Akshay04
(Akshay)
January 12, 2024, 5:08am
1
Hello,
I'm trying to enable Google OAuth with Elasticsearch using - Set up OpenID Connect with Azure, Google, or Okta | Elasticsearch Service Documentation | Elastic
I'm deploying this to Kubernetes and using Elastic helm charts - GitHub - elastic/helm-charts: You know, for Kubernetes
I'm getting following error while deploying the Elasticsearch
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp -> /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:420)
at java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:266)
at java.base/java.nio.file.Files.move(Files.java:1430)
at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:498)
at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:412)
at org.elasticsearch.cli.keystore.AddStringKeyStoreCommand.executeCommand(AddStringKeyStoreCommand.java:102)
at org.elasticsearch.cli.keystore.BaseKeyStoreCommand.execute(BaseKeyStoreCommand.java:64)
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.Command.main(Command.java:50)
at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)
My values.yaml
---
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.oidc.oidc1.order: 2
xpack.security.authc.realms.oidc.oidc1.rp.client_id: "xxxxxxxxx"
xpack.security.authc.realms.oidc.oidc1.rp.response_type: "code"
xpack.security.authc.realms.oidc.oidc1.rp.requested_scopes: ["openid", "email"]
xpack.security.authc.realms.oidc.oidc1.rp.redirect_uri: "https://qalogs.test.com/api/security/oidc/callback"
xpack.security.authc.realms.oidc.oidc1.op.issuer: "https://accounts.google.com"
xpack.security.authc.realms.oidc.oidc1.op.authorization_endpoint: "https://accounts.google.com/o/oauth2/v2/auth"
xpack.security.authc.realms.oidc.oidc1.op.token_endpoint: "https://oauth2.googleapis.com/token"
xpack.security.authc.realms.oidc.oidc1.op.userinfo_endpoint: "https://openidconnect.googleapis.com/v1/userinfo"
xpack.security.authc.realms.oidc.oidc1.op.jwkset_path: "https://www.googleapis.com/oauth2/v3/certs"
xpack.security.authc.realms.oidc.oidc1.claims.principal: email
xpack.security.authc.realms.oidc.oidc1.claim_patterns.principal: "^([^@]+)@test.com\\.TLD$"
keystore:
- secretName: es-auth-client-secret
secret:
enabled: true
password: "test123@"
resources:
requests:
cpu: "250m"
memory: "1Gi"
limits:
cpu: "1000m"
memory: "1Gi"
# Request smaller persistent volumes.
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "gp2"
resources:
requests:
storage: 10Gi
I have created secret using following command
kubectl create secret generic es-auth-client-secret --from-literal=xpack.security.authc.realms.oidc.oidc1.rp.client_secret="xxxxxxx" -n es-stack
Can you please help me troubleshooting this issue?
Thanks in advance!
yago82
January 12, 2024, 2:23pm
2
Akshay04:
Hello,
I'm trying to enable Google OAuth with Elasticsearch using - Set up OpenID Connect with Azure, Google, or Okta | Elasticsearch Service Documentation | Elastic
I'm deploying this to Kubernetes and using Elastic helm charts - GitHub - elastic/helm-charts: You know, for Kubernetes
I'm getting following error while deploying the Elasticsearch
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp -> /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:420)
at java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:266)
at java.base/java.nio.file.Files.move(Files.java:1430)
at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:498)
at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:412)
at org.elasticsearch.cli.keystore.AddStringKeyStoreCommand.executeCommand(AddStringKeyStoreCommand.java:102)
at org.elasticsearch.cli.keystore.BaseKeyStoreCommand.execute(BaseKeyStoreCommand.java:64)
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.Command.main(Command.java:50)
at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)
My values.yaml
---
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.oidc.oidc1.order: 2
xpack.security.authc.realms.oidc.oidc1.rp.client_id: "xxxxxxxxx"
xpack.security.authc.realms.oidc.oidc1.rp.response_type: "code"
xpack.security.authc.realms.oidc.oidc1.rp.requested_scopes: ["openid", "email"]
xpack.security.authc.realms.oidc.oidc1.rp.redirect_uri: "https://qalogs.test.com/api/security/oidc/callback"
xpack.security.authc.realms.oidc.oidc1.op.issuer: "https://accounts.google.com"
xpack.security.authc.realms.oidc.oidc1.op.authorization_endpoint: "https://accounts.google.com/o/oauth2/v2/auth"
xpack.security.authc.realms.oidc.oidc1.op.token_endpoint: "https://oauth2.googleapis.com/token"
xpack.security.authc.realms.oidc.oidc1.op.userinfo_endpoint: "https://openidconnect.googleapis.com/v1/userinfo"
xpack.security.authc.realms.oidc.oidc1.op.jwkset_path: "https://www.googleapis.com/oauth2/v3/certs"
xpack.security.authc.realms.oidc.oidc1.claims.principal: email
xpack.security.authc.realms.oidc.oidc1.claim_patterns.principal: "^([^@]+)@test.com\\.TLD$"
keystore:
- secretName: es-auth-client-secret
secret:
enabled: true
password: "test123@"
resources:
requests:
cpu: "250m"
memory: "1Gi"
limits:
cpu: "1000m"
memory: "1Gi"
# Request smaller persistent volumes.
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "gp2"
resources:
requests:
storage: 10Gi
I have created secret using following command
kubectl create secret generic es-auth-client-secret --from-literal=xpack.security.authc.realms.oidc.oidc1.rp.client_secret="xxxxxxx" -n es-stack
Can you please help me troubleshooting this issue?
Thanks in advance!
Hi,
Ensure that the Elasticsearch process has write permissions to the /usr/share/elasticsearch/config/
directory and the elasticsearch.keystore
file.
Regards
system
(system)
Closed
February 9, 2024, 2:24pm
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.