Elasticsearch-migrate returns java NullPointer error

bchill · November 13, 2021, 10:06pm

Hello,

I am getting a java error when using Elasticsearch-migrate. I realize this tool is deprecated and don't expect help.

To simplify the problem, I emptied the users file and created a single user, 'joe', with password 'joejoe' using the Elasticsearch-users tool (useradd mode), which worked fine:

# ls -l users
-rw-rw---- 1 root elasticsearch 65 Nov 13 16:56 users
# cat users
joe:$2a$08$m29sz92MBXNQsXttclp2dO6MlBQvgVyXUueGU.VdQ4xMgMdrxOuBO

.... Elasticsearch-migrate does not:

# elasticsearch-migrate native -u elastic -p XXXXX  -U https://myhost:9200
Warning: The migrate tool is deprecated. Use the native realm directly instead of file realms.
starting migration of users and roles...
importing users from [/etc/elasticsearch/users]...
found existing users: [apm_system, logstash_system, beats_system, remote_monitoring_user, elastic, kibana_system, kibana, bchill]
migrating user [joe]
Exception in thread "main" ElasticsearchException[failed to migrate user [joe] with body: n/a]; nested: NullPointerException;
	at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.importUsers(ESNativeRealmMigrateTool.java:284)
	at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:139)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:114)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:95)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:114)
	at org.elasticsearch.cli.Command.main(Command.java:79)
	at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:80)
Caused by: java.lang.NullPointerException
	at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.createUserJson(ESNativeRealmMigrateTool.java:235)
	at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.importUsers(ESNativeRealmMigrateTool.java:279)
	... 7 more

The basic communication seems to work, since it does find the existing users.

The Elasticsearch log (/var/log/Elasticsearch.log) only shows this new entry:

[2021-11-13T16:56:36,318][INFO ][o.e.x.s.a.f.FileUserPasswdStore] [myhost] users file [/etc/elasticsearch/users] changed. updating users...

system/software details:

# echo $ES_JAVA_HOME
/usr/lib/jvm/java-11-openjdk
# rpm -q elasticsearch
elasticsearch-7.15.1-1.x86_64
# cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)

Am I missing something obvious?

Yang_Wang · November 14, 2021, 11:37pm

This is because user joe does not have any roles. You need assign some roles to joe in the $CONFIG/users_roles file. Alternatively you can delete the user and re-create with roles, e.g.:

./bin/elasticsearch-users userdel joe
./bin/elasticsearch-users useradd joe -r SOME_ROLE

bchill · November 15, 2021, 7:21am

That worked. I guess I stumbled over a bug in a deprecated tool.

Thanks!

system · December 13, 2021, 7:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.