You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Elasticsearch OpenDistro needs an initialization script in order to work correctly: securityadmin_demo.sh
While we still where on SearchGuard (OpenDistro is a fork of SearchGuard) we ran it's initialization script automatically, but we removed it (c9adf08#diff-bc467604b92d502b179cd997a32d015e) because we had the situation that the script was sometimes executed again while the cluster already was initialized and this caused quite some issues.
Nonetheless it would be really cool if OpenDistro initializes itself, because this would be one less step for it to run.
Therefore I think it would be good to find a way to run securityadmin_demo.sh automatically but with a better system than we used with SearchGuard.
I believe the problem with this code:
if [[ $(curl -s -XGET -k -u "admin:$LOGSDB_ADMIN_PASSWORD" "http://localhost:9200/_searchguard") =~ "Search Guard not initialized" ]]; then
echo "SearchGuard: Initializing..."
./sgadmin_demo.sh
fi
is that "Search Guard not initialized" is also returned if a new ES node comes into the cluster and did not sync the .searchguard indexes from another ES node yet, so it basically thought it is a fresh new cluster, while just later it would have received the .searchguard indexes from another node.
So I think we should make sure that:
securityadmin_demo.sh is really only ran once
securityadmin_demo.sh is also run only on the first node of the cluster (if we deploy via the elasticsearch-cluster type (aka a statefulset) it's always [servicename]-0, if it's elasticsearch (aka a Deploymentconfig) then it's a random pod name)
The text was updated successfully, but these errors were encountered:
Elasticsearch OpenDistro needs an initialization script in order to work correctly:
securityadmin_demo.sh
While we still where on SearchGuard (OpenDistro is a fork of SearchGuard) we ran it's initialization script automatically, but we removed it (c9adf08#diff-bc467604b92d502b179cd997a32d015e) because we had the situation that the script was sometimes executed again while the cluster already was initialized and this caused quite some issues.
Nonetheless it would be really cool if OpenDistro initializes itself, because this would be one less step for it to run.
Therefore I think it would be good to find a way to run
securityadmin_demo.sh
automatically but with a better system than we used with SearchGuard.I believe the problem with this code:
is that
"Search Guard not initialized"
is also returned if a new ES node comes into the cluster and did not sync the.searchguard
indexes from another ES node yet, so it basically thought it is a fresh new cluster, while just later it would have received the.searchguard
indexes from another node.So I think we should make sure that:
securityadmin_demo.sh
is really only ran oncesecurityadmin_demo.sh
is also run only on the first node of the cluster (if we deploy via theelasticsearch-cluster
type (aka a statefulset) it's always[servicename]-0
, if it'selasticsearch
(aka a Deploymentconfig) then it's a random pod name)The text was updated successfully, but these errors were encountered: