Sgadmin.bat script fails to initialize the sg admin

bhavesh · June 17, 2020, 6:49pm

When I run the following command :

sgadmin.bat -icl -nhnv -cert D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.crt -key D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.key -cacert D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.root.crt -cd D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig -p 8492

I get the following error

Search Guard Admin v7
WARNING: Seems you want connect to the Elasticsearch HTTP port.
         sgadmin connects on the transport port which is normally 9300.
Will connect to localhost:8492 ... done
Connected as CN=admin.ElasticServer
Elasticsearch Version: 7.7.1
Search Guard Version: 7.7.1-42.0.0
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: elasticsearch
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_action_groups.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.ActionGroupsV7), not marked as ignorable (6 known properties: "allowed_actions", "reserved", "hidden", "description", "static", "type"])
 at [Source: (String)"{"UNLIMITED":{"readonly":true,"permissions":["*"]}}"; line: 1, column: 30] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["UNLIMITED"]->com.floragunn.searchguard.sgconf.impl.v7.ActionGroupsV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_internal_users.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.InternalUserV7), not marked as ignorable (8 known properties: "backend_roles", "attributes", "reserved", "hidden", "description", "hash", "search_guard_roles", "static"])
 at [Source: (String)"{"admin":{"readonly":true,"hash":"$2a$10$JX92mwtZX/Yv4kxprNBV/.xvtAx.HoRrpWFx8ykJEYGZfdx0TgD2y","roles":["admin"]}}"; line: 1, column: 26] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["admin"]->com.floragunn.searchguard.sgconf.impl.v7.InternalUserV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_roles.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.RoleV7), not marked as ignorable (7 known properties: "index_permissions", "reserved", "hidden", "description", "static", "cluster_permissions", "tenant_permissions"])
 at [Source: (String)"{"sg_all_access":{"readonly":true,"cluster":["UNLIMITED"],"indices":{"*":{"*":["UNLIMITED"]}},"tenants":{"admin_tenant":"RW"}}}"; line: 1, column: 34] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["sg_all_access"]->com.floragunn.searchguard.sgconf.impl.v7.RoleV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_roles_mapping.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.RoleMappingsV7), not marked as ignorable (7 known properties: "backend_roles", "reserved", "hidden", "hosts", "description", "users", "and_backend_roles"])
 at [Source: (String)"{"sg_all_access":{"readonly":true,"backendroles":["admin"]}}"; line: 1, column: 34] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["sg_all_access"]->com.floragunn.searchguard.sgconf.impl.v7.RoleMappingsV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_config.yml is not in SG 7 format: java.io.IOException: A version of 2 must have a _sg_meta key for CONFIG
ERR: cannot upload configuration because of invalid files, see errors above

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

**Elasticsearch version:7.7.1

**Server OS version:7.7.1

Kibana version (if relevant):

Browser version (if relevant):

Browser OS version (if relevant):

Describe the issue:

Steps to reproduce:
1.
2.
3.

Expected behavior:

Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)

Provide logs:
Elasticsearch
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):

Additional data:

srgbnd · June 24, 2020, 6:11am

I see the error saying ...sg_action_groups.yml is not in SG 7 format... for every config file. Do you upgrade from ES v6 to v7? Look at your config files and read the latest doc, see if you have the correct syntax. Security for Elasticsearch | Search Guard Documentation

bhavesh · June 24, 2020, 2:50pm

so the search guard-7 file format issue was fixed by me. However I am now getting the following error :

D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\services\elasticserver_0.near.0.0.0>D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\services\elasticserver_0.near.0.0.0\plugins\search-guard-7\tools\sgadmin.bat -icl -nhnv -cert D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.crt -key D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.key -cacert D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.root.crt -cd D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig -p 8309

Error: Unable to initialize main class com.floragunn.searchguard.tools.SearchGuardAdmin

Caused by: java.lang.NoClassDefFoundError: org/elasticsearch/client/transport/NoNodeAvailableException

Any idea, why I would keep getting this error?

Thanking You,
Bhavesh.K.Jadav

srgbnd · June 26, 2020, 7:58am

It looks like there is a problem with the SG configuration.

I don’t see the error stack trace. Please paste the full error text, including the error stack. Do you see any error in Elasticsearch while executing the sgadmin. Paste the Elasticsearch error too.

One more thing, execute it in the diagnose mode:

./sgadmin.sh -diagnose ...

system · July 17, 2020, 7:58am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sgadmin.sh not initialising Elasticsearch Search Guard	6	1692	August 31, 2020
sgadmin error Search Guard	4	764	July 24, 2018
Can't initialize Search Guard Search Guard	5	1177	October 9, 2020
Running sgadmin.sh for first time Search Guard	3	1048	July 21, 2016
Not executing initial sgadmin Search Guard	3	2782	January 17, 2019

Sgadmin.bat script fails to initialize the sg admin

Related Topics