Description of problem: Steps to Reproduce: 1. Install aggregated logging stack 2. Pick a running ES pod 3. oc exec <pod> -- curl -s --key /etc/elasticsearch/secret/admin-key --cert /etc/elasticsearch/secret/admin-cert --cacert /etc/elasticsearch/secret/admin-ca 'https://localhost:9200/_cat/indices' 4. oc exec <pod> -- curl -s --key /etc/elasticsearch/secret/admin-key --cert /etc/elasticsearch/secret/admin-cert --cacert /etc/elasticsearch/secret/admin-ca 'https://localhost:9200/_cat/count' Actual results: 3. {"error":"RuntimeException[java.lang.NullPointerException]; nested: NullPointerException; ","status":500} In ES logs: [2016-08-24 13:52:08,063][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Error while apply() due to java.lang.NullPointerException for action indices:monitor/stats java.lang.NullPointerException at java.util.Objects.requireNonNull(Objects.java:203) at java.util.Arrays$ArrayList.<init>(Arrays.java:3813) at java.util.Arrays.asList(Arrays.java:3800) at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply0(SearchGuardActionFilter.java:191) 4. {"error":"ForbiddenException[Attempt from null to _all indices for indices:data/read/count and User [name=system.admin, roles=[]]]","status":403} In ES logs: [2016-08-24 13:53:42,868][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Attempt from null to _all indices for indices:data/read/count and User [name=system.admin, roles=[]] [2016-08-24 13:53:42,923][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Forbidden while apply() due to com.floragunn.searchguard.authorization.ForbiddenException: Attempt from null to _all indices for indices:data/read/count and User [name=system.admin, roles=[]] for action indices:data/read/count com.floragunn.searchguard.authorization.ForbiddenException: Attempt from null to _all indices for indices:data/read/count and User [name=system.admin, roles=[]] at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply0(SearchGuardActionFilter.java:199) Expected results: Successful access on both queries. See https://www.elastic.co/guide/en/elasticsearch/reference/1.5/cat-count.html Additional info: Some admin functions do work, such as health checks, master/nodes, and hot threads (https://www.elastic.co/guide/en/elasticsearch/reference/1.5/cluster-nodes-hot-threads.html).
*** Bug 1373611 has been marked as a duplicate of this bug. ***
This also applies to creating Elasticsearch snapshots. Repositories can be created as the admin user, but snapshots (on PV, mounted on s) can't be created. Tested in OpenShift 3.2.1 [root@master ~]# oc rsh logging-es-mo8mov2a-3-5tile sh-4.2$ cat /snapshot/create_repo.sh curl -XPUT --key /etc/elasticsearch/keys/admin-key --cert /etc/elasticsearch/keys/admin-cert --cacert /etc/elasticsearch/keys/admin-ca "https://localhost:9200/_snapshot/backup" -d ' { "type": "fs", "settings": { "location": "/snapshot/backup", "compress": true } }' sh-4.2$ sh /snapshot/create_repo.sh {"acknowledged":true}sh-4.2$ sh-4.2$ cat /snapshot/create_snapshot.sh curl -XPUT --key /etc/elasticsearch/keys/admin-key --cert /etc/elasticsearch/keys/admin-cert --cacert /etc/elasticsearch/keys/admin-ca "https://localhost:9200/_snapshot/backup/snapshot_1?wait_for_completion=true" sh-4.2$ /snapshot/create_snapshot.sh {"error":"ForbiddenException[Attempt from null to _all indices for cluster:admin/snapshot/create and User [name=system.admin, roles=[]]]","status":403}sh-4.2$
This issue was fixed in 3.3 or 3.4. I'm closing this bug.