At the moment you need to remove Search Guard manually by:
A full cluster restart is required.
Background: Since transport traffic is TLS encrypted (mandatory), you can’t perform a rolling restart. The nodes running without Search Guard can’t tak TLS anymore, thus you would end up with a split cluster (TLS/Non-TLS).
The configuration entries from elasticsearch.yml need to be removed or commented since Elasticsearch refuses to start when there are configuration entries present not defined by any installed plugin.
We will work on the first issue for SG6, the latter is an Elasticsearch requirement where we can’t do much about.
Once Search Guard is removed and your cluster is not protected anymore, you will also have access to the Search Guard configuration index in case you need to delete it as well. If you want to backup the Search Guard configuration, you can use the -r/–retrieve switch in sgadmin, which dumps the currently active configuration to your file system.
On Tuesday, July 25, 2017 at 3:46:58 PM UTC+2, email@example.com wrote:
I will be doing further testing with SearchGuard, but this time on a real cluster. The cluster is not a production cluster, but in any case, I’ve been asked to research the SearchGuard removal procedure. Even in a successful case, I will need to remove SearchGuard. However, I cannot find any docs on this. Is it a simple, manual procedure?