I am trying to enable security for my ES cloud. I am following these instructions:
https://www.elastic.co/guide/en/elasticsearch/reference/7.5/configuring-security.html
and I am stuck at point 6. When I try to run bin/elasticsearch-setup-passwords interactive I got error:
Failed to determine the health of the cluster running at http://XXX:9200
Unexpected response code [503] from calling GET http://XXX:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]
I try to check my ES instance state:
curl http://XXX:9200/_cluster/health?pretty
and get
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status" : 401
}
So, looks like I cant setup a password because I can`t authenticate :) ?
Here is the official doc for setting up security for Elasticsearch
step 1:
cd /usr/share/elasticsearch/
step 2:
sudo bin/elasticsearch-setup-passwords auto
or
sudo bin/elasticsearch-setup-passwords interactive
auto - Uses randomly generated passwords interactive - Uses passwords
entered by a user
The above commands can help you to setup password
The following worked for me in Windows.
Ensure elastic node is up and running. In a separate prompt, from elasticsearch/bin, run the below command
elasticsearch-setup-passwords auto -u "http://localhost:9200"
Elastic will ask you for proceeding with the setup of auto generated password. Once you proceed with yes, you will be provide with the password for elastic/kibana/beats etc.
After some research I found that the Magento stores the credential in an XML file and it can be found in base directory:
+\magento\vendor\magento\module-elasticsearch-7\etc\config.xml. Please update your elastic password instead of XXXXXX and also in case you have chosen a different version of elastic, the location would be different.
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
<default>
<catalog>
<search>
<engine>elasticsearch7</engine>
<elasticsearch7_server_hostname>localhost</elasticsearch7_server_hostname>
<elasticsearch7_server_port>9200</elasticsearch7_server_port>
<elasticsearch7_index_prefix>magento2</elasticsearch7_index_prefix>
<elasticsearch7_enable_auth>1</elasticsearch7_enable_auth>
<elasticsearch7_username>elastic</elasticsearch7_username>
<elasticsearch7_password>XXXXXXXXXXX</elasticsearch7_password>nfog
<elasticsearch7_server_timeout>15</elasticsearch7_server_timeout>
<elasticsearch7_minimum_should_match/>
</search>
</catalog>
</default>
</config>
for the windows run the elk in cmd
open other cmd and past the command where the elk in folder
bin/elasticsearch-setup-passwords auto
Related
Problem statement: In strapi sometimes it is giving 403 error while getting content manager What will be the issue?
System Information
Strapi Version : Strapi 4
Operating System : Windows
Database : MySQL
Node Version : 16.15.1
NPM Version : 8.11.0
#strapi #strapi 4.0.5
Make sure the endpoint is either public or your authenticating as a user with a role that has sufficient permissions.
When I click "Set Me Up" in Artifactory is generates a gradle.properties file something like this:
artifactory_user=my_artifactory_user
artifactory_password=WAklvc9LXWDsVcoVILbKyebkQG5uBxos6rIrmi8HjMTB3xicLJbxstmEQwRwIoGN6pBnK3T91I
artifactory_contextUrl=https://artifactory.company.com/artifactory
However, when I run ./gradlew artifactoryDeploy I get this error:
> Task :artifactoryDeploy FAILED
Could not build the build-info object.
org.jfrog.build.util.VersionException: Error occurred while requesting version information: Response message: {
"errors" : [ {
"status" : 401,
"message" : "Bad credentials"
} ]
}
...
stacktrace
...
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':artifactoryDeploy'.
> java.io.IOException: Could not publish build-info: Error occurred while requesting version information: Response message: {
"errors" : [ {
"status" : 401,
"message" : "Bad credentials"
} ]
}
I'm confused because Artifactory is generating this encrypted password but the docs use an example with plain text.
https://www.jfrog.com/confluence/display/JFROG/Working+With+Gradle#WorkingwithGradle-ConfiguringGradle
Is the artifactory_password supposed to be encrypted like this or is it supposed to be plain text?
The artifactory_password parameter can be used for:
clear text passwords
encrypted passwords
API key
If you are getting a Bad credentials error, one of the possible reasons is using an encrypted password when Artifactory is configured with Password Encryption Policy set to Unsupported (not respecting encrypted passwords).
A few things you can do to debug this issue:
Verify the Password Encryption Policy is set to Supported or Required (requires admin) in Administration -> Security -> Settings
Test the user and password by trying to call the REST API using a client such a cURL. Make sure you use an API method which requires and authenticated user
I am on Ubuntu 20.04
The para jar is running.
I have followed the "Quick Start" steps in Erudika Para Github repo
At the step to run para-cli setup.
I am prompted for Para Access Key.
I am prompted for Para Secret Key.
I am prompted for Para Endpoint to which http://localhost:8080 is answered.
The file /home/ace/.config/para-cli-nodejs/config.json is generated and looks fine.
It matches the accessKey and secretKey from the previously executed curl command to http://localhost:8080/v1/_setup
The problem is para-cli setup ends with:
✔ New JWT generated and saved in
/home/ace/.config/para-cli-nodejs/config.json
✖ Connection failed. Run
"para-cli setup" or check the configuration file
/home/ace/.config/para-cli-nodejs/config.json
I am now stuck. Why is the connection failing?
