Hi
I run the securityadmin.sh (option -cd) script to deploy modifications done on security configuration files such as roles.yml, roles_mapping.yml, config.yml and so no.
Using a script I trigger the execution of the securityadmin.sh script on all data, master and client nodes from outside of the node (using ssh or kubectl exec for k8s)
As a result I get some node sending the folliwing output
Open Distro Security Admin v7
Will connect to localhost:9300 … done
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Elasticsearch Version: 7.10.2
Open Distro Security Version: 1.13.1.0
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: elasticsearch
Clusterstate: YELLOW
Number of nodes: 3
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/
Will update ‘_doc/config’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘_doc/roles’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘_doc/rolesmapping’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘_doc/internalusers’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘_doc/actiongroups’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Will update ‘_doc/tenants’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml
SUCC: Configuration for ‘tenants’ created or updated
Will update ‘_doc/nodesdn’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/nodes_dn.yml
SUCC: Configuration for ‘nodesdn’ created or updated
Will update ‘_doc/whitelist’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/whitelist.yml
SUCC: Configuration for ‘whitelist’ created or updated
Will update ‘_doc/audit’ with /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/audit.yml
SUCC: Configuration for ‘audit’ created or updated
Done with success
While others send the following output
Open Distro Security Admin v7
Will connect to localhost:9300 … done
command terminated with exit code 137
As a result the updated configuration is well deployed and usable on kibana
My questions are two fold,
- what does return code 137 means for securityadmin.sh ?
- Does an execution of securityadmin.sh on one node is enough to update the configuration of the whole cluster ?