tools/sgadmin.sh - Error "no valid cipher suites for transport protocol"

I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.

$ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv

Will connect to localhost:9300 … done

ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol

Trace:

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:155)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)

Here is system setup:

ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools

-rw-rw-r–. 1 214 Feb 3 12:50 hash.bat

-rw-rw-r–. 1 197 Feb 3 12:50 hash.sh

-rw-rw-r–. 1 4423 Feb 17 12:56 kirk-keystore.jks

-rw-rw-r–. 1 222 Feb 3 12:50 sgadmin.bat

-rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh

-rw-rw-r–. 1 1096 Feb 17 12:56 truststore.jks

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)

J9VM - R28_20170117_0200_B333500

JIT - tr.r14.java.green_20170115_130932

GC - R28_20170117_0200_B333500_CMPRSS

J9CL - 20170117_333500)

JCL - 20170125_01 based on Oracle jdk8u121-b13

elasticsearch.yml:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE

“elasticsearch.yml” 135L, 4552C

Output of ES:

[2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing …

[2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]

[2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]

[2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL

[2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting …

[2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}

[2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists …

[2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry

[2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ

[2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)

[2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}

[2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started

[2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state

[2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster

IBM J9 VM is not supported, pls. use OpenJDK or OracleJVM.
If you would like to run it anyway try Search Guard v11 with Search Guard SSL v20, this might be working but no guarantee

···

On Friday, 17 February 2017 21:10:55 UTC+1, Eliran Boraks wrote:

I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.

$ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv

Will connect to localhost:9300 … done

ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol

Trace:

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:155)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)

Here is system setup:

ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools

-rw-rw-r–. 1 214 Feb 3 12:50 hash.bat

-rw-rw-r–. 1 197 Feb 3 12:50 hash.sh

-rw-rw-r–. 1 4423 Feb 17 12:56 kirk-keystore.jks

-rw-rw-r–. 1 222 Feb 3 12:50 sgadmin.bat

-rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh

-rw-rw-r–. 1 1096 Feb 17 12:56 truststore.jks

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)

J9VM - R28_20170117_0200_B333500

JIT - tr.r14.java.green_20170115_130932

GC - R28_20170117_0200_B333500_CMPRSS

J9CL - 20170117_333500)

JCL - 20170125_01 based on Oracle jdk8u121-b13

elasticsearch.yml:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE

“elasticsearch.yml” 135L, 4552C

Output of ES:

[2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing …

[2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]

[2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]

[2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL

[2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting …

[2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}

[2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists …

[2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry

[2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ

[2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)

[2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}

[2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started

[2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state

[2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster

That is interesting because I did download Oracle’s Java and I set it to JAVA_HOME. I can’t change the underline Java since, I don’t have root.

That mean that ‘sgadmin.sh’ isn’t using the JAVA_HOME?

Eliran

···

On Sun, Feb 19, 2017 at 11:56 AM, Search Guard info@search-guard.com wrote:

IBM J9 VM is not supported, pls. use OpenJDK or OracleJVM.
If you would like to run it anyway try Search Guard v11 with Search Guard SSL v20, this might be working but no guarantee

On Friday, 17 February 2017 21:10:55 UTC+1, Eliran Boraks wrote:

I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.

$ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv

Will connect to localhost:9300 … done

ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol

Trace:

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:155)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)

Here is system setup:

ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools

-rw-rw-r–. 1 214 Feb 3 12:50 hash.bat

-rw-rw-r–. 1 197 Feb 3 12:50 hash.sh

-rw-rw-r–. 1 4423 Feb 17 12:56 kirk-keystore.jks

-rw-rw-r–. 1 222 Feb 3 12:50 sgadmin.bat

-rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh

-rw-rw-r–. 1 1096 Feb 17 12:56 truststore.jks

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)

J9VM - R28_20170117_0200_B333500

JIT - tr.r14.java.green_20170115_130932

GC - R28_20170117_0200_B333500_CMPRSS

J9CL - 20170117_333500)

JCL - 20170125_01 based on Oracle jdk8u121-b13

elasticsearch.yml:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE

“elasticsearch.yml” 135L, 4552C

Output of ES:

