Securityadmin.sh : which: command not found

janstack · July 14, 2021, 11:28am

Hi,

I’m trying to set-up OpenSearch with TLS certificates on Docker opensearchproject/opensearch:1.0.0.

My probem is when I run the securityadmin.sh script:

docker-compose exec os01 bash -c "bash plugins/opensearch-security/tools/securityadmin.sh -cd plugins/opensearch-security/securityconfig -icl -nhnv -cacert config/certificates/ca/ca.pem -cert config/certificates/ca/admin.pem -key config/certificates/ca/admin.key -h localhost"

I get the following error :

plugins/opensearch-security/tools/securityadmin.sh: line 20: which: command not found
WARNING: JAVA_HOME not set, will use

So the problem is which: command not found

Thanks for your help,

BlackMetalz · July 14, 2021, 11:39am

I haven’t run odfe with docker yet but can you try to enter the container and run the command?

janstack · July 14, 2021, 11:43am

Entering the container with docker exec -it <ID> bash and then run the command does the same.
Anyway the which command is not installed in this Docker image. This is the problem but I don’t know how to fix it.

searchymcsearchface · July 14, 2021, 4:12pm

I’ve moved to the security category.

BlackMetalz · July 14, 2021, 4:44pm

I just set up a ODFE container.
It contains a file called securityadmin_demo.sh. Run it then your problem will be resolved.

janstack · July 14, 2021, 4:47pm

Thanks but I’m using OpenSearch, not OpenDistro

Anthony · July 14, 2021, 6:24pm

@janstack You will need to add below line to docker-compose.yml:

environment:
“JAVA_HOME=/usr/share/opensearch/jdk”

I think the docs need to be updated

BlackMetalz · July 14, 2021, 6:54pm

yeah lol, I just figured it out too
After set it no need to run security for the first time since it already executed while init the container i guess

janstack · July 14, 2021, 7:03pm

Hmm, this is what I get and this is why I need to run the securityadmin :

os02_1    | [2021-07-14T19:01:33,581][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [os02] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
os02_1    | [2021-07-14T19:01:33,581][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [os02] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
os02_1    | [2021-07-14T19:01:33,581][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [os02] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
os01_1    | [2021-07-14T19:01:35,781][ERROR][o.o.s.a.BackendRegistry  ] [os01] Not yet initialized (you may need to run securityadmin)
os02_1    | [2021-07-14T19:01:35,793][ERROR][o.o.s.a.BackendRegistry  ] [os02] Not yet initialized (you may need to run securityadmin)
os03_1    | [2021-07-14T19:01:35,799][ERROR][o.o.s.a.BackendRegistry  ] [os03] Not yet initialized (you may need to run securityadmin)
os01_1    | [2021-07-14T19:01:35,804][ERROR][o.o.s.a.BackendRegistry  ] [os01] Not yet initialized (you may need to run securityadmin)
kibana_1  | {"type":"log","@timestamp":"2021-07-14T19:01:35Z","tags":["error","opensearch","data"],"pid":1,"message":"[ResponseError]: Response Error"}

And this is in the official documentation

BlackMetalz · July 15, 2021, 3:11am

is it ok right now?

Anthony · July 15, 2021, 9:44am

@janstack When using docker-compose, make sure to use docker-compose down -v command to remove any volumes between testing.

If this is still generating the error, could you share your docker-compose file?

janstack · July 15, 2021, 1:51pm

Hi @Anthony, thanks. Please find it here : GitHub - flavienbwk/opensearch-docker-compose: Dockerized cluster architecture for OpenSearch with compose.

Commands to reproduce :

git clone https://github.com/flavienbwk/opensearch-docker-compose
cd opensearch-docker-compose
bash generate-certs.sh
docker-compose up -d

docker-compose exec os01 bash -c "bash plugins/opensearch-security/tools/securityadmin.sh -cd plugins/opensearch-security/securityconfig -icl -nhnv -cacert config/certificates/ca/ca.pem -cert config/certificates/ca/admin.pem -key config/certificates/ca/admin.key -h localhost"

Anthony · July 15, 2021, 2:16pm

@janstack After running docker-compose up -d
can you try to run below command:
docker exec -it opensearch-docker-compose_os03_1 bash -c “bash plugins/opensearch-security/tools/securityadmin.sh -cd plugins/opensearch-security/securityconfig -icl -nhnv -cacert config/certificates/ca/ca.pem -cert config/certificates/ca/admin.pem -key config/certificates/ca/admin.key -h localhost”

Do you get any error?

nick_cloud · July 15, 2021, 4:09pm

Sounds like the problem is additionally JAVA_HOME is not defined? Hence the branch with which is run in the first place?

There’s an open ticket on the OpenSearch repo for it:

Missing JAVA_HOME: JAVA_HOME missing in dockerhub image · Issue #49 · opensearch-project/opensearch-build · GitHub
Missing which: Base image incompatible with securityadmin.sh script (which: command not found) · Issue #964 · opensearch-project/OpenSearch · GitHub

janstack · July 15, 2021, 11:00pm

Setting the env variable JAVA_HOME: /usr/share/opensearch/jdk solves the problem and is going to be fixed in 1.1.0. Thanks.

Topic		Replies	Views
Open Search Security Not Initialized Security troubleshoot	22	7490	November 3, 2024
Securityadmin.sh no permissions Security	10	964	July 12, 2023
Troubles getting LDAP working Security configure	3	294	April 24, 2024
Opensearch security not initialized; Securityadmin.sh not running Security troubleshoot , configure	10	4595	June 20, 2022
Error securityadmin.sh execution Security	2	34	July 23, 2024

Securityadmin.sh : which: command not found

Related topics