Shield problems "Transport response handler not found"

security

(Sergiolr100) #1

Hello everyone,

I have a problem with the Shield installation when I upgrade to 2.4.0. I follow this link: https://www.elastic.co/guide/en/shield/current/getting-started.html but when I submit a request without a username and password, my request is ACCEPTED.

My cluster nodes configuration is:

cluster.name: msocESClus
node.name: ${HOSTNAME}
bootstrap.memory_lock: true
network.host: ["172.26.11.31", "127.0.0.1"]
discovery.zen.ping.unicast.hosts: ["msocel01", "msocel02", "msocel03", "msocel04", "msocel05"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.multicast.enabled: false
action.auto_create_index: true
index.routing.allocation.enable: all

When I check the ES logs, I can find this:
.... Using [org.elasticsearch.http.netty.NettyHttpServerTransport] as http transport, overridden by [shield] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield] .... [WARN ][shield.transport ] [msocel01] Transport response handler not found of id [229] [WARN ][shield.transport ] [msocel01] Transport response handler not found of id [387] ....
This warning are similar to the ticket: Upgraded from ES2.3.5 to 2.4.0, seeing: Transport response handler not found of id

All the nodes in my cluster have ES 2.4.0 with the last license and shield plugins.
If a remove the discovery.zen.ping.unicast.hosts: ["msocel01", "msocel02", "msocel03", "msocel04", "msocel05"] Shield works correctly but I lost my cluster...

Info: My logstash and beats are down, when I see this logs.

Anybody know what is happening?

Thanks!


(Jay Modi) #2

Do you have a license installed in the cluster or are you using a trial license? You can check by issuing a GET /_license and seeing what that returns


(Sergiolr100) #3

Hello Jay,

yes I have, I installed in all the ES nodes. This is the output:

curl -XGET 'http://localhost:9200/_license'
{
  "license" : {
    "status" : "active",
    "uid" : "xxxxx",
    "type" : "basic",
    "issue_date" : "xxxxx",
    "issue_date_in_millis" : xxxxx,
    "expiry_date" : "xxxxx",
    "expiry_date_in_millis" : xxxxx,
    "max_nodes" : 100,
    "issued_to" : "Sergio",
    "issuer" : "Web Form"
  }
}

(Jay Modi) #4

The basic license does not allow the use of shield. I suggest sending a email to info@elastic.co to request an trial license that will allow you to evaluate shield.


(Sergiolr100) #5

Thanks Jay,

and I am sorry, I though that basic license allow shield and marvel. I just checked here https://www.elastic.co/subscriptions your answer.

Regards.


(system) #6