1470368 – SearchGuard times out seeding ES pod's .seachguard.$HOSTNAME index

Bug 1470368 - SearchGuard times out seeding ES pod's .seachguard.$HOSTNAME index

Summary: SearchGuard times out seeding ES pod's .seachguard.$HOSTNAME index

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	3.4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.4.z
Assignee:	Jeff Cantrill
QA Contact:	Junqi Zhao
Docs Contact:
URL:
Whiteboard:
Depends On:	1457642 1474689
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-12 20:13 UTC by Jeff Cantrill
Modified:	2021-09-09 12:26 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Sometimes during index recovery, the SG ACL initialization fails because the cluster does not get into the proper state before timing out Consequence: ES cluster is rendered unusable because there is no initial authorization and no requests are allowed. Fix: Continually try to seed the SG ACLs until they succeed Result: ES is functional
Clone Of:	1457642
Environment:
Last Closed:	2017-08-31 17:00:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
es log (16.00 KB, text/plain) 2017-08-01 01:46 UTC, Junqi Zhao	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift origin-aggregated-logging pull 526	None	None	None	2017-07-12 21:08:03 UTC
Red Hat Knowledge Base (Solution)	3093741	None	None	None	2017-07-12 20:13:39 UTC
Red Hat Product Errata	RHBA-2017:1828	normal	SHIPPED_LIVE	OpenShift Container Platform 3.5, 3.4, and 3.3 bug fix update	2017-08-31 20:59:56 UTC

Comment 3 Junqi Zhao 2017-08-01 01:44:44 UTC

Tested, although there were errors in ES and ES-OPS log:
"[ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized",

ES and ES-OPS pods were running well. ES and ES-OPS log see the attached file

Used images from brew registry
logging-deployer:v3.4.1.44.8-1
logging-kibana:3.4.1-25
logging-fluentd:3.4.1-22
logging-elasticsearch:3.4.1-37
logging-auth-proxy:3.4.1-26
logging-curator:3.4.1-20

Comment 4 Junqi Zhao 2017-08-01 01:46:26 UTC

Created attachment 1307323 [details]
es  log

Comment 6 errata-xmlrpc 2017-08-31 17:00:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1828

Note You need to log in before you can comment on or make changes to this bug.