Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue:
Hello,
i was try to install opensearch 2.3 and opensearch dashboard 2.3 using tarball
but why this opensearch cannot be started after changing configuration of tls and user ?
Thankyou
Relevant Logs or Screenshots:
@keri Please share your opensearch.yml file.
Hello Pablo, heres my opensearch.yml
# ======================== OpenSearch Configuration =========================
#
# NOTE: OpenSearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.opensearch.org
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: ews-opensearch-prd
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: ${HOSTNAME}
#node.roles: [master]
node.roles: [data, data_content, data_hot, ingest, ml, remote_cluster_client]
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# OpenSearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: xxx
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["xxx", "xxx", "xxx"]
#
# Bootstrap the cluster using an initial set of cluster-manager-eligible nodes:
#
cluster.initial_cluster_manager_nodes: ["xxx"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
#discovery.type: single-node
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
node.max_local_storage_nodes: 3
plugins.security.disabled: false
plugins.security.ssl.transport.pemcert_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/node1.pem
plugins.security.ssl.transport.pemkey_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/node1.pem
plugins.security.ssl.http.pemkey_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /home/ubuntu/opensearch-2.3.0/config/certs/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- '/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=A'
plugins.security.nodes_dn:
- '/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=A'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
######## End OpenSearch Security Demo Configuration ########
ubuntu@ews-open-search-1:~/opensearch-2.3.0/config$
i’ve also tried move the cert from /home/ubuntu/opensearch-2.3.0/config/ into /home/ubuntu/opensearch-2.3.0/config/certs/ but still got the error
Regards
Keri
@keri The node certificate shouldn’t be an admin certificate. As per the error, the admin_dn and nodes_dn have incorrect entries.
Please follow the OpenSearch documentation.
Hello @pablo
using your guide i was successfull to run my node1(master) and node2, but unfortunately my node 3 was failed to join to the cluster
heres the error :
[2022-11-08T23:36:18,243][INFO ][o.o.c.c.JoinHelper ] [ews-open-search-3] failed to join {ews-open-search-1}{JC5B0pUQR9miRBqWdfshuQ}{kOqda6gjQnGkk3hkh6VvMA}{xxx.xxx.xxx.xxx}{xxx.xxx.xxx.xxx:9300}{m}{shard_indexing_pressure_enabled=true} with JoinRequest{sourceNode={ews-open-search-3}{f_g0sclnTWyYwg2VPf5ZSw}{OGL9yo45TP6XAz7TRSLJvg}{xxx.xxx.xxx.xxx}{xxx.xxx.xxx.xxx:9300}{ddata_contentdata_hotimlr}{shard_indexing_pressure_enabled=true}, minimumTerm=10, optionalJoin=Optional.empty}
org.opensearch.transport.RemoteTransportException: [ews-open-search-1][xxx.xxx.xxx.xxx:9300][internal:cluster/coordination/join]
Caused by: java.lang.IllegalStateException: failure when sending a validation request to node
at org.opensearch.cluster.coordination.Coordinator$2.onFailure(Coordinator.java:627) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:74) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1379) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.transport.InboundHandler.lambda$handleException$3(InboundHandler.java:420) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:747) ~[opensearch-2.3.0.jar:2.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: org.opensearch.transport.RemoteTransportException: [ews-open-search-3][xxx.xxx.xxx.xxx:9300][internal:cluster/coordination/join/validate]
Caused by: org.opensearch.cluster.coordination.CoordinationStateRejectedException: join validation on cluster state with a different cluster uuid j3aisPUXSJ-E3ZRQQkunCw than local cluster uuid 77CgE1mhTKiWSx6gSqR_nQ, rejecting
at org.opensearch.cluster.coordination.JoinHelper.lambda$new$4(JoinHelper.java:213) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.indexmanagement.rollup.interceptor.RollupInterceptor$interceptHandler$1.messageReceived(RollupInterceptor.kt:100) ~[?:?]
at org.opensearch.performanceanalyzer.transport.PerformanceAnalyzerTransportRequestHandler.messageReceived(PerformanceAnalyzerTransportRequestHandler.java:43) ~[?:?]
at org.opensearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:106) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.transport.InboundHandler$RequestHandler.doRun(InboundHandler.java:453) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:806) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) ~[opensearch-2.3.0.jar:2.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
at java.lang.Thread.run(Thread.java:833) ~[?:?]
Thankyou
Regards
keri
@keri This might be caused by misconfigured discovery.seed_hosts:
hello @pablo but i already apply that discovery.seed_hosts configuration,
any other solution for this ?
Thankyou
Regards
keri
@keri How did you deploy your OpenSearch cluster?
hello pablo, my node 3 still giving this error, maybe will skip this first and continue to opensearch dashboard first
[ews-open-search-3] failed to join {ews-open-search-1}{JC5B0pUQR9miRBqWdfshuQ}{kOqda6gjQnGkk3hkh6VvMA}{xxx.xxx.xxx.xxx}{xxx.xxx.xxx.xxx:9300}{m}{shard_indexing_pressure_enabled=true} with JoinRequest{sourceNode={ews-open-search-3}{f_g0sclnTWyYwg2VPf5ZSw}{OGL9yo45TP6XAz7TRSLJvg}{xxx.xxx.xxx.xxx}{xxx.xxx.xxx.xxx:9300}{ddata_contentdata_hotimlr}{shard_indexing_pressure_enabled=true}, minimumTerm=10, optionalJoin=Optional.empty}
org.opensearch.transport.RemoteTransportException: [ews-open-search-1][xxx.xxx.xxx.xxx:9300][internal:cluster/coordination/join]
Caused by: java.lang.IllegalStateException: failure when sending a validation request to node
at org.opensearch.cluster.coordination.Coordinator$2.onFailure(Coordinator.java:627) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:74) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1379) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.transport.InboundHandler.lambda$handleException$3(InboundHandler.java:420) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:747) ~[opensearch-2.3.0.jar:2.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
@keri What is the issue with the OpenSearch Dashboards? Please share opnesearch_dashboards.yml.
@pablo my issues was i can’t login into opensearch dashboard and heres my opensearch_dahsboard.yml
ubuntu@ews-open-search-dashboard:~/opensearch-dashboards-2.3.0/config$ cat opensearch_dashboards.yml
---
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
# Description:
# Default configuration for OpenSearch Dashboards
# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
# server.port: 5601
# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "xxx"
# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
# server.basePath: ""
# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
# server.maxPayloadBytes: 1048576
# The OpenSearch Dashboards server's name. This is used for display purposes.
server.name: "ews-opensearch-dashboard-prd"
# The URLs of the OpenSearch instances to use for all your queries.
# opensearch.hosts: ["http://localhost:9200"]
# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
# opensearchDashboards.index: ".opensearch_dashboards"
# The default application to load.
# opensearchDashboards.defaultAppId: "home"
# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
# This settings should be used for large clusters or for clusters with ingest heavy nodes.
# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
#
# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
# opensearch.optimizedHealthcheckId: "cluster_id"
# If your OpenSearch is protected with basic authentication, these settings provide
# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
# is proxied through the OpenSearch Dashboards server.
opensearch.username: "opensearch_dashboards_system"
