If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.
**Elasticsearch version:7.9.0
**Server OS version: Centos7
**Kibana version (if relevant): 7.9.0
**Describe the issue:
I am trying to test search-guard plugin for my ELK setup…I have installed search guard plugin with 7.9.0:45.0.0 version…After i have tried to install demo certificate with demo script…But its not generated any key files.So i have tried to use manual demo certificates…But its also not working…when i try to restart elasticsearch, it got failed and through below error.
Caused by: java.security.AccessControlException: access denied (“java.io.FilePermission” “/usr/share/elasticsearch/ssl-sg/esnode.pem” “read”)
Then i desired to generate own SSL with my working domain name using search-guard TLS online generator…I have pointed “elk.xxx.com” domain to my ELK server and generated SSL for that domain…Also updated ssl path in elasticsearch.yaml file…But i got same error…i am not sure what i did wrongly…i am trying to solve this issue in last 2 days…but no luck.
When i try to start elasticsearch, i got below error,
Caused by: java.security.AccessControlException: access denied (“java.io.FilePermission” “/usr/share/elasticsearch/ssl-sg/elk.xxx.com.crtfull.pem” “read”)
can some one help me to solve this issue ?
Provide configuration:
elasticsearch/config/elasticsearch.yml
Elasticsearch config details: (elasticsearch.yml)
xpack.security.enabled: false
searchguard.enterprise_modules_enabled: false
searchguard.ssl.transport.pemcert_filepath:/usr/share/elasticsearch/ssl-sg/elk.xxx.com.crtfull.pem
searchguard.ssl.transport.pemkey_filepath:/usr/share/elasticsearch/ssl-sg/elk.xxx.com.key.pem
searchguard.ssl.transport.pemtrustedcas_filepath:/usr/share/elasticsearch/ssl-sg/root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.authcz.admin_dn:
- CN=admin,OU=SSL,O=test,L=test,C=de
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
I haven’t made any changes in sg_config.yml
Provide logs:
Elasticsearch
Caused by: java.security.AccessControlException: access denied (“java.io.FilePermission” “/usr/share/elasticsearch/ssl-sg/elk.xxx.com.crtfull.pem” “read”)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1036) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:408) ~[?:?]
at java.lang.SecurityManager.checkRead(SecurityManager.java:747) ~[?:?]
at sun.nio.fs.UnixPath.checkRead(UnixPath.java:818) ~[?:?]
at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:49) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149) ~[?:?]
at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99) ~[?:?]
at java.nio.file.Files.readAttributes(Files.java:1843) ~[?:?]
at java.nio.file.Files.isDirectory(Files.java:2314) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.checkPath(DefaultSearchGuardKeyStore.java:918) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.resolve(DefaultSearchGuardKeyStore.java:233) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initTransportSSLConfig(DefaultSearchGuardKeyStore.java:356) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:253) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:174) ~[?:?]
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.(SearchGuardSSLPlugin.java:202) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:235) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:691) ~[elasticsearch-7.9.0.jar:7.9.0]
… 15 more
[2020-09-06T13:59:36,989][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [elk.devopsadmin.icu] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.9.0.jar:7.9.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.9.0.jar:7.9.0]
Caused by: java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:700) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:642) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:473) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:165) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.node.Node.(Node.java:328) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.node.Node.(Node.java:277) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:227) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.9.0.jar:7.9.0]
… 6 more
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:691) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:642) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:473) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:165) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.node.Node.(Node.java:328) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.node.Node.(Node.java:277) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:227) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.9.0.jar:7.9.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.9.0.jar:7.9.0]
… 6 more