Reputation: 1527
ELK - Shield auth problems
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
Upvotes: 2
Views: 1340
Answers (2)
Reputation: 1231
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/ to /etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/
Upvotes: 1
Reputation: 51
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Upvotes: 5
Related Questions
- Logstash Elasticsearch output gives 401 error
- Elasticsearch Shield Plugin - Users can not be authenticated, even users with Admin Privileges
- Kibana not working after removing shield plugin
- How to solve [ plugin:elasticsearch Authentication Exception ] in elasticsearch using shield
- Trying Elasticsearch with Shield to kibana dashboard Getting Error?
- Kibana fails to start with Shield configured over HTTP
- Logstash not writing to Elasticsearch with Shield
- Upgrading Elasticsearch 2.1.1 to 2.2.0 - missing authentication token?
- Installing and Configuring Shield for Elasticsearch
- Active Directory AuthorizationException in elastic search