opensearch.password: "pass"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
# server.ssl.enabled: false
# server.ssl.certificate: /path/to/your/server.crt
# server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
# opensearch.ssl.certificate: /path/to/your/client.crt
# opensearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your OpenSearch instance.
# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
# opensearch.ssl.verificationMode: full
# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
# the opensearch.requestTimeout setting.
# opensearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
# must be a positive integer.
# opensearch.requestTimeout: 30000
# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
# headers, set this value to [] (an empty list).
# opensearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration.
# opensearch.customHeaders: {}
# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
# opensearch.shardTimeout: 30000
# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
# opensearch.logQueries: false
# Specifies the path where OpenSearch Dashboards creates the process ID file.
# pid.file: /var/run/opensearchDashboards.pid
# Enables you to specify a file where OpenSearch Dashboards stores log output.
# logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
# logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
# logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
# logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
# ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
# i18n.locale: "en"
# Set the allowlist to check input graphite Url. Allowlist is the default check list.
# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
# Set the blocklist to check input graphite Url. Blocklist is an IP list.
# Below is an example for reference
# vis_type_timeline.graphiteBlockedIPs: [
# //Loopback
# '127.0.0.0/8',
# '::1/128',
# //Link-local Address for IPv6
# 'fe80::/10',
# //Private IP address for IPv4
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# //Unique local address (ULA)
# 'fc00::/7',
# //Reserved IP address
# '0.0.0.0/8',
# '100.64.0.0/10',
# '192.0.0.0/24',
# '192.0.2.0/24',
# '198.18.0.0/15',
# '192.88.99.0/24',
# '198.51.100.0/24',
# '203.0.113.0/24',
# '224.0.0.0/4',
# '240.0.0.0/4',
# '255.255.255.255/32',
# '::/128',
# '2001:db8::/32',
# 'ff00::/8',
# ]
# vis_type_timeline.graphiteBlockedIPs: []
# opensearchDashboards.branding:
# logo:
# defaultUrl: ""
# darkModeUrl: ""
# mark:
# defaultUrl: ""
# darkModeUrl: ""
# loadingLogo:
# defaultUrl: ""
# darkModeUrl: ""
# faviconUrl: ""
# applicationTitle: ""
# Set the value of this setting to true to capture region blocked warnings and errors
# for your map rendering services.
# map.showRegionBlockedWarning: false%
opensearch.hosts: ["http://xxx:9200", "http://xxx:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false
@keri Does the OpenSearch Dashboards even start with this config? If this is the same config, it must fail during the startup.
@pablo yes, it started but i cant login using this user
opensearch.username: kibanaserver
opensearch.password: kibanaserver
should i copy the certificates from opensearch node into this dashboard ?
@keri I’ve found couple issues with your config.
server.host:, server.name, opensearch.username, opensearch.passwordare incorrectly indented. All should have the leading spaces removed.
opensearch.username, opensearch.password are duplicated.
Default values of opensearch.username, opensearch.password are kibanaserver. If you’d like to use a custom user then you have to follow this documentation.
Since the security plugin is enabled and plugins.security.ssl.http.enabled:is set to true, the opensearch.hosts must use HTTPS and not HTTP.
kibanaserver is not used for UI login. This is a service account that connects OpenSearch Dashboards with OpenSearch. Username admin and password admin are default.
You didn’t answer my previous question. How did you deploy your cluster?
oh sorry i still dont get your question, but did you mean how to deploy my vm ? if yes, i was installed opensearch tarball into my 3 vm, and then install opensearch dashboard to the other vm
about this, why when i tried to use this curl https://xxx:9200 -u ‘admin:xxx’ -k from node 1 into node 2 got error, but when use curl http://xxx:9200 -u ‘admin:xxx’ -k is successfull, did i still have wrong configuration maybe ?
ubuntu@ews-open-search-1:~$ curl http://xxx:9200 -u 'admin:xxx' -k
{
"name" : "ews-open-search-2",
"cluster_name" : "ews-opensearch-prd",
"cluster_uuid" : "j3aisPUXSJ-E3ZRQQkunCw",
"version" : {
"distribution" : "opensearch",
"number" : "2.3.0",
"build_type" : "tar",
"build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140",
"build_date" : "2022-09-09T00:07:12.137133581Z",
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
ubuntu@ews-open-search-1:~$ curl https://xxx:9200 -u 'admin:xxx' -k
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Regards
keri
@keri Do you get a login screen in OpenSearch Dashboards UI?
Please share the output of the following
curl --insecure -u admin: -XGET http://localhost:9200/_plugins/_security/authinfo?pretty
curl --insecure -u admin: -XGET http://localhost:9200/_cat/nodes
@keri Also, please remove or comment the below line in opensearch.yml in all nodes.
Please remember that any changes made in opensearch.yml requires restart of the OpenSearch node.
plugins.security.disabled: false
no im still cant get the login screen, when i run the dashboard got this error
/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:173
throw generateError(state, message);
^
YAMLException: end of the stream or a document separator is expected at line 176, column 1:
opensearch.hosts: ["http://10.40 ...
