[DO NOT USE - DEPRECATED as of v1.4.0] Advanced modules for the Open Distro security plugin; Merged into security repo.
Home Page: https://github.com/opendistro-for-elasticsearch/security-advanced-modules
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
I upgrade ES 7.0.1 -> 7.2.0 and OD 1.0.1 -> 1.2.0 and now get the following error when to start ES. I don't see any indicators pointing to a specific cause. Any pointers would be very much appreciated.
[2019-10-15T07:15:39,464][INFO ][o.e.e.NodeEnvironment ] [watcher_broseph] using [1] data paths, mounts [[/ (/dev/sda2)]], net usable_space [2.3tb], net total_space [2.6tb], types [ext4]
[2019-10-15T07:15:39,482][INFO ][o.e.e.NodeEnvironment ] [watcher_broseph] heap size [29.7gb], compressed ordinary object pointers [true]
[2019-10-15T07:15:39,688][INFO ][o.e.n.Node ] [watcher_broseph] node name [watcher_broseph], node ID [nz_rt_FFQr2IH6i8E0fnuQ], cluster name [watcher]
[2019-10-15T07:15:39,688][INFO ][o.e.n.Node ] [watcher_broseph] version[7.2.0], pid[36204], build[oss/deb/508c38a/2019-06-20T15:54:18.811730Z], OS[Linux/4.15.0-65-generic/amd64], JVM[Ubuntu/OpenJDK 64-Bit Server VM/11.0.4/11.0.4+11-post-Ubuntu-1ubuntu218.04.3]
[2019-10-15T07:15:39,688][INFO ][o.e.n.Node ] [watcher_broseph] JVM home [/usr/lib/jvm/java-11-openjdk-amd64]
[2019-10-15T07:15:39,689][INFO ][o.e.n.Node ] [watcher_broseph] JVM arguments [-Xms30g, -Xmx30g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-2708802334561830030, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy, -Dio.netty.allocator.type=pooled, -XX:MaxDirectMemorySize=16106127360, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=oss, -Des.distribution.type=deb, -Des.bundled_jdk=true]
[2019-10-15T07:15:40,575][INFO ][c.a.o.e.p.c.PluginSettings] [watcher_broseph] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true
[2019-10-15T07:15:40,772][INFO ][c.a.o.s.OpenDistroSecurityPlugin] [watcher_broseph] ES Config path is /etc/elasticsearch
[2019-10-15T07:15:40,941][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [watcher_broseph] OpenSSL OpenSSL 1.1.0j 20 Nov 2018 (269484207) available
[2019-10-15T07:15:41,049][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [watcher_broseph] JVM supports TLSv1.3
[2019-10-15T07:15:41,050][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [watcher_broseph] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively
[2019-10-15T07:15:41,080][ERROR][o.e.b.Bootstrap ] [watcher_broseph] Exception
java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) [elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.2.0.jar:7.2.0]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
... 15 more
Caused by: java.lang.NoClassDefFoundError: io/netty/internal/tcnative/SSLPrivateKeyMethod
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:423) ~[?:?]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:447) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:785) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLContext0(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLServerContext(DefaultOpenDistroSecurityKeyStore.java:746) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:338) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:151) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:194) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:212) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
... 15 more
Caused by: java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSLPrivateKeyMethod
at java.net.URLClassLoader.findClass(URLClassLoader.java:471) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:588) ~[?:?]
at java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:899) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:423) ~[?:?]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:447) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:785) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLContext0(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLServerContext(DefaultOpenDistroSecurityKeyStore.java:746) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:338) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:151) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:194) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:212) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
... 15 more
[2019-10-15T07:15:41,098][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [watcher_broseph] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.2.0.jar:7.2.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.2.0.jar:7.2.0]
Caused by: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]
... 6 more
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]
... 6 more
Caused by: java.lang.NoClassDefFoundError: io/netty/internal/tcnative/SSLPrivateKeyMethod
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:423) ~[?:?]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:447) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:785) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLContext0(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLServerContext(DefaultOpenDistroSecurityKeyStore.java:746) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:338) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:151) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:194) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:212) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]
... 6 more
Caused by: java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSLPrivateKeyMethod
at java.net.URLClassLoader.findClass(URLClassLoader.java:471) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:588) ~[?:?]
at java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:899) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:423) ~[?:?]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:447) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:785) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore$1.run(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLContext0(DefaultOpenDistroSecurityKeyStore.java:782) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.buildSSLServerContext(DefaultOpenDistroSecurityKeyStore.java:746) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:338) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:151) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:194) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:212) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]
... 6 more
I followed the instruction on
https://opendistro.github.io/for-elasticsearch-docs/docs/security/saml/
and configured config.yml to almost the same as the minimal configuration example on the page
and have added
opendistro_security.auth.type: "saml"
and
server.xsrf.whitelist: ["/opendistro_security/saml/acs", "/opendistro_security/saml/logout"]
to kibana.yml as well.
