stdout. With the help of an existing Github issue, I’ve been able to work my way past a few of the errors, but at this point, I am stuck. I’ll add some details below. I’d like to mention that I intend to add Kibana to the mix, but I’d like to keep the environment minimal while sorting out these errors.
So, at the moment this is where I am stuck:
Caused by: org.elasticsearch.ElasticsearchSecurityException: unauthenticated request indices:data/write/bulk for user User [name=_sg_internal, roles=]
``
As recommended by the above-mentioned Github issue (https://github.com/floragunncom/search-guard-ssl/issues/43), I’ve changed my elasticsearch/config/elasticsearch.yml
to have the following settings:
searchguard.ssl.transport.keystore_filepath: keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: keystore.jks
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
cluster.name: docker-ezcore-cluster
network.host: 0.0.0.0
######## End Search Guard Demo Configuration ########
xpack.security.enabled: false
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.watcher.enabled: false
xpack.monitoring.exporters:
my_local:
type: local
``
I’ve tried the other changes mentioned in the issue, but they seem to have no effect for me.
Here are some things I think are remarkable:
-
I’ve successfully hooked up SearchGuard with ActiveDirectory. Yet, I don’t know what role this
admin_dn
plays, and have not yet created an account for this admin. Also, I don’t feel like this is related to this problem I’m blocked on, so I’ve left it alone for now. -
I’m curious if Kibana is ESSENTIAL to the environment, and whether or not excluding it for now is exacerbating the problem.
-
I’m constrained to working with version 5.2.2 of ES.
-
I am testing with the demo versions of the keystores, although I use the
sg_admin.sh
tool to initialize SearchGuard. I provide the keystore file paths in the command arguments.
Any ideas or help is greatly appreciated.
Please and thank you,
Marco.