I am using opensearch-dashboards 1.3.0 with Security enabled. As per our one of requirement, I have encrypted the certificates after the opensearch-dashboard service is up. However, On access GUI, I receive an error for the server key and certificate as they are in encrypted format it is not able to open them.
This use case was working fine with kibana 7.10 rpm.
Is there any difference in opensearch-dashboard about how GUI rendering is done as it is trying to load certificates every time which was not the case with kibana.
Thanks in advance
Thanks @pablo , I was referring to Elasticsearch OSS RPM 7.10.2 itself. I have provided server certificates and key at the time of installations, however once the service becomes up, the certificates and key get encrypted and the filename gets changed.
I suspect this change is introduced as part of this function:
Hello @Pratiksha, that new piece of code was added to pass your certs to the server when making the calling to check your assets related to custom branding. It shouldn’t be used anywhere else and if that fails then you will just not have access to custom branding logos and it will render the default OpenSearch Dashboards logos. Are you just getting error logs? But everything is rendering and acting normal? If so we can just create an error message that specific to this case.
Receiving below error in the logs, it is giving no such file found as after encryption the filename has changed.
{“log”:{“message”:“{ Error: ENOENT: no such file or directory, open ‘’\n at Object.openSync (fs.js:443:3)\n at readFileSync (fs.js:343:35)\n at readFile (/usr/share/opensearch-dashboards/src/core/server/http/ssl_config.js:181:31)\n at new SslConfig (/usr/share/opensearch-dashboards/src/core/server/http/ssl_config.js:131:18)\n at RenderingService.setupHttpAgent (/usr/share/opensearch-dashboards/src/core/server/rendering/rendering_service.js:248:25)\n at Object.render (/usr/share/opensearch-dashboards/src/core/server/rendering/rendering_service.js:175:14)\n at Object.renderAnonymousCoreApp (/usr/share/opensearch-dashboards/src/core/server/http_resources/http_resources_service.js:87:43)\n at coreSetup.http.resources.register (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/basic/routes.ts:52:25)\n at router.get (/usr/share/opensearch-dashboards/src/core/server/http_resources/http_resources_service.js:63:18)\n at /usr/share/opensearch-dashboards/src/core/utils/context.js:58:16\n at process._tickCallback (internal/process/next_tick.js:68:7)\n errno: -2,\n syscall: ‘open’,\n code: ‘ENOENT’,\n path: ‘’ }”},“extension”:{“type”:“log”,“tags”:[“error”,“http”],“pid”:122},“type”:“log”,“level”:“info”,“timezone”:“UTC”,“time”:“2022-03-30T05:09:01Z”}
{“log”:{“message”:“Internal Server Error”},“extension”:{“type”:“error”,“tags”:,“pid”:122,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toInternalError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:82:19)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:177:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:“?nextUrl=%2Fpratiksha123%2Fapp%2Fmanagement%2Fopensearch-dashboards%2FindexPatterns%3FbannerMessage%3DTo%2520visualize%2520and%2520explore%2520data%2520in%2520OpenSearch%2520Dashboards%2C%2520you%2520must%2520create%2520an%2520index%2520pattern%2520to%2520retrieve%2520data%2520from%2520OpenSearch.”,“query”:{“nextUrl”:“/pratiksha123/app/management/opensearch-dashboards/indexPatterns?bannerMessage=To%20visualize%20and%20explore%20data%20in%20OpenSearch%20Dashboards,%20you%20must%20create%20an%20index%20pattern%20to%20retrieve%20data%20from%20OpenSearch.”},“pathname”:“/app/login”,“path”:“/app/login?nextUrl=%2Fpratiksha123%2Fapp%2Fmanagement%2Fopensearch-dashboards%2FindexPatterns%3FbannerMessage%3DTo%2520visualize%2520and%2520explore%2520data%2520in%2520OpenSearch%2520Dashboards%2C%2520you%2520must%2520create%2520an%2520index%2520pattern%2520to%2520retrieve%2520data%2520from%2520OpenSearch.”,“href”:“/app/login?nextUrl=%2Fpratiksha123%2Fapp%2Fmanagement%2Fopensearch-dashboards%2FindexPatterns%3FbannerMessage%3DTo%2520visualize%2520and%2520explore%2520data%2520in%2520OpenSearch%2520Dashboards%2C%2520you%2520must%2520create%2520an%2520index%2520pattern%2520to%2520retrieve%2520data%2520from%2520OpenSearch.”}},“type”:“log”,“level”:“info”,“timezone”:“UTC”,“time”:“2022-03-30T05:09:01Z”}
Do you have the ability to check if this scenario works in 1.2? The rendering service SSL agent is not there in 1.2, I’m curious if the OpenSearch Security Dashboards plugin works fine or this code. Or maybe both.
Otherwise I can try to see if I can recreate this situation.
I see, the SSL handshake between OpenSearch Dashboards and OpenSearch Security does not need to happen everytime since this at a service level. However, the new piece of code is establishing the handshake between the browser and the server and see it’s in the rendering service it will be required everytime you refresh the browser.
I’m not positive what’s the best behavior, definitely not file not found error but I think possibly just fail and do the default rendering? What do you think?
Sorry this happened, I believe we are attempting to do a 1.3.1 release for OpenSearch Dashboards perhaps I can get that in.
Can you please share when can version 1.3.1 be released. I hope it includes the changes that it will initially check if custom branding is enabled and then check for further steps.
Hi @kavilla
I am facing the same issue described here. Is there a plan to release opensearch-dashboards 1.3.1 with this fix? And when is the 1.3.1 version expected to be released? We see opensearch-1.3.1 is already released.
