Shield not respecting CONF_DIR

Jakauppila · April 1, 2016, 3:58am

So I'm running Elasticsearch on Windows and I am separating the Elasticsearch node configuration from Elasticsearch itself with the following structure:

D:\elasticsearch\elasticsearch-2.3.0\

This is where Elasticsearch lives and we utilize the \plugins directory since they're version-specific.

D:\elasticsearch\elasticsearch-node\

Within here, we use \config, \data, \logs, and \work

I am configuring the following environment variables on the server:

setx JAVA_HOME "D:\java\jre8"
setx DATA_DIR "D:\elasticsearch-node\data"
setx LOG_DIR "D:\elasticsearch-node\logs"
setx CONF_DIR "D:\elasticsearch-node\config"
setx ES_MIN_MEM "8g"
setx ES_MAX_MEM "8g"

When installing Shield, it is tossing the /shield configuration folder within D:\elasticsearch\elasticsearch-2.3.0\config rather than my defined D:\elasticsearch-node\config as overridden with the environment variable.

It appears that Elasticsearch itself is looking for the Shield configuration within %CONF_DIR%, but when running esusers to add an initial admin, it is getting written to D:\elasticsearch\elasticsearch-2.3.0\config

I believe to correct this, you would just need to check for the environment variable and add an additional value to the ES_PARAMS within .in.bat for Shield.

if "%CONF_DIR%" == "" set CONF_DIR=%ES_HOME%\config

set ES_PARAMS=-Des.path.home="%ES_HOME%" -Des.default.path.conf="%CONF_DIR%"

Baboune · April 1, 2016, 9:42am

Hi,

On linux, the user running "esusers" commands seem to matter. When the user has the wrong access right, then the error message points to a faulty directory error like:

ERROR: The configuration directory [/etc/elasticsearch/shield] does not exist. The esusers tool expects Shield configuration files in that location.
The plugin may not have been installed with the correct configuration path. If [/usr/share/elasticsearch/config/shield] exists, please copy the shield directory to [/etc/elasticsearch]

Changing user to an admin level user like root, then the message disappears.

See Shield Authentication Error - #8 by Baboune

But yes it seems shield ignores where the rest of the CONFIG_DIR is and elects its own location, /etc/elasticsearch on linux.

jaymode · April 5, 2016, 11:13am

Thank you for the feedback on the issues you've found with the esusers tool. I have opened issues for both problems

geekpete · July 14, 2016, 6:06am

Hi Jay,

Did you have github links for those issues?

Thanks.

Topic		Replies	Views
Shield config locations confusion Elasticsearch elastic-stack-security	3	1106	July 6, 2017
ES_PATH_CONF problem Elasticsearch	4	2386	September 4, 2018
Elasticsearch throw an exception unknown setting [path.conf] when start Elasticsearch	3	2051	May 22, 2019
ES_PATH_CONF not considered in 6.2 Elasticsearch	3	904	April 24, 2018
Permission to elasticsearch config directory Elasticsearch elastic-stack-security	3	5581	May 8, 2020

Shield not respecting CONF_DIR

Related Topics