I have multiple instances of Elasticsearch on the same server.
I have signed my certificate with my own CA. i have created on keystore by ES instance, and in this keystore i have the root certificate, my private key, and may signed certificate.
I also had to copy the shield directory on each ES instance and make sure it had the propers rights and owner.
when i start my node i have the following error:
[2016-03-24 15:37:28,412][ERROR][shield.transport.netty ] [uat-node01] SSL/TLS handshake failed, closing channel: General SSLEngine problem
Is there a caused by exception in the stacktrace? The general problem could mean a lot of different things and usually the root cause is much more helpful.
We juste try to install shield following your documentation (part installing shield), We had plan to use native user authentification in a first time.
Then we created an user.
And after all these steps, we had no restriction to access to our cluster. So we try to search during 3 days and the next weeks we decides to stop the installation of shield for the moment.
I have uninstall shield for the moment but when i will have a little time i could retry the installation and share our issues with you.
Are you using a license already, maybe for Marvel? If so and it is a basic license, shield will not protect the cluster. You can request a trial license extension from info@elastic.co
I update the license, and i have done all the first stap of the installation.
I still have a problem of authentication.
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [es_admin] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"shield\""}}],"type":"security_exception","reason":"unable to authenticate user [es_admin] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"shield\""}},"status":401}
I think shield can't work with multi ES node on the same server by default.
My architecture is composed of 3 servers. There are 4 nodes on each servers.
The error occurred when i create the es_admin user on my second server.
Can you provide more details about both installations? (multiple node and single node). This includes versions, how you installed (rpm/deb/tar/zip), custom configuration path, etc
I have 3 servers, the OS is CentOS 7 (v 7.2.1511).
Each server contains 4 nodes ES (v 2.2.0). 1 node is a client node, 1 node is a master node and the two others are data nodes. Each server contains also 1 redis-server (v2.8.19), logstash (v 2.2.0) and Kibana (v 4.4.0). I use keepalived to provide loadbalancing.
So i have 3 client nodes, 3 master nodes and 6 data nodes.
I installed my nodes with rpm.
For Elasticsearch the rpm commande create the directory "/etc/elasticsearch". I copied this directory in multiple directory to create each node.
To start each nodes separately, i copied the original systemd file to create 4 systemd files for each node in "/usr/lib/systemd/system/". And i changed paths to point to the correct node configuration files.
I also copied the "/etc/sysconfig/elasticsearch" file in 4 files, one for each node. And i changed the different path to point to the correct node configuration directory.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
