We have spent countless hours attempting to configure OpenDistro security to no success. We have followed all the steps, added all the config files, etc.
This is the error we are experiencing.
Contacting elasticsearch cluster ‘elasticsearch’ …
ERR: Cannot retrieve cluster state due to: Open Distro Security not initialized for cluster:monitor/health.
Root cause: ElasticsearchSecurityException[Open Distro Security not initialized for cluster:monitor/health] (org.elasticsearch.ElasticsearchSecurityException/org.elasticsearch.ElasticsearchSecurityException)
- Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
- Make also sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in elasticsearch.yml
- If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
- Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Additionally, when tailing the logs on the master node:
[2019-09-12T00:50:12,186][WARN ][c.a.o.s.c.ConfigurationLoaderSecurity7] [es-opendistro-dev-coordinator-0] No data for actiongroups while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS] (index=.opendistro_security and type=null)
The diagnostics look clean and we have configured LDAP. We have confirmed that our admin and node certs are configured correctly too. Any guidance would be extremely appreciated.