Shield installation problem

Jason_Zheng · August 3, 2015, 7:40am

Hi there,

first time to try to install shield to elasticsearch, I used elasticsearch RPM to install elasticsearch, and then I install shield by this page steps (https://www.elastic.co/guide/en/shield/current/installing-shield.html#offline-install)

but when I'd restart elasticsearch, I found errors in logs, the content shown,

[2015-08-03 15:07:09,061][INFO ][node                     ] [elknode] version[1.6.0], pid[31829], build[cdd3ac4/2015-06-09T13:36:34Z]
[2015-08-03 15:07:09,062][INFO ][node                     ] [elknode] initializing ...
[2015-08-03 15:07:09,089][INFO ][plugins                  ] [elknode] loaded [shield], sites []
[2015-08-03 15:07:09,173][INFO ][env                      ] [elknode] using [1] data paths, mounts [[/ (/dev/mapper/vg_elkoin1-lv_root)]], net usable_space [40.5gb], net total_space [44.7gb], types [ext4]
[2015-08-03 15:07:09,240][ERROR][bootstrap                ] Exception
org.elasticsearch.ElasticsearchIllegalStateException: shield plugin requires the license plugin to be installed
        at org.elasticsearch.shield.license.LicenseModule.verifyLicensePlugin(LicenseModule.java:46)
        at org.elasticsearch.shield.license.LicenseModule.<init>(LicenseModule.java:33)
        at org.elasticsearch.shield.ShieldModule.spawnModules(ShieldModule.java:55)
        at org.elasticsearch.shield.support.AbstractShieldModule$Spawn.spawnModules(AbstractShieldModule.java:57)
        at org.elasticsearch.common.inject.ModulesBuilder.add(ModulesBuilder.java:44)
        at org.elasticsearch.common.inject.ModulesBuilder.add(ModulesBuilder.java:46)
        at org.elasticsearch.node.internal.InternalNode.<init>(InternalNode.java:177)
        at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:159)
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:77)
        at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:245)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)

Seems I miss something to install like license? but I don't find out elasticsearch/license, any idea?

btw, I have 2 elasticsearch node (1master 1node), if I enable shield on elasticsearch master to protect elasticsearch, do I set anything on elasticsearch node?

Jason

warkolm · August 3, 2015, 7:47am

Yes you need the license plugin as well as the Shield one, you can get that with wget https://download.elastic.co/elasticsearch/license/license-1.0.0.zip.

Shield does need to be installed on all nodes in the cluster, this includes master, data and client nodes.

Jason_Zheng · August 3, 2015, 9:36am

Hi Mark,

Thanks very much, it works fine

So the access control tools like Shield, which is production level tool? Only can be used 30 days in trial edition? if it expired later and I didn't update the license, does not it work normally or shall I remove Shield plugin?

Jason

warkolm · August 3, 2015, 10:25am

The trial is only for 30 days, yes. If it expires then we restrict access to certain APIs but you can still access your data.

skearns · August 3, 2015, 6:24pm

Hi Jason,

To be clear, we outline the full behavior in our docs here [1]. While we do restrict access to the health and stats APIs if your Shield license expires, the search and indexing APIs continue to operate and we do not disable your security settings. If you need a trial license extension, just send an email to info@elastic.co and we can send you one.

Thanks,
Steve

[1] https://www.elastic.co/guide/en/shield/current/license-management.html#license-expiration

Jason_Zheng · October 15, 2015, 4:23am

Hi Steve,

After the license expired,

$curl -u es_admin:iiiiii 'http://localhost:9200/_cat/indices?v'
{"error":"LicenseExpiredException[license expired for feature [shield]]","status":401}

as you said, the indexing APIs continue to operate, but it seems to doesn't work??

How should I keep my elasticsearch work normally if I don't want to extend license?

Jason

warkolm · October 15, 2015, 4:29am

You either need to subscribe to one of our support offerings to get a full license for Shield, or uninstall it from your nodes.

Jason_Zheng · October 15, 2015, 4:31am

Hi Mark,

How to remove license plugin? I cannot found it on https://www.elastic.co/guide/en/shield/current/license-management.html

Jason

warkolm · October 15, 2015, 4:38am

sudo bin/plugin -r shield sudo bin/plugin -r license

I'll make a note to get that documented

Jason_Zheng · October 15, 2015, 7:43am

Hi Mark,

Thanks, it can be work now

Jason

Topic		Replies	Views
Installing shield issies Elasticsearch elastic-stack-security	2	912	July 6, 2017
Shield license installation error Elasticsearch elastic-stack-security	3	1219	July 6, 2017
Shield Install failing? Elasticsearch elastic-stack-security	3	1678	July 6, 2017
Problem in Installing the Shield plugin Elasticsearch elastic-stack-security	11	1897	July 6, 2017
Error installing Shield plugin Elasticsearch elastic-stack-security	16	1975	December 25, 2016

Shield installation problem

Related topics