Hey Guys,
I am trying to install search guard with the following setup:
elasticsearch: 6.3.0
searchguard: 6.3.0-22.3
OS: Ubuntu
Java: openjdk version “1.8.0_171”
I have all the TLS files ready and after restarting elastic i get the following error: “Search Guard not initialized (SG11). See http://docs.search-guard.com/v6/sgadmin”
So, obviously, i tried to use the sgadmin but it throw the following:
WARNING: JAVA_HOME not set, will use /usr/bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Unable to check whether cluster is sane: Cannot authenticate null
Connected as CN=admin.example.com,OU=RnD,O=Example,DC=example
ERR: CN=admin.example.com,OU=RnD,O=Example,DC=example is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure elasticsearch.yml on all nodes contains:
searchguard.authcz.admin_dn:
- “CN=admin.example.com,OU=RnD,O=Example,DC=example”
My elasticsearch.yml include the following (and as you can see it include the exact same admin_dn they mention)
bootstrap.memory_lock: true
cluster.name: demo
discovery.ec2.any_group: true
discovery.ec2.endpoint: ec2.us-east-1.amazonaws.com
discovery.ec2.host_type: private_ip
discovery.ec2.tag.es_cluster: demo
discovery.zen.hosts_provider: ec2
discovery.zen.minimum_master_nodes: 2
http.port: 9200
network.bind_host: 0.0.0.0
network.publish_host: some_host_prefix.compute-1.amazonaws.com
node.data: false
node.master: true
searchguard.authcz.admin_dn: “CN=admin.example.com,OU=RnD,O=Example,DC=example”
searchguard.cert.oid: 1.2.3.4.5.5
searchguard.ssl.http.enabled: false
searchguard.ssl.http.pemcert_filepath: esnode_http.pem
searchguard.ssl.http.pemkey_filepath: esnode_http.key
searchguard.ssl.http.pemkey_password: abc123
searchguard.ssl.http.pemtrustedcas_filepath: my-elasticsearch-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode.key
searchguard.ssl.transport.pemkey_password: abc123
searchguard.ssl.transport.pemtrustedcas_filepath: my-elasticsearch-ca.pem
searchguard.ssl.transport.resolve_hostname: false
transport.tcp.port: 9300
Any suggestion / leads where and what to look for?
Thanks.