Failed to load elasticsearch nodes after installing Shield

security

#1

Hi,
We have a Java application that connects to elasticSearch 2.4 (standalone) via Spring Data and Spring Boot (1.4.0). The connection settings are:
spring.data.elasticsearch.cluster-name=
spring.data.elasticsearch.cluster-nodes=127.0.0.1:9300

Everything worked fine before installing Shield.
I installed Shield on my DEV (windows) box, The GET _shield shows status as enabled. Added more settings as below,
spring.data.elasticsearch.properties.shield.user=:
spring.data.elasticsearch.clientPingTimeout=30s
spring.data.elasticsearch.clientNodesSamplerInterval=30s
spring.data.elasticsearch.properties.request.headers.X-Found-Cluster=s
spring.data.elasticsearch.properties.shield.transport.ssl=false
however, the application failed to start due to error:
SEVERE: failed to load elasticsearch nodes : org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{127.0.0.1:9300}]

Does anyone have any suggestions?
Thanks in advance.


(Mark Walkom) #2

Can you curl localhost:9200 to make sure ES is up?
Have you defined any users in Shield?

https://www.elastic.co/guide/en/shield/current/_using_elasticsearch_java_clients_with_shield.html may also be of use.


#3

Hi Mark,

I use Sense plugin, yes, ES is up,

GET _shield:
"status": "enabled",

GET _shield/authenticate:
{
"username": "***",
"roles": [
"admin"
],
"full_name": null,
"email": null,
"metadata": {}
}


(Mark Walkom) #4

If you have defined a user in Shield, it doesn't look like you have used that user in your code;


#5

It seems like it is Spring data setting issue, the following key-value pair is not recognised and passed to ES:

spring.data.elasticsearch.properties.shield.user= es_admin:***

The following Java client works:

Settings settings = Settings.settingsBuilder()
        .put("cluster.name", clusterName)
        .put("shield.user", "es_admin:***").build();

TransportClient client = TransportClient.builder()
        .addPlugin(ShieldPlugin.class)
        .settings(settings)
        .build()
        .addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName("localhost"), 9300));

This No Node Available with Spring Data and Shield elastic cloud topic mentioned Spring data settings, but we use standalone ES.


#6

Error message:
Jan 16, 2017 5:53:35 PM org.springframework.data.elasticsearch.client.TransportClientFactoryBean buildClient
INFO: adding transport node : localhost:9300
Jan 16, 2017 5:56:52 PM org.springframework.data.elasticsearch.repository.support.AbstractElasticsearchRepository
SEVERE: failed to load elasticsearch nodes : org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [{#transport#-1}{127.0.0.1}{127.0.0.1:9300}]

I debugged into TransportClientFactoryBean buildClient(), the value for "shield.user" was passed in.
I suspect because the buildClient method does not have .addPlugin(ShieldPlugin.class), hence the shield user credentials were NOT passed to ES.

org.springframework.data.elasticsearch.client.TransportClientFactoryBean spring-data-elasticsearch:2.0.2.RELEASE


#7

Overriding default TransportClientFactoryBean made it work.

There is a Spring Data Elasticsearch Jira ticket for this Add plugins management on TransportClientFactoryBean


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.