Hello X-Pack community,
After installing an elasticsearch cluster 5.6.3 on Kubernetes for about one week. One of my data nodes crushed and I can't access to the cluster anymore.
The master reports the following error:
The security index is not yet available - no role mappings can be loaded
Is there a way to disable xpack security dynamically ? How can I restore this index? I can't even access to the cluster state
Ps: my cluster is combined of 3 data nodes, one client and 3 masters.
Any help will be so appreciated !
The message you are quoting is not strictly an error. It's only logged as an
INFO message - by itself it is not the cause of whatever problem you are facing, though it may be making things more complicated to resolve.
Check your logs to see if ther e are more details about why you security index is not available - there should be something more detailed than that.
It is not possible to disable security dynamically, but you may be able to make some dynamic changes to re-enable access to your cluster.
What security realms are you using?
Thanks for your reply, I'm using basic authentication (username, password), here is the log trace:
[2017-11-12T06:12:32,751][WARN ][o.e.g.GatewayAllocator$InternalPrimaryShardAllocator] [yassir-es-master-1230842250-k3q6s] [.security]: failed to list shard for shard_started on node [7ydbQuEOR2OaCMRYYPA9YQ]
org.elasticsearch.action.FailedNodeException: Failed node [7ydbQuEOR2OaCMRYYPA9YQ]
at org.elasticsearch.action.support.nodes.TransportNodesAction$AsyncAction.onFailure(TransportNodesAction.java:239) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.nodes.TransportNodesAction$AsyncAction.access$200(TransportNodesAction.java:153) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.nodes.TransportNodesAction$AsyncAction$1.handleException(TransportNodesAction.java:211) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.transport.TransportService.sendRequest(TransportService.java:510) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.nodes.TransportNodesAction$AsyncAction.start(TransportNodesAction.java:197) ~[elasticsearch-5.6.3.jar:5.6.3]
... 50 more
The same exception is displayed for other X-Pack indices (watcher, watcher history, monitoring etc).
So this isn't really an X-Pack specific issue - you have a problem with a failed node that is causing you to have unavailable indices.
What happened to your cluster?
I'm using basic authentication
I mean where is that user defined? Have you set up AD/LDAP integration, did you create a user through the API, or are you just using the builtin users?
My best guess is that you haven't customised your security realms, so the simplest option is to add a new file-based superuser so that you can start to access the
_cat/ APIs and look at your cluster health in more detail.
You'll need to run the following command on every node in your cluster (but pick your own password)
bin/x-pack/users useradd admin -r superuser -p my-secret-password
That will create a new superuser called
admin with password
You can then use that to authenticate to the various health check APIs.
Yes as you guessed I'm using the builtin users, the above command will help me a lot.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.