S3 repository and mail authentication not working after upgrading opensearch from 2.8 to 2.11

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch version 2.11

Describe the issue:
I was previously using OpenSearch 2.8 with docker-compose setup then upgraded the setup from 2.8 to 2.11. After that alert was not working. Tried to add new channel and sender still It is showing the creds issues

[status_exception] {“event_status_list”: [{“config_id”:“asdasdaas1212”,“config_type”:“email”,“config_name”:“testchanneltwo”,“email_recipient_status”:[{“recipient":"somemail@gmail.com”,“delivery_status”:{“status_code”:“502”,“status_text”:“sendEmail Error, status:530 Authentication required\n”}}],“delivery_status”:{“status_code”:“502”,“status_text”:“sendEmail Error, status:530 Authentication required\n”}}]}

I’am also facing s3 bucket repo issue I cannot take or list snapshot in a repo getting weird error
“error”: {
“root_cause”: [
“type”: “repository_exception”,
“reason”: “[eventsbetsolarchive] Unexpected exception when loading repository data”
“type”: “repository_exception”,
“reason”: “[eventsbetsolarchive] Unexpected exception when loading repository data”,
“caused_by”: {
“type”: “sdk_client_exception”,
“reason”: “Unable to load region from any of the providers in the chain software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain@10943e64: [software.amazon.awssdk.regions.providers.SystemSettingsRegionProvider@78b1ae40: Unable to load region from system settings. Region must be specified either via environment variable (AWS_REGION) or system property (aws.region)., software.amazon.awssdk.regions.providers.AwsProfileRegionProvider@378916fa: No region provided in profile: default, software.amazon.awssdk.regions.providers.InstanceProfileRegionProvider@443f94d4: Unable to contact EC2 metadata service.]”
“status”: 500

Used this command line for smtp authentications

./bin/opensearch-keystore add plugins.alerting.destination.email.eventscronalert.username
./bin/opensearch-keystore add plugins.alerting.destination.email.eventscronalert.password

below command on s3 configurations
./bin/opensearch-keystore add s3.client.default.access_key
./bin/opensearch-keystore add s3.client.default.secret_key

Relevant Logs or Screenshots:

Please help me on this. Thanks

Hey @aravindasamy , I believe the region is now a required settings that has to be set for S3 repository:

s3.client.default.region: <region>

The documentation needs to be updated, thank you.

Hi @reta thanks for the details. When I added the region using this command on two containers
./bin/opensearch-keystore add s3.client.default.region was getting below errors

setting [s3.client.default.region] is a non-secure setting and must be stored inside opensearch.yml, but was found inside the OpenSearch keystore
at org.opensearch.common.settings.Setting.innerGetRaw(Setting.java:564) ~[opensearch-2.11.1.jar:2.11.1]
at org.opensearch.common.settings.Setting.getRaw(Setting.java:549) ~[opensearch-2.11.1.jar:2.11.1]

when I added this s3.client.default.region: us-west-2 line on opensearch.yml was getting below error

unknown setting [s3.client.default.region] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
What am I missing?

Thanks in advance

Wow, that’s unexpected (I apologise, should have be precise that s3.client.default.region should be in opensearch.yaml). This only happens when plugin is not installed, could you please check it is actually there before you start the server? Thank you.

1 Like

Hi @reta thanks again. Let me tell what happened If I enable s3 plugin and try to create snapshot I was thrown region issue and if I give region on opensearch.yaml I have to give docker-compose down followed by docker-compose up -d so what this does is again launch a new containers without s3 plugin which inturn cause containers to exit with error. To overcome this I had to build new docker image s3 repo plugin installed. Then give region in opensearch.yml. This worked, now I can able to take snaps and list.

Still I’m facing SMTP mail authentication issues. Any idea on that?

Thanks in Advance.

Thanks @aravindasamy

My apologies but I have no insights regarding this part, thank you.