OpenSearch Security not initialized

Excuse me,When I try to get a message about the OpenSearch cluster, I get an error as follows:
“error” : {
“root_cause” : [
“type” : “security_exception”,
“reason” : “OpenSearch Security not initialized for cluster:monitor/health”
“type” : “security_exception”,
“reason” : “OpenSearch Security not initialized for cluster:monitor/health”
“status” : 503
How can I initialize OpenSearch Security?

Most likely there is an error in config files which prevents from automatically initialising the index.

To troubleshoot, I would recommend running script to try to upload the config:

./ -cd ../securityconfig/ -icl -nhnv \
   -cacert ../../../config/root-ca.pem \
   -cert ../../../config/kirk.pem \
   -key ../../../config/kirk-key.pem

Any errors should be mentioned in the output.

Also assuming you have below line in opensearch.yml: true

Thanks for your reply, it worked!

does this applies to docker compose too?

@Ark74 yes, but with dc, security index would not initialise to start with. Therefore a quick workaround for a faulty config, would be start docker-compose with all defaults, then connect to one of the containers and try to update the config with ./, you should be able to see the errors clearly then.

1 Like

I run into an error when executing the script from the Documentation

./ -cd …/…/…/config/opensearch-security/ -icl -nhnv
-cacert …/…/…/config/root-ca.pem
-cert …/…/…/config/kirk.pem
-key …/…/…/config/kirk-key.pem

I receive the following error response :

Try running with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates) 
Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml 
If this is not working, try running with --diagnose and see diagnose trace log file)
Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

Can you help me troubleshoot the possible cause? @Anthony @chenqi
Kindly find my log file attached:


@ddodoo Could you open a new thread with your question?

Yes I can @pablo

I will do that right away