Facing issue in elasticsearch - /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy

Elastic Stack Elasticsearch
1

Hello,
I'm trying to enable Google OAuth with Elasticsearch using - Set up OpenID Connect with Azure, Google, or Okta | Elasticsearch Service Documentation | Elastic
I'm deploying this to Kubernetes and using Elastic helm charts - GitHub - elastic/helm-charts: You know, for Kubernetes
I'm getting following error while deploying the Elasticsearch

Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp -> /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:420)
	at java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:266)
	at java.base/java.nio.file.Files.move(Files.java:1430)
	at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:498)
	at org.elasticsearch.common.settings.KeyStoreWrapper.save(KeyStoreWrapper.java:412)
	at org.elasticsearch.cli.keystore.AddStringKeyStoreCommand.executeCommand(AddStringKeyStoreCommand.java:102)
	at org.elasticsearch.cli.keystore.BaseKeyStoreCommand.execute(BaseKeyStoreCommand.java:64)
	at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
	at org.elasticsearch.cli.Command.main(Command.java:50)
	at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)

My values.yaml

---

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.authc.token.enabled: true
    xpack.security.authc.realms.oidc.oidc1.order: 2
    xpack.security.authc.realms.oidc.oidc1.rp.client_id: "xxxxxxxxx"
    xpack.security.authc.realms.oidc.oidc1.rp.response_type: "code"
    xpack.security.authc.realms.oidc.oidc1.rp.requested_scopes: ["openid", "email"]
    xpack.security.authc.realms.oidc.oidc1.rp.redirect_uri: "https://qalogs.test.com/api/security/oidc/callback"
    xpack.security.authc.realms.oidc.oidc1.op.issuer: "https://accounts.google.com"
    xpack.security.authc.realms.oidc.oidc1.op.authorization_endpoint: "https://accounts.google.com/o/oauth2/v2/auth"
    xpack.security.authc.realms.oidc.oidc1.op.token_endpoint: "https://oauth2.googleapis.com/token"
    xpack.security.authc.realms.oidc.oidc1.op.userinfo_endpoint: "https://openidconnect.googleapis.com/v1/userinfo"
    xpack.security.authc.realms.oidc.oidc1.op.jwkset_path: "https://www.googleapis.com/oauth2/v3/certs"
    xpack.security.authc.realms.oidc.oidc1.claims.principal: email
    xpack.security.authc.realms.oidc.oidc1.claim_patterns.principal: "^([^@]+)@test.com\\.TLD$"

keystore:
  - secretName: es-auth-client-secret
secret:
  enabled: true
  password: "test123@"

resources:
  requests:
    cpu: "250m"
    memory: "1Gi"
  limits:
    cpu: "1000m"
    memory: "1Gi"

# Request smaller persistent volumes.
volumeClaimTemplate:
  accessModes: [ "ReadWriteOnce" ]
  storageClassName: "gp2"
  resources:
    requests:
      storage: 10Gi

I have created secret using following command
kubectl create secret generic es-auth-client-secret --from-literal=xpack.security.authc.realms.oidc.oidc1.rp.client_secret="xxxxxxx" -n es-stack
Can you please help me troubleshooting this issue?
Thanks in advance!

2

Hi,

Ensure that the Elasticsearch process has write permissions to the /usr/share/elasticsearch/config/ directory and the elasticsearch.keystore file.

Regards

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.