I have ES 5.2.2 and X-Pack 5.2.2 security with Authentication mechanism:
I have 6 Data Node in cluster. I have created Following Role(yy_elastic_search_role) and User(yy_transport_client) in cluster(native realm).
From 5 Node I am able to execute query, but on one of Node(Node6) I am seeing Exception:
[DEBUG][o.e.a.a.c.n.i.TransportNodesInfoAction] [xxxx-esa32-1] failed to execute on node [e4BtZsc2QqiFhCOVn2qcOg]
org.elasticsearch.transport.RemoteTransportException: [xxxx-esa32-1][1.1.1.151:7571][cluster:monitor/nodes/info[n]]
Caused by: org.elasticsearch.ElasticsearchSecurityException: action [cluster:monitor/nodes/info[n]] is unauthorized for user [**yy_transport_client**]
But at same time If I assign "SuperUser" role to yy_transport_client then I am able to run query from this Node(Node6) too.
Please make the effort to format your post to be as readable as possible - there's a live preview panel for exactly this reasons. In particular, please use the </> button to pre-format code or configuration files.
Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
I have created users and roles through curl command(user management api).
Cluster was green when i created user and roles. So from other nodes I am able to run query, only one node is creating Issue. But same time if I assign SuperUser role, I am able to run Query on Culprit node too.
Just to add few things, The node where I am not able to Run Query with Custom User was started 3 days back due to power failure on this server and this is Virtual Machine. Earlier prior to restart I was able to run Query.
I think you've hit a caching problem.
Elasticsearch 5.2 is now a year old, and in that time we resolved a number of problems related to caching of users and roles.
My guess is that the broken node has a cache that thinks this role doesn't exist.
There are multiple fixes across multiple versions, you will need to read the release notes yourself.
If you are considering upgrading, then you should upgrade to the most recent version with the same major release (in this case 5.6.x) as that will be the most stable and supported version, and will facilitate upgrading to the next major release in the future.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.