Hello,
SG Version:search-guard-6-6.1.1-20.1.zip
ES version:6.1.1
sgadmin.sh opens like 14 TCP sessions within 50 milliseconds (Sends like 14 consecutive Hellos).
Other than pushing the given below config ymls, is there anything else sg_admin does.?
sg_action_groups.yml sg_config.yml sg_internal_users.yml sg_roles.yml sg_roles_mapping.yml
We follow cert-based auth and hence my sg_config.yml looks like this. Is there a way we can push the given below config dynamically?. Roles and users, we have the REST API interface. (REST API usage overview | Security for Elasticsearch | Search Guard). If there is a way to dynamically configure the sg_config.yml, I dont have to invoke sgadmin.sh to push the initial config is the idea. We have our own Java implementation and it is having trouble dealing with 14 consecutive Hellos.
cat sg_config.yml
searchguard:
dynamic:
authc:
clientcert_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: clientcert
config:
username_attribute: cn #optional, if omitted DN becomes username
challenge: false
authentication_backend:
type: noop
cat /elasticsearch/plugins/search-guard-6/tools/sgadmin.sh
#!/bin/bash
DIR=“$( cd “$( dirname “${BASH_SOURCE[0]}” )” && pwd )”
BIN_PATH=“java”
if [ -z “$JAVA_HOME” ]; then
echo “WARNING: JAVA_HOME not set, will use $(which $BIN_PATH)”
else
BIN_PATH=“$JAVA_HOME/bin/java”
fi
“$BIN_PATH” $JAVA_OPTS -Dorg.apache.logging.log4j.simplelog.StatusLogger.level=OFF -cp “$DIR/…/:$DIR/…/…/…/lib/:$DIR/…/deps/*” com.floragunn.searchguard.tools.SearchGuardAdmin “$@”
thanks.
Jalaja
# netstat -atn | grep 9300 | grep TIME_WAIT
tcp6 0 0 10.0.0.1:52212 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52224 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52210 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52218 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52204 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52214 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52202 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52216 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52222 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52206 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52220 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52194 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52200 10.0.0.1:9300 TIME_WAIT
tcp6 0 0 10.0.0.1:52208 10.0.0.1:9300 TIME_WAIT
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any