[2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing …

[2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]

[2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]

[2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL

[2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting …

[2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}

[2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists …

[2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry

[2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ

[2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)

[2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}

[2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started

[2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state

[2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster

You received this message because you are subscribed to a topic in the Google Groups “Search Guard” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ae3029fc-9b0b-4e14-89ba-8ef80cec8172%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Keep in touch

Twitter
LinkedIn

Facebook

you can look into sgadmin.sh to see how it works

···

Am 20.02.2017 um 14:49 schrieb Eliran Boraks <eboraks@gmail.com>:

That is interesting because I did download Oracle's Java and I set it to JAVA_HOME. I can't change the underline Java since, I don't have root.

That mean that 'sgadmin.sh' isn't using the JAVA_HOME?

Eliran

On Sun, Feb 19, 2017 at 11:56 AM, Search Guard <info@search-guard.com> wrote:
IBM J9 VM is not supported, pls. use OpenJDK or OracleJVM.
If you would like to run it anyway try Search Guard v11 with Search Guard SSL v20, this might be working but no guarantee

On Friday, 17 February 2017 21:10:55 UTC+1, Eliran Boraks wrote:
I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.

$ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd ../sgconfig -icl -nhnv
Will connect to localhost:9300 ... done
ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol
Trace:
ElasticsearchSecurityException[no valid cipher suites for transport protocol]
  at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:155)
  at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
  at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)
  at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
  at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)
  at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)
  at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)

Here is system setup:
ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools
-rw-rw-r--. 1 214 Feb 3 12:50 hash.bat
-rw-rw-r--. 1 197 Feb 3 12:50 hash.sh
-rw-rw-r--. 1 4423 Feb 17 12:56 kirk-keystore.jks
-rw-rw-r--. 1 222 Feb 3 12:50 sgadmin.bat
-rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh
-rw-rw-r--. 1 1096 Feb 17 12:56 truststore.jks

$ java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)
J9VM - R28_20170117_0200_B333500
JIT - tr.r14.java.green_20170115_130932
GC - R28_20170117_0200_B333500_CMPRSS
J9CL - 20170117_333500)
JCL - 20170125_01 based on Oracle jdk8u121-b13

elasticsearch.yml:
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE
"elasticsearch.yml" 135L, 4552C

Output of ES:
[2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]
[2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing ...
[2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available
[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch
[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false
[2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites
[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]
[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]
[2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL
[2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively
[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers
[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]
[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]
[2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)
[2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available
[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized
[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting ...
[2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}
[2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists ...
[2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry
[2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ
[2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}
[2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started
[2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state
[2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ae3029fc-9b0b-4e14-89ba-8ef80cec8172%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Keep in touch
Twitter
LinkedIn
Facebook

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAAn%2BYTP8s3emsXvjHTPqsq64Y2hYyGqMgXCw-YnrfsSeCuQ49A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

I fixed it by adding the following:

$JAVA_HOME/bin/java

Thanks

···

On Mon, Feb 20, 2017 at 8:52 AM, SG info@search-guard.com wrote:

you can look into sgadmin.sh to see how it works

Am 20.02.2017 um 14:49 schrieb Eliran Boraks eboraks@gmail.com:

That is interesting because I did download Oracle’s Java and I set it to JAVA_HOME. I can’t change the underline Java since, I don’t have root.

That mean that ‘sgadmin.sh’ isn’t using the JAVA_HOME?

Eliran

On Sun, Feb 19, 2017 at 11:56 AM, Search Guard info@search-guard.com wrote:

IBM J9 VM is not supported, pls. use OpenJDK or OracleJVM.

If you would like to run it anyway try Search Guard v11 with Search Guard SSL v20, this might be working but no guarantee

On Friday, 17 February 2017 21:10:55 UTC+1, Eliran Boraks wrote:

I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.

$ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv

Will connect to localhost:9300 … done

ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol

Trace:

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

  at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:155)
  at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
  at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)
  at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
  at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)
  at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)
  at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)

Here is system setup:

ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools

-rw-rw-r–. 1 214 Feb 3 12:50 hash.bat

-rw-rw-r–. 1 197 Feb 3 12:50 hash.sh

-rw-rw-r–. 1 4423 Feb 17 12:56 kirk-keystore.jks

-rw-rw-r–. 1 222 Feb 3 12:50 sgadmin.bat

-rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh

-rw-rw-r–. 1 1096 Feb 17 12:56 truststore.jks

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)

J9VM - R28_20170117_0200_B333500

JIT - tr.r14.java.green_20170115_130932

GC - R28_20170117_0200_B333500_CMPRSS

J9CL - 20170117_333500)

JCL - 20170125_01 based on Oracle jdk8u121-b13

elasticsearch.yml:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE

“elasticsearch.yml” 135L, 4552C

Output of ES:

[2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing …

[2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]

[2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]

[2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL

[2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized

[2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting …

[2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}

[2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists …

[2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry

[2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ

[2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)

[2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}

[2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started

[2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state

[2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster

You received this message because you are subscribed to a topic in the Google Groups “Search Guard” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ae3029fc-9b0b-4e14-89ba-8ef80cec8172%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Keep in touch

Twitter

LinkedIn

Facebook

You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAAn%2BYTP8s3emsXvjHTPqsq64Y2hYyGqMgXCw-YnrfsSeCuQ49A%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to a topic in the Google Groups “Search Guard” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/A3549202-2F34-4616-8C5D-9F259270838F%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.

Keep in touch

Twitter
LinkedIn

Facebook

thx, also fixed in master: https://github.com/floragunncom/search-guard/commit/a776ab93d6a18afcf0c5c73afddb51177c2f2125

···

Am 20.02.2017 um 16:17 schrieb Eliran Boraks <eboraks@gmail.com>:

I fixed it by adding the following:

$JAVA_HOME/bin/java

Thanks

On Mon, Feb 20, 2017 at 8:52 AM, SG <info@search-guard.com> wrote:
you can look into sgadmin.sh to see how it works

