API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 24th, 2019
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Apache Log 15.45 KB | None | 0 0
raw download clone embed print report
  1. OpenDistro for Elasticsearch Security Demo Installer
  2.  ** Warning: Do not use on production or public reachable systems **
  3. Basedir: /usr/share/elasticsearch
  4. Elasticsearch install type: rpm/deb on CentOS Linux release 7.6.1810 (Core)
  5. Elasticsearch config dir: /usr/share/elasticsearch/config
  6. Elasticsearch config file: /usr/share/elasticsearch/config/elasticsearch.yml
  7. Elasticsearch bin dir: /usr/share/elasticsearch/bin
  8. Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
  9. Elasticsearch lib dir: /usr/share/elasticsearch/lib
  10. Detected Elasticsearch Version: x-content-6.5.4
  11. Detected Open Distro Security Version: 0.7.0.0
  12.  
  13. ### Success
  14. ### Execute this script now on all your nodes and then start all nodes
  15. ### Open Distro Security will be automatically initialized.
  16. ### If you like to change the runtime configuration
  17. ### change the files in ../securityconfig and execute:
  18. "/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh" -cd "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig" -icl -key "/usr/share/elasticsearch/config/kirk-key.pem" -cert "/usr/share/elasticsearch/config/kirk.pem" -cacert "/usr/share/elasticsearch/config/root-ca.pem" -nhnv
  19. ### or run ./securityadmin_demo.sh
  20. ### To use the Security Plugin ConfigurationGUI
  21. ### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
  22. ### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
  23. OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and
  24. will likely be removed in a future release.
  25. [2019-04-24T15:01:31,760][INFO ][o.e.e.NodeEnvironment    ] [-OP4cai] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/sda1)]], net usable_space [45.6gb], net total_space [58.8gb], types [ext4]
  26. [2019-04-24T15:01:31,784][INFO ][o.e.e.NodeEnvironment    ] [-OP4cai] heap size [494.9mb], compressed ordinary object pointers [true]
  27. [2019-04-24T15:01:31,852][INFO ][o.e.n.Node               ] [-OP4cai] node name derived from node ID [-OP4cai5QvGVxLbXCX3Lbw]; set [node.name] to override
  28. [2019-04-24T15:01:31,858][INFO ][o.e.n.Node               ] [-OP4cai] version[6.5.4], pid[1],
  29. build[oss/tar/d2ef93d/2018-12-17T21:17:40.758843Z], OS[Linux/4.9.125-linuxkit/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/11.0.1/11.0.1+13]
  30. [2019-04-24T15:01:31,858][INFO ][o.e.n.Node               ] [-OP4cai] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.9Ylj2TIn, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Des.cgroups.hierarchy.override=/, -Xms512m, -Xmx512m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=oss, -Des.distribution.type=tar]
  31. [2019-04-24T15:01:33,503][INFO ][c.a.o.e.p.c.PluginSettings] [-OP4cai] loading config ...
  32. [2019-04-24T15:01:33,505][INFO ][c.a.o.e.p.c.PluginSettings] [-OP4cai] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1
  33. [2019-04-24T15:01:33,884][INFO ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] ES Config path is /usr/share/elasticsearch/config
  34. [2019-04-24T15:01:33,968][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSL
  35. [2019-04-24T15:01:34,175][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] JVM supports TLSv1.3
  36. [2019-04-24T15:01:34,176][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] Config directory is /usr/share/elasticsearch/config/, from there the key- and truststore files are resolved relatively
  37. [2019-04-24T15:01:34,750][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] TLS Transport Client Provider : JDK
  38. [2019-04-24T15:01:34,750][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] TLS Transport Server Provider : JDK
  39. [2019-04-24T15:01:34,750][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] TLS HTTP Provider             : JDK
  40. [2019-04-24T15:01:34,750][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
  41. [2019-04-24T15:01:34,750][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [-OP4cai] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2, TLSv1.1]
  42. [2019-04-24T15:01:35,122][INFO ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] Clustername: odfe-cluster
  43. [2019-04-24T15:01:35,173][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] Directory /usr/share/elasticsearch/config has insecure file permissions (should be 0700)
  44. [2019-04-24T15:01:35,174][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/elasticsearch.yml has insecure file permissions (should be 0600)
  45. [2019-04-24T15:01:35,174][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/log4j2.properties has insecure file permissions (should be 0600)
