Description of problem: When starting up we see the following in the ES logs: Directory /etc/elasticsearch/secret has insecure file permissions (should be 0700) File /etc/elasticsearch/secret/admin.p12 has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/admin.jks has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/elasticsearch.p12 has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/searchguard.key has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/logging-es.p12 has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/key has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/truststore has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/searchguard.truststore has insecure file permissions (should be 0600) File /etc/elasticsearch/index_settings has insecure file permissions (should be 0600) Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Verified this bug on Cluster version is 4.6.0-0.nightly-2020-10-07-022140, no more seeing 'has insecure file permissions' logs in ES pods.
Saw the issue again in cluster 4.6.0-0.nightly-2020-10-12-223649 oc get csv NAME DISPLAY VERSION REPLACES PHASE clusterlogging.4.6.0-202010120952.p0 Cluster Logging 4.6.0-202010120952.p0 Succeeded elasticsearch-operator.4.6.0-202010130127.p0 Elasticsearch Operator 4.6.0-202010130127.p0 Succeeded Directory /etc/elasticsearch has insecure file permissions (should be 0700) Directory /etc/elasticsearch/scripts has insecure file permissions (should be 0700) Directory /etc/elasticsearch/secret has insecure file permissions (should be 0700) File /etc/elasticsearch/secret/admin.jks has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/searchguard.key has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/key has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/truststore has insecure file permissions (should be 0600) File /etc/elasticsearch/secret/searchguard.truststore has insecure file permissions (should be 0600) File /etc/elasticsearch/index_settings has insecure file permissions (should be 0600)
Setting target release to the active development branch (4.7.0). For any fixes, where required and requested, cloned BZs will be created for those release maintenance streams where appropriate once they are identified.
Setting target release to the active development branch (4.7.0). For any fixes, where required and requested, cloned BZs will be created for those release maintenance streams where appropriate once they are identified. Setting a tentative severity based on description as provided.
Setting UpcomingSprint as unable to resolve before EOD
Still seeing below 2 lines in ES pod logs: Directory /etc/elasticsearch has insecure file permissions (should be 0700) Directory /etc/elasticsearch/scripts has insecure file permissions (should be 0700)
(In reply to Giriyamma from comment #13) > Still seeing below 2 lines in ES pod logs: > > Directory /etc/elasticsearch has insecure file permissions (should be 0700) > Directory /etc/elasticsearch/scripts has insecure file permissions (should > be 0700) Those are expected to be there. Due to how we configure ES running we are unable to clear those for now.
as per Comment 13 , the issue is fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Errata Advisory for Openshift Logging 5.0.0), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0652