"Unable to retrieve version information from OpenSearch nodes."

OpenSearch Dashboards
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.19.1

Describe the issue:
I cant connect to opensearch-dashboards

Configuration:

opensearch.yml

######## Start OpenSearch Security Demo Configuration ######## 
# WARNING: revise all the lines below before you go into production 
plugins.security.ssl.transport.pemcert_filepath: certificates/elk-transport-crt.pem
plugins.security.ssl.transport.pemkey_filepath: certificates/elk-transport-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: certificates/elastic_ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false 
plugins.security.ssl.http.enabled: true 
plugins.security.ssl.http.pemcert_filepath: certificates/elk-node-crt.pem
plugins.security.ssl.http.pemkey_filepath: certificates/elk-node-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: certificates/elastic_ca.pem
plugins.security.allow_unsafe_democertificates: true 
plugins.security.allow_default_init_securityindex: true 
plugins.security.authcz.admin_dn: 
  - 'CN=CONTROL-M_EM_ES_admin,O=ChangeMe,L=ChangeMeL,ST=ChangeMeST,C=CM'

 
#plugins.security.audit.type: internal_opensearch 
plugins.security.enable_snapshot_restore_privilege: true 
plugins.security.check_snapshot_restore_write_privileges: true 
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] 
plugins.security.system_indices.enabled: true 
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] 
node.max_local_storage_nodes: 3 
######## End OpenSearch Security Demo Configuration ######## 
path.logs: C:\Program Files\BMC Software\Control-M EM\Default\log\services\workflow_insights
cluster.name: workflow_insights_cluster
network.host: 0
node.name: px-6dcf5134
node.roles: ["initial_master","data","ingest","master","remote_cluster_client"]
action.auto_create_index: false
bootstrap.memory_lock: true
http.port: 19200
transport.port: 19300
cluster.initial_master_nodes: ['px-6dcf5134']
discovery.seed_hosts: ['px-6dcf5134']
plugins.security.nodes_dn: 
  - 'CN=CONTROL-M_EM_ES_transport,O=ChangeMe,L=ChangeMeL,ST=ChangeMeST,C=CM'

opensearch_dashboards.yml

---
server.port: 15061
server.host: '0.0.0.0'
opensearch.hosts: ['https://localhost:19200']
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Global"]
opensearch_security.multitenancy.tenants.enable_private: false
opensearch_security.readonly_mode.roles: ["kibana_read_only","kibana_read"]
opensearch_security.cookie.secure: false

# Use this setting if you are running opensearch-dashboards without https
#server.rewriteBasePath: true
server.basePath: "/services-proxy/kibana"
csp.warnLegacyBrowsers: false
csp.rules:
 - "script-src 'unsafe-eval' 'self' 'unsafe-inline'"
# Options for the logging rotate feature
logging.rotate:
   enabled: true
   everyBytes: 10000000
   keepFiles: 5
   usePolling: true
   pollingInterval: 10000

#logging.quiet : true
#logging.verbose: true
opensearch.ssl.certificateAuthorities: ['C:\\Program Files\\BMC Software\\Control-M EM\\Default\\ini\\ssl\\elastic_ca.pem']
logging.dest: C:\Program Files\BMC Software\Control-M EM\Default\log\services\workflow_insights\opensearch-dashboards.log
server.ssl.enabled: true
server.ssl.key: C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-key.pem
server.ssl.certificate: C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-crt.pem
opensearch.ssl.key: C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-key.pem
opensearch.ssl.certificate: C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-crt.pem

roles.yml

_meta:
  type: "roles"
  config_version: 2

kibana_only_read:
  reserved: false
  cluster_permissions:
    - cluster_composite_ops_ro
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'read'
  tenant_permissions:
    - tenant_patterns:
        - 'global_tenant'
      allowed_actions:
        - 'kibana_all_write'
        

# Restrict users so they can only view visualization and dashboard on kibana
kibana_read_only:
  reserved: true

# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
security_rest_api_access:
  reserved: true
 
# Allows users to view monitors, destinations and alerts
alerting_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/get'
    - 'cluster:admin/opendistro/alerting/destination/get'
    - 'cluster:admin/opendistro/alerting/monitor/get'
    - 'cluster:admin/opendistro/alerting/monitor/search'

# Allows users to view and acknowledge alerts
alerting_ack_alerts:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/*'

# Allows users to use all alerting functionality
alerting_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/alerting/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'

# Allow users to read Anomaly Detection detectors and results
anomaly_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/ad/detector/info'
    - 'cluster:admin/opendistro/ad/detector/search'
    - 'cluster:admin/opendistro/ad/detectors/get'
    - 'cluster:admin/opendistro/ad/result/search'

# Allows users to use all Anomaly Detection functionality
anomaly_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/ad/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'

# Allows users to read and download Reports
reports_instances_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

# Allows users to read and download Reports and Report-definitions
reports_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

# Allows users to all Reports functionality
reports_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/create'
    - 'cluster:admin/opendistro/reports/definition/update'
    - 'cluster:admin/opendistro/reports/definition/on_demand'
    - 'cluster:admin/opendistro/reports/definition/delete'
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

roles_mapping.yml

---
# In this file users, backendroles and hosts can be mapped to Security roles.
# Permissions for OpenSearch roles are configured in roles.yml

_meta:
  type: "rolesmapping"
  config_version: 2

# Define your roles mapping here

## Demo roles mapping

all_access:
  reserved: false
  backend_roles:
  - "admin"
  description: "Maps admin to all_access"

own_index:
  reserved: false
  users:
  - "*"
  description: "Allow full access to an index named like the username"

logstash:
  reserved: false
  backend_roles:
  - "logstash"

kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  description: "Maps kibanauser to kibana_user"

readall:
  reserved: false
  backend_roles:
  - "readall"

manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"

kibana_server:
  reserved: true
  users:
  - "kibanaserver"

Relevant Logs or Screenshots:

opensearch-dashboards.log

{"type":"log","@timestamp":"2025-03-10T09:07:12Z","tags":["warning","config","deprecation"],"pid":408,"message":"You should set server.basePath along with server.rewriteBasePath. OpenSearch Dashboards will expect that all requests start with server.basePath rather than expecting you to rewrite the requests in your reverse proxy. Set server.rewriteBasePath to false to preserve the current behavior and silence this warning."}
{"type":"log","@timestamp":"2025-03-10T09:07:12Z","tags":["warning","config","deprecation"],"pid":408,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
{"type":"log","@timestamp":"2025-03-10T09:07:12Z","tags":["info","dynamic-config-service"],"pid":408,"message":"registering middleware to inject context to AsyncLocalStorage"}
{"type":"log","@timestamp":"2025-03-10T09:07:12Z","tags":["info","plugins-system"],"pid":408,"message":"Setting up [56] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,embeddable,legacyExport,expressions,data,savedObjects,queryEnhancements,home,dashboard,visualizations,tileMap,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,regionMap,inputControlVis,visualize,ganttChartDashboards,apmOss,management,indexPatternManagement,dataSourceManagement,securityAnalyticsDashboards,searchRelevanceDashboards,reportsDashboards,mlCommonsDashboards,indexManagementDashboards,flowFrameworkDashboards,customImportMapDashboards,assistantDashboards,anomalyDetectionDashboards,alertingDashboards,console,queryInsightsDashboards,notificationsDashboards,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,observabilityDashboards,queryWorkbenchDashboards,bfetch]"}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["info","plugins","queryEnhancements"],"pid":408,"message":"queryEnhancements: Setup complete"}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["info","dynamic-config-service"],"pid":408,"message":"initiating start()"}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["info","dynamic-config-service"],"pid":408,"message":"finished start()"}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["info","savedobjects-service"],"pid":408,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["error","opensearch","data"],"pid":408,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["error","savedobjects-service"],"pid":408,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2025-03-10T09:07:16Z","tags":["error","opensearch","data"],"pid":408,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2025-03-10T09:07:18Z","tags":["error","opensearch","data"],"pid":408,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2025-03-10T09:07:21Z","tags":["error","opensearch","data"],"pid":408,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2025-03-10T09:07:23Z","tags":["error","opensearch","data"],"pid":408,"message":"[ResponseError]: Response Error"}
2

@nap608 As per your issue title and logs

{"type":"log","@timestamp":"2025-03-10T09:07:13Z","tags":["error","savedobjects-service"],"pid":408,"message":"Unable to retrieve version information from OpenSearch nodes."}

It means that OpenSearch Dashboards can’t connect to OpenSearch node (localhost:19200)

How did you deploy the cluster? Are OpenSearch Dashobards and OpenSearch on the same virtual machine?

Can you connect to the cluster with curl from OpenSearch Dashboards VM?

curl --insecure -u <username>:<password> -XGET https://localhost:19200
3

Did you test curl with this certificate and key?

curl --insecure --cert C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-crt.pem --key C:\Program Files\BMC Software\Control-M EM\Default\opensearch-dashboards\config\certificates\kibana-node-key.pem -XGET https://localhost:19200

Please share your config.yml file.