  46. [2019-04-24T15:01:35,174][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/esnode-key.pem has insecure file permissions (should be 0600)
  47. [2019-04-24T15:01:35,175][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/root-ca.pem has insecure file permissions (should be 0600)
  48. [2019-04-24T15:01:35,175][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/esnode.pem has insecure file permissions (should be 0600)
  49. [2019-04-24T15:01:35,175][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/kirk.pem has insecure file permissions (should be 0600)
  50. [2019-04-24T15:01:35,175][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] File /usr/share/elasticsearch/config/kirk-key.pem has insecure file permissions (should be 0600)
  51. [2019-04-24T15:01:35,348][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [aggs-matrix-stats]
  52. [2019-04-24T15:01:35,349][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [analysis-common]
  53. [2019-04-24T15:01:35,349][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [ingest-common]
  54. [2019-04-24T15:01:35,349][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [lang-expression]
  55. [2019-04-24T15:01:35,349][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [lang-mustache]
  56. [2019-04-24T15:01:35,349][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [lang-painless]
  57. [2019-04-24T15:01:35,350][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [mapper-extras]
  58. [2019-04-24T15:01:35,350][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [parent-join]
  59. [2019-04-24T15:01:35,350][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [percolator]
  60. [2019-04-24T15:01:35,350][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [rank-eval]
  61. [2019-04-24T15:01:35,350][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [reindex]
  62. [2019-04-24T15:01:35,351][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [repository-url]
  63. [2019-04-24T15:01:35,351][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [transport-netty4]
  64. [2019-04-24T15:01:35,351][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded module [tribe]
  65. [2019-04-24T15:01:35,352][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded plugin [opendistro_alerting]
  66. [2019-04-24T15:01:35,352][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded plugin [opendistro_performance_analyzer]
  67. [2019-04-24T15:01:35,353][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded plugin [opendistro_security]
  68. [2019-04-24T15:01:35,353][INFO ][o.e.p.PluginsService     ] [-OP4cai] loaded plugin [opendistro_sql]
  69. [2019-04-24T15:01:35,377][INFO ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in elasticsearch.yml
  70. [2019-04-24T15:01:40,145][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
  71. [2019-04-24T15:01:40,146][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
  72. [2019-04-24T15:01:40,146][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Configured Users to ignore: [kibanaserver]
  73. [2019-04-24T15:01:40,147][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Configured Users to ignore for read compliance events: [kibanaserver]
  74. [2019-04-24T15:01:40,147][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Configured Users to ignore for write compliance events: [kibanaserver]
  75. [2019-04-24T15:01:40,164][INFO ][c.a.o.s.a.i.AuditLogImpl ] [-OP4cai] Message routing enabled: true
  76. [2019-04-24T15:01:40,216][WARN ][c.a.o.s.c.ComplianceConfig] [-OP4cai] If you plan to use field masking pls configure opendistro_security.compliance.salt to be a random string of 16 chars
  77. length identical on all nodes
  78. [2019-04-24T15:01:40,219][INFO ][c.a.o.s.c.ComplianceConfig] [-OP4cai] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@51cca357,  auditLogIndex=null]: {}
  79. [2019-04-24T15:01:41,236][INFO ][o.e.d.DiscoveryModule    ] [-OP4cai] using discovery type [zen] and host providers [settings]
  80. [2019-04-24T15:01:42,630][INFO ][c.a.o.e.p.h.c.PerformanceAnalyzerConfigAction] [-OP4cai] PerformanceAnalyzer Enabled: true
  81. Registering Handler
  82. [2019-04-24T15:01:42,696][INFO ][o.e.n.Node               ] [-OP4cai] initialized
  83. [2019-04-24T15:01:42,696][INFO ][o.e.n.Node               ] [-OP4cai] starting ...
  84. [2019-04-24T15:01:42,880][INFO ][o.e.t.TransportService   ] [-OP4cai] publish_address {192.168.112.4:9300}, bound_addresses {0.0.0.0:9300}
  85. [2019-04-24T15:01:42,969][INFO ][o.e.b.BootstrapChecks    ] [-OP4cai] bound or publishing to a non-loopback address, enforcing bootstrap checks
  86. [2019-04-24T15:01:42,985][INFO ][c.a.o.s.c.IndexBaseConfigurationRepository] [-OP4cai] Check if .opendistro_security index exists ...
  87. [2019-04-24T15:01:46,124][INFO ][o.e.c.s.MasterService    ] [-OP4cai] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {-OP4cai}{-OP4cai5QvGVxLbXCX3Lbw}{zIL0d_slTnWLQN77GiC-og}{192.168.112.4}{192.168.112.4:9300}
