Sgadmin.bat script fails to initialize the sg admin

When I run the following command :

sgadmin.bat -icl -nhnv -cert D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.crt -key D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.key -cacert D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.root.crt -cd D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig -p 8492

I get the following error :slight_smile:

Search Guard Admin v7
WARNING: Seems you want connect to the Elasticsearch HTTP port.
         sgadmin connects on the transport port which is normally 9300.
Will connect to localhost:8492 ... done
Connected as CN=admin.ElasticServer
Elasticsearch Version: 7.7.1
Search Guard Version: 7.7.1-42.0.0
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: elasticsearch
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_action_groups.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.ActionGroupsV7), not marked as ignorable (6 known properties: "allowed_actions", "reserved", "hidden", "description", "static", "type"])
 at [Source: (String)"{"UNLIMITED":{"readonly":true,"permissions":["*"]}}"; line: 1, column: 30] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["UNLIMITED"]->com.floragunn.searchguard.sgconf.impl.v7.ActionGroupsV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_internal_users.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.InternalUserV7), not marked as ignorable (8 known properties: "backend_roles", "attributes", "reserved", "hidden", "description", "hash", "search_guard_roles", "static"])
 at [Source: (String)"{"admin":{"readonly":true,"hash":"$2a$10$JX92mwtZX/Yv4kxprNBV/.xvtAx.HoRrpWFx8ykJEYGZfdx0TgD2y","roles":["admin"]}}"; line: 1, column: 26] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["admin"]->com.floragunn.searchguard.sgconf.impl.v7.InternalUserV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_roles.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.RoleV7), not marked as ignorable (7 known properties: "index_permissions", "reserved", "hidden", "description", "static", "cluster_permissions", "tenant_permissions"])
 at [Source: (String)"{"sg_all_access":{"readonly":true,"cluster":["UNLIMITED"],"indices":{"*":{"*":["UNLIMITED"]}},"tenants":{"admin_tenant":"RW"}}}"; line: 1, column: 34] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["sg_all_access"]->com.floragunn.searchguard.sgconf.impl.v7.RoleV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_roles_mapping.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "readonly" (class com.floragunn.searchguard.sgconf.impl.v7.RoleMappingsV7), not marked as ignorable (7 known properties: "backend_roles", "reserved", "hidden", "hosts", "description", "users", "and_backend_roles"])
 at [Source: (String)"{"sg_all_access":{"readonly":true,"backendroles":["admin"]}}"; line: 1, column: 34] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration["sg_all_access"]->com.floragunn.searchguard.sgconf.impl.v7.RoleMappingsV7["readonly"])
ERR: Seems D:\p4\near-dev_bjadav1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig\sg_config.yml is not in SG 7 format: java.io.IOException: A version of 2 must have a _sg_meta key for CONFIG
ERR: cannot upload configuration because of invalid files, see errors above 

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

**Elasticsearch version:7.7.1

**Server OS version:7.7.1

Kibana version (if relevant):

Browser version (if relevant):

Browser OS version (if relevant):

Describe the issue:

Steps to reproduce:
1.
2.
3.

Expected behavior:

Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)

Provide logs:
Elasticsearch
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):

Additional data:

I see the error saying ...sg_action_groups.yml is not in SG 7 format... for every config file. Do you upgrade from ES v6 to v7? Look at your config files and read the latest doc, see if you have the correct syntax. https://docs.search-guard.com/latest/

so the search guard-7 file format issue was fixed by me. However I am now getting the following error :

D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\services\elasticserver_0.near.0.0.0>D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\services\elasticserver_0.near.0.0.0\plugins\search-guard-7\tools\sgadmin.bat -icl -nhnv -cert D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.crt -key D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.admin.key -cacert D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\elasticServerSecurity\elasticserver.root.crt -cd D:\p4\near_bjadav_dev_vm_1\workgroup\data\nlp-tsm\config\elasticserver_0.near.0.0.0\sgConfig -p 8309

Error: Unable to initialize main class com.floragunn.searchguard.tools.SearchGuardAdmin

Caused by: java.lang.NoClassDefFoundError: org/elasticsearch/client/transport/NoNodeAvailableException

Any idea, why I would keep getting this error?

Thanking You,
Bhavesh.K.Jadav

It looks like there is a problem with the SG configuration.

I don’t see the error stack trace. Please paste the full error text, including the error stack. Do you see any error in Elasticsearch while executing the sgadmin. Paste the Elasticsearch error too.

One more thing, execute it in the diagnose mode:

./sgadmin.sh -diagnose ...