I am trying to set up a 3-node opensearch cluster with transport and http enabled with self-signed certificates. I installed opensearch with tarball on three hosts and as described in the OpenSearch documentation I generated certificates and added them to each host and each opensearch.yml file. The only other modifications I did are the IPs and node names in the opensearch.yml files.
When I start all three nodes I get following error:
[ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
When I check the cluster health I get the message “OpenSearch Security not initialized.” So I assumed that I had to run
./plugins/opensearch-security/tools/securityadmin.sh
in order to initialize the security settings without terminating opensearch. This is what I did and got the output
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
As I read in several other forums the console output has to be something more than this. I have also tried different parameters as in
but the output is always the same and the error message does not disappear, so I assume the script securityadmin.sh was somehow not executed correctly.
Maybe someone has an Idea where the problem could be?
@user2111 In regards to the deprecation message, that’s correct and it is scheduled for version 3.0.
The WARNING message complains about missing environment variable that script securityadmin.sh will check during the startup. Path to java binary should be defined.
@pablo Thank you very much for your respond.
Yes I have JDK installed.
I am not sure if I understand you correctly but I can share how my securityadmin.sh file looks like:
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
I am expecting as output something like
Security Admin v7
Will connect to localhost:9300 ... done
Connected as CN=kirk,OU=client,O=client,L=test,C=de
OpenSearch Version: 1.2.0
OpenSearch Security Version: 1.2.0.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch-search
Clusterstate: GREEN
Number of nodes: 3
Number of data nodes: 3
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
which I found in some other forum. So you think securityadmin.sh is not doing anything because the variables are not set?
and also with and without the cluster running. It is always exactly the same output, as if this file is not doing anything. Unfortunatly I do not really understand how the code in the file works. I thought it somehow loads the config files and the certificates and adds them as plugins or that it creates the opendistro_security index.
My ideas where to maybe add the IP of the cluster in the securityadmin.sh file so that it can reach it but I do not know how this could work.
When I start the cluster again it shows the same error message “no such index [.opensdistro_security]” and when I check the cluster health again “OpenSearch Security not initialized.”
@user2111 Thanks for sharing the screenshot.
That takes this conversation back to the first question about Java. It seems that Java is not installed or Java binary is not placed in /usr/bin.
If you had it installed, you would get the output like in the below example.
Try typing in java in the command line. What response do you get?
