Opensearch Security: No results from securityadmin.sh (at all)?

dax · December 6, 2024, 10:22pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): Dashboard 2.18

Describe the issue: securityadmin.sh displays the standard message about deprecation, then exits with no errors. The issue persists when filesystems are remounted without noexec flag, when SELinux is placed in permissive mode, and when firewalld is configured to allow traffic. Does anyone have any additional troubleshooting steps? I have been following the guide for offline installation (actually, I was originally attempting to install Wazuh - but failed at this step there. I am now attempting to install opensearch on its own but having the same issue)

Configuration:
RHEL 8 system configured to STIG standards

Relevant Logs or Screenshots:

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************

this is the only output from securityadmin.sh no matter what options I give it, no options, the correct options, or anything in between.

EDIT: Since this seems to be a common issue: I DO have java installed, and have been attempting to run securityadmin.sh with OPENSEARCH_JAVA_HOME=/usr/bin/java
Java -version output:

openjdk version "1.8.0_412"
OpenJDK Runtime Environment (build 1.8.0_412-b08)
OpenJDK 64-Bit Server VM (build 25.412-b08, mixed mode)

Mantas · December 9, 2024, 12:34pm

Hi @dax,

Can you share the command you are running with securityadmin.sh ?

Best,
mj

dax · December 9, 2024, 4:40pm

Mantas, thanks for the response. I have tried a few commands now. The one I ran initially which should have worked is this:

./securityadmin.sh -cd /etc/opensearch/opensearch-security/ -cacert /etc/opensearc/certs/root-ca.pem -cert /etc/opensearch/certs/admin.pem -key /etc/opensearch/certs/admin-key.pem -h 127.0.0.1 -p 9200

I have also tried the -diagnose option, with no result.
Curling 127.0.0.1:9200 results in:

OpenSearch Security not initialized.

Mantas · December 9, 2024, 5:30pm

ok, interesting, could you share your opensearch.yml and config.yml?

Best,
mj

dax · December 9, 2024, 5:36pm

Solved, thank you for your enthusiasm anyway.
For anyone that comes across this post in the future:

The final line in securityadmin.sh pipes output to dev/null. I removed that and found that the script wasn’t able to access some libraries in the opensearch jdk directory.

I tried using the system JDK and it was out of date; updated, and it ran fine.

Can close/lock this thread now.

Topic		Replies	Views
Opensearch security not initialized; Securityadmin.sh not running Security troubleshoot , configure	10	4812	June 20, 2022
Securityadmin.sh errors when connecting opensearch through http Security troubleshoot	4	3934	June 2, 2022
Securityadmin.sh ERR....is not an admin user Security troubleshoot , configure , security-issue	4	785	March 28, 2023
Cannot get AD authentication to work Security	5	472	May 5, 2022
Securityadmin.sh failing to upload config OpenSearch	19	1996	May 26, 2023

Opensearch Security: No results from securityadmin.sh (at all)?

Related topics