This is the content of the config.json (this is a test app so secret key is not really secret)
{
"accessKey": "app:para",
"secretKey": "mMEzD6pTGhqbt8n4n3UMTBl1dH9dWTsK6KDThiDFyeLJLzrnRKXCug==",
"endpoint": "http://localhost:8080",
"jwt": "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1OTUwNDk0MDksImlhdCI6MTU5NDQ0NDYwOSwibmJmIjox>
}
This is the output of the initially run curl http://localhost:8080/v1/_setup
{
"accessKey" : "app:para",
"message" : "Save these keys - they are shown only once!",
"secretKey" : "mMEzD6pTGhqbt8n4n3UMTBl1dH9dWTsK6KDThiDFyeLJLzrnRKXCug=="
}
Make sure that your Para server is running and accessible from the machine you run para-cli on. Sometimes when your database is not configured properly the initialization of the root app is not persisted and the secret key you get changes each time you call curl http://localhost:8080/v1/_setup. Open http://localhost:8080/v1/_setup and make sure you see "All set!".
Use para-cli ping to test the connection to your Para server before creating a new app.
I am trying to import a mysql table from mysql server to elasticsearch on my MAC OSX Mavericks.
I have installed elasticsearch 1.3.1 with homebrew
Installed jdbc-river 1.3.0.4 with elasticsearch plugin --install
Installed jdk 1.7.0_67
Downloaded mysql-connector-java-5.1.28-bin.jar into
$ES_HOME/plugins/jdbc (I had to create the folders 'plugins' and
'jdbc' myself) and gave chmod 777 permission for the .jar file.
Then I ran ./bin/elasticsearch and called this command in postman in order to create a river:
PUT request.
URL: localhost:9200/_river/my_jdbc_river/_meta
Raw data:
{
"type" : "jdbc",
"jdbc" : {
"url" : "jdbc:mysql://localhost:3306/<databaseName>",
"user" : "<MysqlUserName>",
"password" : "<MysqlUserPass",
"sql" : "select * from <TableName>"
}
}
And I received the following error in the elasticsearch log in the terminal:
[2014-08-26 15:38:39,300][ERROR][org.xbib.elasticsearch.river.jdbc.strategy.simple.SimpleRiverSource] while opening read connection: jdbc:mysql://localhost:3306/xcollector No suitable driver found for jdbc:mysql://localhost:3306/xcollector
java.sql.SQLException: No suitable driver found for jdbc:mysql://localhost:3306/xcollector
at java.sql.DriverManager.getConnection(DriverManager.java:596)
at java.sql.DriverManager.getConnection(DriverManager.java:215)
at org.xbib.elasticsearch.river.jdbc.strategy.simple.SimpleRiverSource.getConnectionForReading(SimpleRiverSource.java:196)
at org.xbib.elasticsearch.river.jdbc.strategy.simple.SimpleRiverSource.execute(SimpleRiverSource.java:315)
at org.xbib.elasticsearch.river.jdbc.strategy.simple.SimpleRiverSource.fetch(SimpleRiverSource.java:287)
at org.xbib.elasticsearch.plugin.feeder.jdbc.JDBCFeeder.fetch(JDBCFeeder.java:335)
at org.xbib.elasticsearch.plugin.feeder.jdbc.JDBCFeeder.executeTask(JDBCFeeder.java:179)
at org.xbib.elasticsearch.plugin.feeder.AbstractFeeder.newRequest(AbstractFeeder.java:362)
at org.xbib.elasticsearch.plugin.feeder.AbstractFeeder.newRequest(AbstractFeeder.java:53)
at org.xbib.pipeline.AbstractPipeline.call(AbstractPipeline.java:87)
at org.xbib.pipeline.AbstractPipeline.call(AbstractPipeline.java:14)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
I have followed many posts in google to try and find the cause of the problem, does anyone have any idea what I am missing?
And if anyone knows if this procedure can be more automatic to deploy like having some kind of package manager (like npm for node.js).
Thanks in advance,
So the clue to your problem is that you had to create the folders "plugins" and "jdbc" in step 4. Both of those folders are created when you install the mysql river plugin. I can see that the mysql river plugin installed correctly in your error message - it's running but it is unable to find the jdbc driver.
Look on your drive for the correct folder - $ES_HOME should have the following folders in it:
bin
config
data
lib
logs
plugins
If it does not then $ES_HOME is set incorrectly. Copy your jdbc driver as directed into the correct folder and you should be able to resolve this problem.
I'm trying to make the new relic elastic search plugin work, the following is the website of the author:
New Relic Plug in Github
I've followed all the instructions and even see that the plugin has been installed succesfuly when I run in my server the command
'curl -XGET http://localhost:9200/_newrelic?pretty'
, I even get the response that should confirm everything has installed just fine:
' {
"configuration" : {
"agents" : {
"http" : true,
"pool" : true,
"transport" : true,
"fs" : true,
"indices" : true,
"network" : true
},
"refreshInterval" : 10
}
}'
However, when I log to my newrelic account not a single statistic is shown, either for JVM or whatsoever, nor I see the indices being monitored.
Has anyone encountered this problem before? PS: ElasticSearch is not running as a service and I DO have the new relic java agent properly installed. Also I have configured bin/elasticsearch.in.sh as it should be.
Thanks in advance!
JM.