But I am getting the error :
SAML configuration error
Something went wrong while retrieving the SAML configuration, please check your settings.
What could be wrong? How do I get log4j to log the errors in com.amazon.dlic.auth.http.saml.HttpSamlAuthenticator.java? I already have the root logger in /etc/elasticsearch/log4j2.properties set to debug but I still don't see anything in /var/log/elasticsearch/elasticsearch.log
com.amazon.dlic.auth.http.jwt.keybyoidc.BadCredentialsException: Unknown kid J4j+I06r0I0vpYnBNucugV8xAPV5\/Xv4uYrrpwwSNK0=
at com.amazon.dlic.auth.http.jwt.keybyoidc.SelfRefreshingKeySet.getKeyWithKeyId(SelfRefreshingKeySet.java:118) ~[opendistro_security_advanced_modules-0.7.0.0.jar:0.7.0.0]
at com.amazon.dlic.auth.http.jwt.keybyoidc.SelfRefreshingKeySet.getKey(SelfRefreshingKeySet.java:58) ~[opendistro_security_advanced_modules-0.7.0.0.jar:0.7.0.0]
at com.amazon.dlic.auth.http.jwt.keybyoidc.JwtVerifier.getVerifiedJwtToken(JwtVerifier.java:41) ~[opendistro_security_advanced_modules-0.7.0.0.jar:0.7.0.0]
at com.amazon.dlic.auth.http.jwt.AbstractHTTPJwtAuthenticator.extractCredentials0(AbstractHTTPJwtAuthenticator.java:103)
I am getting this error, and it seems that the forward-slash in the kid is escaped wrong. The real kid should not have \/but rather just the /
Please consider releasing a dockerhub image of kibana with this plugin preinstalled. Alternatively, hosting the compiled plugin as a zipfile that can be installed directly by the elasticsearch-plugin binary would help tremendously for us non-Java devs.
I don't have a ready-built dev environment with Maven and all related tools to be able to compile this myself. Nor could I find explicit instructions on how to setup a dev environment and compile it; only how to build a new docker image with one more plugin installed. I'm sure it's easy for a java dev, and someone well-versed on these tools, but not for a data analyst or end user...
BTW, thanks for releasing this! I've been looking for a solution just like this. It's a shame that ElasticCo considers security an enterprise-only feature, not a necessary basic function.
We get exceptions when using Field Level Security and aggregations.
Here is the use-case:
When I run the following query
{
"stored_fields":"*",
"docvalue_fields":[
{
"field":"timestamp",
"format":"date_time"
}
],
"aggregations":{
"2":{
"terms":{
"field":"processName.keyword"
}
}
}
}
It runs fine with admin, but restricted user gets the following error:
{
"took": 59,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 1,
"skipped": 0,
"failed": 9,
"failures": [{
"shard": 0,
"index": "processes-active-idx-2019.04.25-000001",
"node": "khHAhpFEQT2hyCgClyfojQ",
"reason": {
"type": "no_such_element_exception",
"reason": "no_such_element_exception: No value present"
}
}, {
"shard": 0,
"index": "processes-completed-idx-2019.04.25-000001",
"node": "khHAhpFEQT2hyCgClyfojQ",
"reason": {
"type": "no_such_element_exception",
"reason": "no_such_element_exception: No value present"
}
}]
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
},
"aggregations": {
"2": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": []
}
}
}
Which corresponds to the following exception in Elasticsearch:
[2019-05-15T13:25:43,107][DEBUG][o.e.a.s.TransportSearchAction] [elastic-client-5d87cccdcb-kcpvz] [processes-completed-idx-2019.04.25-000001][4], node[khHAhpFEQT2hyCgClyfojQ], [P], s[STARTED], a[id=2LVtroVWRqaxnw29IQB5gg]: Failed to execute [SearchRequest{searchType=QUERY_THEN_FETCH, indices=[processes-*], indicesOptions=IndicesOptions[ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_aliases_to_multiple_indices=true, forbid_closed_indices=true, ignore_aliases=false, ignore_throttled=true], types=[], routing='null', preference='null', requestCache=false, scroll=null, maxConcurrentShardRequests=5, batchedReduceSize=512, preFilterShardSize=128, allowPartialSearchResults=true, source={"stored_fields":"*","docvalue_fields":[{"field":"timestamp","format":"date_time"}],"aggregations":{"2":{"terms":{"field":"processName.keyword","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_key":"asc"}]}}}}}]
org.elasticsearch.transport.RemoteTransportException: [elastic-data-0][10.1.29.246:9300][indices:data/read/search[phase/query]]
Caused by: org.elasticsearch.common.io.stream.NotSerializableExceptionWrapper: no_such_element_exception: No value present
at java.util.Optional.get(Optional.java:135) ~[?:1.8.0_212]
at com.amazon.opendistroforelasticsearch.security.configuration.DlsFlsFilterLeafReader.wrapSortedSetDocValues(DlsFlsFilterLeafReader.java:821) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.configuration.DlsFlsFilterLeafReader.getSortedSetDocValues(DlsFlsFilterLeafReader.java:810) ~[?:?]
