If Elasticsearch is killed mid-security-setup and restarted, the elastic user can't authenticate — requests return 401. The bootstrap password also doesn't work, suggesting the security initialization got far enough to set up the native realm but not far enough to set the elastic user's password (or the password was set but the security index is corrupted from the interruption).
The role doesn't have a recovery path for this state. On restart it assumes security is already configured (the security index exists) and skips the bootstrap flow, but the elastic user's credentials aren't usable.
This is an edge case but it does happen in practice when a node is restarted or crashes during initial deployment. A possible fix would be to detect the half-configured state (security index exists but elastic user auth fails) and re-run the password setup using the bootstrap password or keystore reset.
Found during integration testing of #39 (scenario L1: kill ES mid-security-setup, restart, verify recovery).
If Elasticsearch is killed mid-security-setup and restarted, the elastic user can't authenticate — requests return 401. The bootstrap password also doesn't work, suggesting the security initialization got far enough to set up the native realm but not far enough to set the elastic user's password (or the password was set but the security index is corrupted from the interruption).
The role doesn't have a recovery path for this state. On restart it assumes security is already configured (the security index exists) and skips the bootstrap flow, but the elastic user's credentials aren't usable.
This is an edge case but it does happen in practice when a node is restarted or crashes during initial deployment. A possible fix would be to detect the half-configured state (security index exists but elastic user auth fails) and re-run the password setup using the bootstrap password or keystore reset.
Found during integration testing of #39 (scenario L1: kill ES mid-security-setup, restart, verify recovery).