2

I am trying out Shield as a security measure for my Kibana and Elasticsearch. Running on Mac OS X 10.9.5

Followed the documentation from Elastic. Managed to install Shield. Since my Elasticsearch is running automatically, I skipped step 2(start elasticsearch).

For step 3, I tried adding an admin. Ran this following command on my terminal. bin/shield/esusers useradd admin -p password -r admin.

Unfortunately I'm getting this error.

Error: Could not find or load main class org.elasticsearch.shield.authc.esusers.tool.ESUsersTool

Below are the additional steps I took.

  1. Double checked that the bin/shield esusers path existed and all.
  2. Manually starting elasticsearch before adding users
  3. Tried a variety of different commands based on the documentation. bin/shield/esusers useradd admin -r admin and bin/shield/esusers useradd es_admin -r admin
  4. Ran those commands with sudo

Same error generated. Can't seem to find the problem on google as well. Not really sure what I'm missing here as the documentation seems pretty straightforward.

Andrei Stefan
  • 51,654
  • 6
  • 98
  • 89
ChickenWing24
  • 205
  • 3
  • 12
  • 1
    Did you restart the nodes after install? Also, did you install on **all** nodes? – Andrei Stefan Jul 03 '15 at 08:50
  • @AndreiStefan, I'm trying this on my local machine, so only one node. I did not restart my nodes, should I do that before I add a new user ?? – ChickenWing24 Jul 03 '15 at 08:53
  • 1
    You should restart the node because new Java classes were added to it and the JVM behind Elasticsearch needs to reload those classes. It can only do that if you restart it. That's the reasoning. – Andrei Stefan Jul 03 '15 at 09:36
  • @AndreiStefan I can't seem to find it anywhere on how to restart the nodes. Mind pointing me to the right direction? Sorry, I'm kinda new to this. – ChickenWing24 Jul 03 '15 at 11:03
  • Kill the process, start it up again :-). Or `curl -XPOST "http://localhost:9200/_shutdown"` – Andrei Stefan Jul 03 '15 at 11:07
  • @AndreiStefan thank you. I think the problem was caused because of me not restarting my nodes. Not too sure though why now it's giving me an authentication error. Tried the username and password I used when adding the admin, not working. – ChickenWing24 Jul 03 '15 at 11:55
  • @AndreiStefan if you add your solution as an answer, I'll accept it since it did solve my original question. – ChickenWing24 Jul 03 '15 at 11:56
  • Done, but you can add another post with the details related to the username password not working, if you don't see a solution. – Andrei Stefan Jul 03 '15 at 12:08

1 Answers1

3

You must restart the node because new Java classes were added to it (from the Shield plugin) and the JVM behind Elasticsearch needs to reload those classes. It can only do that if you restart it.

Kill the process and start it up again, or use curl -XPOST "http://localhost:9200/_shutdown" to shut the cluster down.

Also, the Shield plugin needs to be installed on all the nodes in the cluster.

Andrei Stefan
  • 51,654
  • 6
  • 98
  • 89