Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.3.0
RHEL 8
RPM installation
Describe the issue:
Hi Team,
I’m trying to setup a opensearch cluster and followed the steps based on the below link.
But while run the securityadmin.sh it’s keep on running with the below info. Please advise.
Getting the below while run the securityadmin.sh
[root@osd_server1 opensearch]# bash /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -icl -nhnv -ts /etc/opensearch/opensearch.truststore.jks -tspass PASSWORD -ks /etc/opensearch/opensearch.keystore.jks -kspass PASSWORD
** This tool will be deprecated in the next major release of OpenSearch **
** [DEPRECATION] Security Plugin Tools will be replaced · Issue #1755 · opensearch-project/security · GitHub **
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /usr/bin/java
Security Admin v7
Will connect to localhost:9200
ERR: Seems there is no OpenSearch running on localhost:9200 - Will exit
[root@osd_server1 opensearch]# vim /etc/opensearch/opensearch.yml
[root@osd_server1 opensearch]# systemctl restart opensearch
[root@osd_server1 opensearch]# bash /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -icl -nhnv -ts /etc/opensearch/opensearch.truststore.jks -tspass PASSWORD -ks /etc/opensearch/opensearch.keystore.jks -kspass PASSWORD
** This tool will be deprecated in the next major release of OpenSearch **
** [DEPRECATION] Security Plugin Tools will be replaced · Issue #1755 · opensearch-project/security · GitHub **
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /usr/bin/java
Security Admin v7
Will connect to localhost:9200 … done
Connected as “CN=osd_server1.vsi.uat.xxx.com,OU=Google,O=Google Ltd,L=Infra,C=Ind”
OpenSearch Version: 2.3.0
Contacting opensearch cluster ‘opensearch’ and wait for YELLOW clusterstate …
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying …
Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTimeoutException)
- Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
- Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-3 [ACTIVE]. This is not an error, will keep on trying …
Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-3 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTimeoutException) - Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
- Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-4 [ACTIVE]. This is not an error, will keep on trying …
Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-4 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTimeoutException) - Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
- Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-5 [ACTIVE]. This is not an error, will keep on trying …
Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-5 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTimeoutException) - Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
- Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-6 [ACTIVE]. This is not an error, will keep on trying …
Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-6 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTimeoutException) - Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
================================================================
Configuration:
RPM installation in Linux OS (RHEL 8), (vCpu = 8, Memory = 128gb)
Relevant Logs or Screenshots: