OpenSearch Security not initialized

chenqi · October 14, 2021, 7:19am

Excuse me,When I try to get a message about the OpenSearch cluster, I get an error as follows:
{
“error” : {
“root_cause” : [
{
“type” : “security_exception”,
“reason” : “OpenSearch Security not initialized for cluster:monitor/health”
}
],
“type” : “security_exception”,
“reason” : “OpenSearch Security not initialized for cluster:monitor/health”
},
“status” : 503
}
How can I initialize OpenSearch Security?

Anthony · October 14, 2021, 7:33am

@chenqi
Most likely there is an error in config files which prevents from automatically initialising the index.

To troubleshoot, I would recommend running security_admin.sh script to try to upload the config:

./securityadmin.sh -cd ../securityconfig/ -icl -nhnv \
   -cacert ../../../config/root-ca.pem \
   -cert ../../../config/kirk.pem \
   -key ../../../config/kirk-key.pem

Any errors should be mentioned in the output.

Also assuming you have below line in opensearch.yml:

plugins.security.allow_default_init_securityindex: true

chenqi · October 14, 2021, 7:40am

Thanks for your reply, it worked!

Ark74 · January 25, 2022, 11:08pm

does this applies to docker compose too?

Anthony · January 26, 2022, 2:05pm

@Ark74 yes, but with dc, security index would not initialise to start with. Therefore a quick workaround for a faulty config, would be start docker-compose with all defaults, then connect to one of the containers and try to update the config with ./securityadmin.sh, you should be able to see the errors clearly then.

ddodoo · August 8, 2022, 11:11am

I run into an error when executing the securityadmin.sh script from the Documentation

./securityadmin.sh -cd …/…/…/config/opensearch-security/ -icl -nhnv
-cacert …/…/…/config/root-ca.pem
-cert …/…/…/config/kirk.pem
-key …/…/…/config/kirk-key.pem

I receive the following error response :

Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates) 
Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml 
If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

Can you help me troubleshoot the possible cause? @Anthony @chenqi
Kindly find my log file attached:

securityadmin_diag_trace

pablo · August 8, 2022, 4:21pm

@ddodoo Could you open a new thread with your question?

ddodoo · August 8, 2022, 4:26pm

Yes I can @pablo

I will do that right away

Topic		Replies	Views
Opensearch security not initialized; Securityadmin.sh not running Security troubleshoot , configure	10	2748	June 20, 2022
Open Search Security Not Initialized Security troubleshoot	21	5494	August 16, 2022
Setting up security for OpenSearch Security configure , install	3	1185	March 2, 2022
Following the steps in Quickstart guide does not work when deploying opensearch using docker-compose General Feedback	1	222	November 28, 2023
Opensearch configuration OpenSearch configure , install , security-issue	4	621	June 16, 2023

OpenSearch Security not initialized

Related Topics