Shield installation problem

security

(Jason Zheng) #1

Hi there,

first time to try to install shield to elasticsearch, I used elasticsearch RPM to install elasticsearch, and then I install shield by this page steps (https://www.elastic.co/guide/en/shield/current/installing-shield.html#offline-install)

but when I'd restart elasticsearch, I found errors in logs, the content shown,

[2015-08-03 15:07:09,061][INFO ][node                     ] [elknode] version[1.6.0], pid[31829], build[cdd3ac4/2015-06-09T13:36:34Z]
[2015-08-03 15:07:09,062][INFO ][node                     ] [elknode] initializing ...
[2015-08-03 15:07:09,089][INFO ][plugins                  ] [elknode] loaded [shield], sites []
[2015-08-03 15:07:09,173][INFO ][env                      ] [elknode] using [1] data paths, mounts [[/ (/dev/mapper/vg_elkoin1-lv_root)]], net usable_space [40.5gb], net total_space [44.7gb], types [ext4]
[2015-08-03 15:07:09,240][ERROR][bootstrap                ] Exception
org.elasticsearch.ElasticsearchIllegalStateException: shield plugin requires the license plugin to be installed
        at org.elasticsearch.shield.license.LicenseModule.verifyLicensePlugin(LicenseModule.java:46)
        at org.elasticsearch.shield.license.LicenseModule.<init>(LicenseModule.java:33)
        at org.elasticsearch.shield.ShieldModule.spawnModules(ShieldModule.java:55)
        at org.elasticsearch.shield.support.AbstractShieldModule$Spawn.spawnModules(AbstractShieldModule.java:57)
        at org.elasticsearch.common.inject.ModulesBuilder.add(ModulesBuilder.java:44)
        at org.elasticsearch.common.inject.ModulesBuilder.add(ModulesBuilder.java:46)
        at org.elasticsearch.node.internal.InternalNode.<init>(InternalNode.java:177)
        at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:159)
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:77)
        at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:245)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)

Seems I miss something to install like license? but I don't find out elasticsearch/license, any idea?

btw, I have 2 elasticsearch node (1master 1node), if I enable shield on elasticsearch master to protect elasticsearch, do I set anything on elasticsearch node?

Jason


(Mark Walkom) #2

Yes you need the license plugin as well as the Shield one, you can get that with wget https://download.elastic.co/elasticsearch/license/license-1.0.0.zip.

Shield does need to be installed on all nodes in the cluster, this includes master, data and client nodes.


(Jason Zheng) #3

Hi Mark,

Thanks very much, it works fine

So the access control tools like Shield, which is production level tool? Only can be used 30 days in trial edition? if it expired later and I didn't update the license, does not it work normally or shall I remove Shield plugin?

Jason


(Mark Walkom) #4

The trial is only for 30 days, yes. If it expires then we restrict access to certain APIs but you can still access your data.


(Steve Kearns) #5

Hi Jason,

To be clear, we outline the full behavior in our docs here [1]. While we do restrict access to the health and stats APIs if your Shield license expires, the search and indexing APIs continue to operate and we do not disable your security settings. If you need a trial license extension, just send an email to info@elastic.co and we can send you one.

Thanks,
Steve

[1] https://www.elastic.co/guide/en/shield/current/license-management.html#license-expiration


(Jason Zheng) #6

Hi Steve,

After the license expired,

$curl -u es_admin:iiiiii 'http://localhost:9200/_cat/indices?v'
{"error":"LicenseExpiredException[license expired for feature [shield]]","status":401}

as you said, the indexing APIs continue to operate, but it seems to doesn't work??

How should I keep my elasticsearch work normally if I don't want to extend license?

Jason


(Mark Walkom) #7

You either need to subscribe to one of our support offerings to get a full license for Shield, or uninstall it from your nodes.


(Jason Zheng) #8

Hi Mark,

How to remove license plugin? I cannot found it on https://www.elastic.co/guide/en/shield/current/license-management.html

Jason


(Mark Walkom) #9

sudo bin/plugin -r shield sudo bin/plugin -r license

I'll make a note to get that documented :slight_smile:


(Jason Zheng) #10

Hi Mark,

Thanks, it can be work now

Jason


(system) #11