sgadmin.bat doesnt connect to elasticsearch

Hi,

I got the TLS certificates generated from the searchguard TLS certificate generator link.

Initially i performed the following configuration changes,

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config*CN=localhost-keystore.jks*

searchguard.ssl.http.keystore_password: 221749a2add117cf889f

searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks

searchguard.ssl.http.truststore_password: 6d6cf1cc017dc874960b

searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config*CN=localhost-keystore.jks*

searchguard.ssl.transport.keystore_password: 221749a2add117cf889f

searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks

searchguard.ssl.transport.truststore_password: 6d6cf1cc017dc874960b

Now i am trying to run the sgadmin.bat as below,

sgadmin.bat -cd …\sgconfig -ts D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks -tspass 6d6cf1cc017dc874960b -ks D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks -kspass 221749a2add117cf889f –nhnv

The command successfully got executed.

In kibana.yml, i made the following changes,

elasticsearch.url: “https://localhost:9200

elasticsearch.username: “admin”

elasticsearch.password: “admin”

elasticsearch.ssl.certificateAuthorities: [ “D:/Softwares/ELK/elasticsearch-5.4.0/elasticsearch-5.4.0/config/root-ca.crt” ]

kibana is able to connect to elasticsearch.

My issue:

Now in elasticsearch.yml, i have made below changes,

network.host: AAEINBLR02717D

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config*CN=AAEINBLR02717D-keystore.jks*

searchguard.ssl.http.keystore_password: 02d9b43a58d6e1060368

searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks

searchguard.ssl.http.truststore_password: c0659bb0b83d0afae81e

searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config*CN=AAEINBLR02717D-keystore.jks*

searchguard.ssl.transport.keystore_password: 02d9b43a58d6e1060368

searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks

searchguard.ssl.transport.truststore_password: c0659bb0b83d0afae81e

I am getting the below error,

Search Guard Admin v5

Will connect to localhost:9300

ERR: Seems there is no elasticsearch running on localhost:9300 - Will exit

**Q1:why so… **

**Does it default connect to localhost only? **

Q2:f it allows only localhost, its difficult to connect. Only locally running logstash can connect to elasticsearch.

how can logstash residing on other machine communicate to elasticsearch residing on other machine.

There is a bunch of parameters for sgadmin, one is --hostname or -h to run it against an other host than localhost
Just run sgadmin.sh without any parameters to get help (as for any other command line tool too)

You may also read the docs https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md where all this is explained in detail

···

Am 04.07.2017 um 10:10 schrieb vinod hy <hy.vinod88@gmail.com>:

Hi,

I got the TLS certificates generated from the searchguard TLS certificate generator link.

Initially i performed the following configuration changes,
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
searchguard.ssl.http.keystore_password: 221749a2add117cf889f
searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.http.truststore_password: 6d6cf1cc017dc874960b

searchguard.authcz.admin_dn:
  - CN=sgadmin

searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
searchguard.ssl.transport.keystore_password: 221749a2add117cf889f
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: 6d6cf1cc017dc874960b

Now i am trying to run the sgadmin.bat as below,

sgadmin.bat -cd ..\sgconfig -ts D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks -tspass 6d6cf1cc017dc874960b -ks D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks -kspass 221749a2add117cf889f –nhnv

The command successfully got executed.

In kibana.yml, i made the following changes,
elasticsearch.url: "https://localhost:9200"
elasticsearch.username: "admin"
elasticsearch.password: "admin"
elasticsearch.ssl.certificateAuthorities: [ "D:/Softwares/ELK/elasticsearch-5.4.0/elasticsearch-5.4.0/config/root-ca.crt" ]

kibana is able to connect to elasticsearch.

My issue:

Now in elasticsearch.yml, i have made below changes,

network.host: AAEINBLR02717D

searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.http.keystore_password: 02d9b43a58d6e1060368
searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.http.truststore_password: c0659bb0b83d0afae81e

searchguard.authcz.admin_dn:
  - CN=sgadmin

searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.transport.keystore_password: 02d9b43a58d6e1060368
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: c0659bb0b83d0afae81e

I am getting the below error,
Search Guard Admin v5
Will connect to localhost:9300
ERR: Seems there is no elasticsearch running on localhost:9300 - Will exit

Q1:why so..
Does it default connect to localhost only?

Q2:f it allows only localhost, its difficult to connect. Only locally running logstash can connect to elasticsearch.
how can logstash residing on other machine communicate to elasticsearch residing on other machine.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5211d96b-77e7-4451-bda4-6225fb927d7d%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.