> Am 20.02.2017 um 14:49 schrieb Eliran Boraks <eboraks@gmail.com>:
>
> That is interesting because I did download Oracle's Java and I set it to JAVA_HOME. I can't change the underline Java since, I don't have root.
>
> That mean that 'sgadmin.sh' isn't using the JAVA_HOME?
>
> Eliran
>
> On Sun, Feb 19, 2017 at 11:56 AM, Search Guard <info@search-guard.com> wrote:
> IBM J9 VM is not supported, pls. use OpenJDK or OracleJVM.
> If you would like to run it anyway try Search Guard v11 with Search Guard SSL v20, this might be working but no guarantee
>
> On Friday, 17 February 2017 21:10:55 UTC+1, Eliran Boraks wrote:
> I am trying to set-up the sgadmin, following this article https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md
>
>
> When running the sgadmin tool I am getting the following. I do have the Java Cryptography Extension installed.
>
> $ ./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd ../sgconfig -icl -nhnv
> Will connect to localhost:9300 ... done
> ERR: An unexpected ElasticsearchSecurityException occured: no valid cipher suites for transport protocol
> Trace:
> ElasticsearchSecurityException[no valid cipher suites for transport protocol]
> at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:155)
> at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
> at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)
> at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
> at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)
> at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:315)
> at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:101)
>
>
> Here is system setup:
> ls -l /elasticsearch-2.4.3/plugins/search-guard-2/tools
> -rw-rw-r--. 1 214 Feb 3 12:50 hash.bat
> -rw-rw-r--. 1 197 Feb 3 12:50 hash.sh
> -rw-rw-r--. 1 4423 Feb 17 12:56 kirk-keystore.jks
> -rw-rw-r--. 1 222 Feb 3 12:50 sgadmin.bat
> -rwxrwxrwx. 1 218 Feb 3 12:50 sgadmin.sh
> -rw-rw-r--. 1 1096 Feb 17 12:56 truststore.jks
>
> $ java -version
> java version "1.8.0"
> Java(TM) SE Runtime Environment (build pxa6480sr4-20170127_01(SR4))
> IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170117_333500 (JIT enabled, AOT enabled)
> J9VM - R28_20170117_0200_B333500
> JIT - tr.r14.java.green_20170115_130932
> GC - R28_20170117_0200_B333500_CMPRSS
> J9CL - 20170117_333500)
> JCL - 20170125_01 based on Oracle jdk8u121-b13
>
> elasticsearch.yml:
> searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
> searchguard.ssl.transport.keystore_password: changeit
> searchguard.ssl.transport.truststore_filepath: truststore.jks
> searchguard.ssl.transport.truststore_password: changeit
> searchguard.ssl.transport.enforce_hostname_verification: false
>
> searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=DE
> "elasticsearch.yml" 135L, 4552C
>
> Output of ES:
> [2017-02-17 19:56:02,420][INFO ][node ] [Nekra] version[2.4.3], pid[1430], build[d38a34e/2016-12-07T16:28:56Z]
> [2017-02-17 19:56:02,421][INFO ][node ] [Nekra] initializing ...
> [2017-02-17 19:56:03,226][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin also available
> [2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch
> [2017-02-17 19:56:03,245][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false
> [2017-02-17 19:56:03,246][INFO ][plugins ] [Nekra] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites
> [2017-02-17 19:56:03,278][INFO ][env ] [Nekra] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [5.6gb], net total_space [9.9gb], spins? [unknown], types [rootfs]
> [2017-02-17 19:56:03,278][INFO ][env ] [Nekra] heap size [1.9gb], compressed ordinary object pointers [true]
> [2017-02-17 19:56:03,278][WARN ][env ] [Nekra] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]
> [2017-02-17 19:56:03,335][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL
> [2017-02-17 19:56:03,780][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively
> [2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
> [2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
> [2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers
> [2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]
> [2017-02-17 19:56:03,826][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]
> [2017-02-17 19:56:04,137][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)
> [2017-02-17 19:56:04,139][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available
> [2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]
> [2017-02-17 19:56:04,304][INFO ][transport ] [Nekra] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]
> [2017-02-17 19:56:07,110][INFO ][node ] [Nekra] initialized
> [2017-02-17 19:56:07,110][INFO ][node ] [Nekra] starting ...
> [2017-02-17 19:56:07,292][INFO ][com.floragunn.searchguard.transport.SearchGuardTransportService] [Nekra] publish_address {10.240.0.24:9300}, bound_addresses {[::]:9300}
> [2017-02-17 19:56:07,296][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] Check if searchguard index exists ...
> [2017-02-17 19:56:07,302][DEBUG][action.admin.indices.exists.indices] [Nekra] no known master node, scheduling a retry
> [2017-02-17 19:56:07,308][INFO ][discovery ] [Nekra] elasticsearch/pRteXY99TWyxyGZtUAkBJQ
> [2017-02-17 19:56:10,444][INFO ][cluster.service ] [Nekra] new_master {Nekra}{pRteXY99TWyxyGZtUAkBJQ}{10.240.0.24}{10.240.0.24:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
> [2017-02-17 19:56:10,508][INFO ][http ] [Nekra] publish_address {10.240.0.24:9200}, bound_addresses {[::]:9200}
> [2017-02-17 19:56:10,508][INFO ][node ] [Nekra] started
> [2017-02-17 19:56:10,527][INFO ][gateway ] [Nekra] recovered [0] indices into cluster_state
> [2017-02-17 19:56:10,528][INFO ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Nekra] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster
>
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ae3029fc-9b0b-4e14-89ba-8ef80cec8172%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Keep in touch
> Twitter
> LinkedIn
> Facebook
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAAn%2BYTP8s3emsXvjHTPqsq64Y2hYyGqMgXCw-YnrfsSeCuQ49A%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/4NzDbF2X6Mo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/A3549202-2F34-4616-8C5D-9F259270838F%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.

--
Keep in touch
Twitter
LinkedIn
Facebook

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAAn%2BYTMrPsQ%2BOHQqxcZnwg%3DcOLOSd7GWGvj%2B3kPKCpKM%3DJW6ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.