at org.apache.lucene.index.DocValues.getSortedSet(DocValues.java:429) ~[lucene-core-7.6.0.jar:7.6.0 719cde97f84640faa1e3525690d262946571245f - nknize - 2018-12-07 14:44:20]
at org.elasticsearch.index.fielddata.plain.SortedSetDVBytesAtomicFieldData.getOrdinalsValues(SortedSetDVBytesAtomicFieldData.java:52) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.index.fielddata.ordinals.GlobalOrdinalsIndexFieldData$Atomic.getOrdinalsValues(GlobalOrdinalsIndexFieldData.java:135) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.support.ValuesSource$Bytes$WithOrdinals$FieldData.globalOrdinalsValues(ValuesSource.java:153) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.support.ValuesSource$Bytes$WithOrdinals.globalMaxOrd(ValuesSource.java:124) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.bucket.terms.TermsAggregatorFactory.getMaxOrd(TermsAggregatorFactory.java:215) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.bucket.terms.TermsAggregatorFactory.doCreateInternal(TermsAggregatorFactory.java:137) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.support.ValuesSourceAggregatorFactory.createInternal(ValuesSourceAggregatorFactory.java:59) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.AggregatorFactory.create(AggregatorFactory.java:216) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.AggregatorFactories.createTopLevelAggregators(AggregatorFactories.java:218) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.aggregations.AggregationPhase.preProcess(AggregationPhase.java:55) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.query.QueryPhase.execute(QueryPhase.java:112) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService.loadOrExecuteQueryPhase(SearchService.java:351) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:398) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService.access$100(SearchService.java:126) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService$2.onResponse(SearchService.java:360) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService$2.onResponse(SearchService.java:356) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.search.SearchService$4.doRun(SearchService.java:1117) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:759) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:41) ~[elasticsearch-6.6.2.jar:6.6.2]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-6.6.2.jar:6.6.2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_212]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_212]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_212]
The exceptions are raised from this code:
https://github.com/opendistro-for-elasticsearch/security-advanced-modules/blob/master/src/main/java/com/amazon/opendistroforelasticsearch/security/configuration/DlsFlsFilterLeafReader.java
If I remove the aggregations from the query, it runs fine with both users.
If I aggregate on the anonymized field state.keyword instead of processName.keyword, it also runs fine with both users.
Versions used:
Hi all am a newbie with docker, so when I attempted to create a docker-compose.yml file using the Sample Docker Compose File located at https://opendistro.github.io/for-elasticsearch-docs/docs/install/docker/ I got the following error:
support@guacamole-docker:~/open-distro-elasticsearch$ docker-compose up
ERROR: yaml.parser.ParserError: while parsing a block mapping
in "./docker-compose.yml", line 1, column 1
expected <block end>, but found '<scalar>'
in "./docker-compose.yml", line 1, column 14
The docker compose file I created is just a copy paste from https://opendistro.github.io/for-elasticsearch-docs/docs/install/docker/ (making sure the EOL was for Linux, which is our host)
support@guacamole-docker:~/open-distro-elasticsearch$ docker --version
Docker version 19.03.5, build 633a0ea838
support@guacamole-docker:~/open-distro-elasticsearch$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS"
NAME="Ubuntu"
VERSION="18.04.3 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.3 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
support@guacamole-docker:~/open-distro-elasticsearch$
Installed Elasticsearch using RPM following instructions from https://opendistro.github.io/for-elasticsearch-docs/docs/install/rpm/
Used JDK 8 and created link to tools.jar as described.
I get error when run systemctl status elasticsearch:
$ systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-03-13 05:07:18 UTC; 30min ago
Docs: http://www.elastic.co
Main PID: 6751 (java)
CGroup: /system.slice/elasticsearch.service
└─6751 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djav...
Mar 13 05:07:18 <my-server-addr> systemd[1]: Started Elasticsearch.
Mar 13 05:07:19 <my-server-addr> elasticsearch[6751]: java.security.policy: error adding Entry:
Mar 13 05:07:19 <my-server-addr> elasticsearch[6751]: java.net.MalformedURLException: unknown protocol: jrt
Mar 13 05:07:19 <my-server-addr> elasticsearch[6751]: java.security.policy: error adding Entry:
Mar 13 05:07:19 <my-server-addr> elasticsearch[6751]: java.net.MalformedURLException: unknown protocol: jrt
Also, when I try to send request to verify that elasticsearch is up and running I get Connection refused:
$ curl -XGET https://localhost:9200 -u admin:admin --insecure
curl: (7) Failed connect to localhost:9200; Connection refused
I tried on 2 different instances on AWS, CentOS 7 with 8 GB RAM.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.