Description of problem: index management jobs failing with error while attempting to determine the active write alias no permissions Version-Release number of selected component (if applicable): elasticsearch-operator v4.6.z Actual results: 2021-06-24T09:15:08.090393695Z Error while attemping to determine the active write alias: {'error': {'root_cause': [ {'type': 'security_exception', 'reason': 'no permissions for [indices:admin/aliases/get] and User [name=system:serviceaccount:openshift-logging:elasticsearch, roles=[admin_reader], requestedTenant=null]'} ], 'type': 'security_exception', 'reason': 'no permissions for [indices:admin/aliases/get] and User [name=system:serviceaccount:openshift-logging:elasticsearch, roles=[admin_reader], requestedTenant=null]'}, 'status': 403} Expected results: Rollover jobs executed without errors
Verified by QE on 4.6. No errors seen on Index management jobs. NAME DISPLAY VERSION REPLACES PHASE clusterlogging.4.6.0-202108311008 Cluster Logging 4.6.0-202108311008 clusterlogging.4.6.0-202107292226 Succeeded elasticsearch-operator.4.6.0-202108311008 OpenShift Elasticsearch Operator 4.6.0-202108311008 elasticsearch-operator.4.6.0-202107291702 Succeeded [kbharti@cube ~]$ oc logs elasticsearch-im-app-1630588500-c96d6 Index management delete process starting No indices to delete Index management rollover process starting Current write index for app-write: app-000001 Checking results from _rollover call Next write index for app-write: app-000001 Checking if app-000001 exists Checking if app-000001 is the write index for app-write Done! [kbharti@cube ~]$ oc logs elasticsearch-im-audit-1630588500-whr6w Index management delete process starting No indices to delete Index management rollover process starting Current write index for audit-write: audit-000001 Checking results from _rollover call Next write index for audit-write: audit-000001 Checking if audit-000001 exists Checking if audit-000001 is the write index for audit-write Done! [kbharti@cube ~]$ oc logs elasticsearch-im-infra-1630588500-nvrl4 Index management delete process starting No indices to delete Index management rollover process starting Current write index for infra-write: infra-000001 Checking results from _rollover call Next write index for infra-write: infra-000001 Checking if infra-000001 exists Checking if infra-000001 is the write index for infra-write Done! Moving BZ to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.45 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3519