^
at generateError (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:167:10)
at throwError (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:173:9)
at readDocument (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:1545:5)
at loadDocuments (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:1588:5)
at load (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:1614:19)
at Object.safeLoad (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/js-yaml/lib/js-yaml/loader.js:1637:10)
at readYaml (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/@osd/apm-config-loader/target/utils/read_config.js:37:38)
at Object.exports.getConfigFromFiles (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/@osd/apm-config-loader/target/utils/read_config.js:62:22)
at exports.loadConfiguration (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/@osd/apm-config-loader/target/config_loader.js:43:38)
at module.exports (/home/ubuntu/opensearch-dashboards-2.3.0/src/apm.js:58:15) {
reason: 'end of the stream or a document separator is expected',
ubuntu@ews-open-search-1:~$ curl --insecure -u admin:xxx -XGET http://xxx:9200/_plugins/_security/authinfo?pretty
{
"error" : "no handler found for uri [/_plugins/_security/authinfo] and method [GET]"
}
ubuntu@ews-open-search-1:~$ curl --insecure -u admin:xxx -XGET http://xxx:9200/_cat/nodes
10.40.50.233 3 99 0 0.00 0.00 0.04 m master * ews-open-search-1
10.40.50.72 4 99 0 0.00 0.01 0.03 dir data,data_content,data_hot,ingest,ml,remote_cluster_client - ews-open-search-2
im sorry, i was forgot that i already update from plugins.security.disabled: false into plugins.security.disabled: true
and when i change into plugins.security.disabled: false and restart the opensearch i got this error
[2022-11-10T23:48:25,407][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [ews-open-search-2] Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
org.opensearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];
at org.opensearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:204) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:190) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:81) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:58) ~[opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:218) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.indexmanagement.rollup.actionfilter.FieldCapsFilter.apply(FieldCapsFilter.kt:118) [opensearch-index-management-2.3.0.0.jar:2.3.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.performanceanalyzer.action.PerformanceAnalyzerActionFilter.apply(PerformanceAnalyzerActionFilter.java:78) [opensearch-performance-analyzer-2.3.0.0.jar:2.3.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:232) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:149) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.support.TransportAction.execute(TransportAction.java:188) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.action.support.TransportAction.execute(TransportAction.java:107) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:110) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:97) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:426) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.client.support.AbstractClient.multiGet(AbstractClient.java:542) [opensearch-2.3.0.jar:2.3.0]
at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.loadAsync(ConfigurationLoaderSecurity7.java:207) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.load(ConfigurationLoaderSecurity7.java:98) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.getConfigurationsFromIndex(ConfigurationRepository.java:372) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:318) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:303) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at org.opensearch.security.configuration.ConfigurationRepository$1.run(ConfigurationRepository.java:163) [opensearch-security-2.3.0.0.jar:2.3.0.0]
at java.lang.Thread.run(Thread.java:833) [?:?]
Hello @pablo im sorry i was typo before, right now i can get the login screen of opensearch dashboard, but still cant login
and heres the error log
log [17:11:32.887] [error][plugins][securityDashboards] StatusCodeError: no handler found for uri [/_plugins/_security/tenantinfo] and method [GET]
at respond (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/elasticsearch/src/lib/transport.js:349:15)
at checkRespForFailure (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/elasticsearch/src/lib/transport.js:306:7)
at HttpConnector.<anonymous> (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
at IncomingMessage.wrapper (/home/ubuntu/opensearch-dashboards-2.3.0/node_modules/lodash/lodash.js:4991:19)
at IncomingMessage.emit (events.js:412:35)
at endReadableNT (internal/streams/readable.js:1333:12)
at processTicksAndRejections (internal/process/task_queues.js:82:21) {
status: 400,
displayName: 'BadRequest',
path: '/_plugins/_security/tenantinfo',
query: {},
body: {
error: 'no handler found for uri [/_plugins/_security/tenantinfo] and method [GET]'
},
statusCode: 400,
response: '{"error":"no handler found for uri [/_plugins/_security/tenantinfo] and method [GET]"}',
toString: [Function (anonymous)],
toJSON: [Function (anonymous)]
}
log [17:11:32.894] [warning][environment] Detected an unhandled Promise rejection.
no handler found for uri [/_plugins/_security/tenantinfo] and method [GET] :: {"path":"/_plugins/_security/tenantinfo","query":{},"statusCode":400,"response":"{\"error\":\"no handler found for uri [/_plugins/_security/tenantinfo] and method [GET]\"}"}
log [17:11:32.969] [info][listening] Server running at http://xxx:5601
log [17:11:33.131] [info][server][OpenSearchDashboards][http] http server running at http://xxx:5601
log [17:15:06.362] [error][plugins][securityDashboards] Failed authentication: Error: no handler found for uri [/_plugins/_security/authinfo] and method [GET]
log [17:15:21.093] [error][plugins][securityDashboards] Failed authentication: Error: no handler found for uri [/_plugins/_security/authinfo] and method [GET]
log [17:16:14.025] [error][plugins][securityDashboards] Failed authentication: Error: no handler found for uri [/_plugins/_security/authinfo] and method [GET]