Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1470368

Summary: SearchGuard times out seeding ES pod's .seachguard.$HOSTNAME index
Product: OpenShift Container Platform Reporter: Jeff Cantrill <jcantril>
Component: LoggingAssignee: Jeff Cantrill <jcantril>
Status: CLOSED ERRATA QA Contact: Junqi Zhao <juzhao>
Severity: high Docs Contact:
Priority: high    
Version: 3.4.1CC: aos-bugs, clichybi, fcami, jkaur, juzhao, pdwyer, pportant, rmeggins, smunilla, stwalter, wsun, xiazhao
Target Milestone: ---   
Target Release: 3.4.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Sometimes during index recovery, the SG ACL initialization fails because the cluster does not get into the proper state before timing out Consequence: ES cluster is rendered unusable because there is no initial authorization and no requests are allowed. Fix: Continually try to seed the SG ACLs until they succeed Result: ES is functional
 Story Points: ---
Clone Of: 1457642 Environment:
Last Closed: 2017-08-31 17:00:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1457642, 1474689    
Bug Blocks:    
Attachments:
Description Flags
es log none

Comment 3 Junqi Zhao 2017-08-01 01:44:44 UTC 
Tested, although there were errors in ES and ES-OPS log:
"[ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized",

ES and ES-OPS pods were running well. ES and ES-OPS log see the attached file

Used images from brew registry
logging-deployer:v3.4.1.44.8-1
logging-kibana:3.4.1-25
logging-fluentd:3.4.1-22
logging-elasticsearch:3.4.1-37
logging-auth-proxy:3.4.1-26
logging-curator:3.4.1-20
Comment 4 Junqi Zhao 2017-08-01 01:46:26 UTC 
Created attachment 1307323 [details]
es  log
Comment 6 errata-xmlrpc 2017-08-31 17:00:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1828