  88. [2019-04-24T15:01:46,154][INFO ][o.e.c.s.ClusterApplierService] [-OP4cai] new_master {-OP4cai}{-OP4cai5QvGVxLbXCX3Lbw}{zIL0d_slTnWLQN77GiC-og}{192.168.112.4}{192.168.112.4:9300}, reason: apply cluster state (from master [master {-OP4cai}{-OP4cai5QvGVxLbXCX3Lbw}{zIL0d_slTnWLQN77GiC-og}{192.168.112.4}{192.168.112.4:9300} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]])
  89. [2019-04-24T15:01:46,323][INFO ][c.a.o.s.h.OpenDistroSecurityHttpServerTransport] [-OP4cai] publish_address {192.168.112.4:9200}, bound_addresses {0.0.0.0:9200}
  90. [2019-04-24T15:01:46,324][INFO ][o.e.n.Node               ] [-OP4cai] started
  91. [2019-04-24T15:01:46,334][INFO ][c.a.o.s.OpenDistroSecurityPlugin] [-OP4cai] 4 Open Distro Security modules loaded so far: [Module [type=DLSFLS, implementing class=com.amazon.opendistroforelasticsearch.security.configuration.OpenDistroSecurityFlsDlsIndexSearcherWrapper], Module [type=REST_MANAGEMENT_API, implementing class=com.amazon.opendistroforelasticsearch.security.dlic.rest.api.OpenDistroSecurityRestApiActions], Module [type=AUDITLOG, implementing class=com.amazon.opendistroforelasticsearch.security.auditlog.impl.AuditLogImpl], Module [type=MULTITENANCY, implementing class=com.amazon.opendistroforelasticsearch.security.configuration.PrivilegesInterceptorImpl]]
  92. [2019-04-24T15:01:46,868][INFO ][o.e.c.s.MasterService    ] [-OP4cai] zen-disco-node-join[{Zh-qe03}{Zh-qe03PT0qdnSrtBEVYmg}{yZOrYUbjT3KiBNUIamJstQ}{192.168.112.3}{192.168.112.3:9300}], reason: added {{Zh-qe03}{Zh-qe03PT0qdnSrtBEVYmg}{yZOrYUbjT3KiBNUIamJstQ}{192.168.112.3}{192.168.112.3:9300},}
  93. [2019-04-24T15:01:46,934][INFO ][o.e.c.s.ClusterApplierService] [-OP4cai] added {{Zh-qe03}{Zh-qe03PT0qdnSrtBEVYmg}{yZOrYUbjT3KiBNUIamJstQ}{192.168.112.3}{192.168.112.3:9300},}, reason: apply cluster state (from master [master {-OP4cai}{-OP4cai5QvGVxLbXCX3Lbw}{zIL0d_slTnWLQN77GiC-og}{192.168.112.4}{192.168.112.4:9300} committed version [2] source [zen-disco-node-join[{Zh-qe03}{Zh-qe03PT0qdnSrtBEVYmg}{yZOrYUbjT3KiBNUIamJstQ}{192.168.112.3}{192.168.112.3:9300}]]])
  94. [2019-04-24T15:01:46,941][WARN ][o.e.d.z.ElectMasterService] [-OP4cai] value for setting "discovery.zen.minimum_master_nodes" is too low. This can result in data loss! Please set it to at
  95. least a quorum of master-eligible nodes (current value: [1], total number of master-eligible nodes used for publishing in this round: [2])
  96. [2019-04-24T15:01:48,315][INFO ][o.e.g.GatewayService     ] [-OP4cai] recovered [4] indices into cluster_state
  97. WARNING: An illegal reflective access operation has occurred
  98. WARNING: Illegal reflective access by com.amazon.opendistro.elasticsearch.performanceanalyzer.collectors.MasterServiceEventMetrics (file:/usr/share/elasticsearch/plugins/opendistro_performance_analyzer/opendistro_performance_analyzer-0.7.0.0.jar) to field java.util.concurrent.ThreadPoolExecutor.workers
  99. WARNING: Please consider reporting this to the maintainers of com.amazon.opendistro.elasticsearch.performanceanalyzer.collectors.MasterServiceEventMetrics
  100. WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
  101. WARNING: All illegal access operations will be denied in a future release
  102. [2019-04-24T15:01:49,595][INFO ][o.e.c.r.a.AllocationService] [-OP4cai] Cluster health status
  103. changed from [RED] to [YELLOW] (reason: [shards started [[security-auditlog-2019.04.23][0], [.kibana_92668751_admin][0], [security-auditlog-2019.04.23][2]] ...]).
  104. [2019-04-24T15:01:49,665][INFO ][c.a.o.s.c.IndexBaseConfigurationRepository] [-OP4cai] Node '-OP4cai' initialized
  105. [2019-04-24T15:01:51,454][INFO ][o.e.c.r.a.AllocationService] [-OP4cai] Cluster health status
  106. changed from [YELLOW] to [GREEN] (reason: [shards started [[security-auditlog-2019.04.23][0]]
  107. ...]).
  108. [2019-04-24T15:02:16,800][WARN ][o.e.d.c.m.MetaDataCreateIndexService] [-OP4cai] the default number of shards will change from [5] to [1] in 7.0.0; if you wish to continue using the default of [5] shards, you must manage this on the create index request or with an index template
  109. [2019-04-24T15:02:16,825][INFO ][o.e.c.m.MetaDataCreateIndexService] [-OP4cai] [security-auditlog-2019.04.24] creating index, cause [auto(bulk api)], templates [], shards [5]/[1], mappings []
  110. [2019-04-24T15:02:17,391][INFO ][o.e.c.m.MetaDataMappingService] [-OP4cai] [security-auditlog-2019.04.24/6I2PW1vbRxCZOpgE9dwFyw] create_mapping [auditlog]
  111. [2019-04-24T15:02:18,609][INFO ][o.e.c.r.a.AllocationService] [-OP4cai] Cluster health status
  112. changed from [YELLOW] to [GREEN] (reason: [shards started [[security-auditlog-2019.04.24][4]]
  113. ...]).
  114. [2019-04-24T15:02:46,295][INFO ][o.e.c.m.MetaDataMappingService] [-OP4cai] [security-auditlog-2019.04.24/6I2PW1vbRxCZOpgE9dwFyw] update_mapping [auditlog]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!