What User Role(s) Needed for Magento 2.4.6-p5 Access

Totally new to Elasticsearch, so please be gentle.

I have Elasticsearch v8.14.3 installed on Linux Mint v21.3 (Ubuntu base) and I am trying to find out what User Roles needs to be assigned to a user for my Magento v2.4.6-p5 installation to access.

The Elasticsearch8 module is installed in Magento, the Elasticsearch7 module has been removed as per the Adobe/Magento docs. The OpenSearch Module is disabled as well. All Elasticsearch7 and OpenSearch data has also been cleared in the database.

I am trying to troubleshoot my connection, but can't tell where the breakdown is happening. Is it on the Magento side or the Elasticsearch side or a little of both.

When I remotely run my _cat/health and _cat/nodes commands, everything comes back named properly and green. I have a few superusers setup, but not sure what User Roles that I need for Magento access (not superuser). None of the Adobe/Magento docs say, nor does any of the Elasticsearch docs.

I have read through the User Role docs and have just taken a sort of educated guess as to which Roles to assign. Here is what I currently have for my Magento User...

• remote_monitoring_agent
• transport_client
• viewer

I have absolutely no idea if these are the correct Role assignments.

Can someone please confirm or direct me to the docs that shows what it's supposed to be?

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance. See What is OpenSearch and the OpenSearch Dashboard? | Elastic for more details.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

OpenSearch is not installed on my system and completely disabled in my Magento installation. I have it noted in the post to cover those potential questions.

This is an Elasticsearch/Magento specific question.

I'm not a magento user, and my knowledge is limited to what's in their the docs, so please bear with me if I make any stupid suggestions.

I assume you're following these docs:

• Search engine configuration | Adobe Commerce

And are aware of these issues (since you mentioned uninstalling the OpenSearch module, etc):

• magento2 - Magento 2.4.6 Install with Elasticsearch - Magento Stack Exchange

My advice would be to try configuring Magento with a superuser to start with so that you can determine whether the problem is to do with access permissions, or something else. A superuser can do (almost) everything, so if it doesn't work with a superuser, then the problem must be something else.

If the superuser works, then I would expect you probably need to create a custom role for Magento. Their docs don't say what APIs they need access to, but I assume they need read and write access to the indices that you configure in the Index Prefix field.

You can create a custom role in Kibana's role management UI

• Kibana role management | Kibana Guide [8.14] | Elastic

My best guess is that you want to create a role like this:

Magento-role1750×2284 294 KB

Where I have Indices set to magento-prefix-* you'd replace magento-prefix with whatever you put in the Index Prefix field in magento (but make sure you put * at the end so it matches all indices with that prefix).

If that doesn't work, let us know what errors you see (in Magento or Elasticsearch) and we can try and guess what they need you to do to fix it.

Thank you for the quick response Mr Vernum.

Any assistance or direction is more than welcome.

I have gone through the Search Engine Configuration (Adobe Commerce) docs and the Magento Stack Exchange post prior to opening this request for help. Despite having already looked through that info, thank you for offering it up as a potential.

I did setup the Magento User with the "superuser" Role as suggested. Thank you for that suggestion. I do not have Kibana installed as of yet.

my curl testing on the cluster via http://[domain]:9200, http://[domain]:9200/_cat/nodes, and http://[domain]:9200/_cat/health all responds properly with the status marked as "green". I have tested locally as well as remotely. The xpack.security.enabled is set to "false". With it set to "false", I have not needed to enter any sort of User/Pass to get the command results. Is that normal?

I did find in my Elasticsearch logs this one message that is repeating...

"[2024-08-01T00:00:05,502][WARN ][o.e.c.c.Coordinator ] [mco-node-01]
This node is a fully-formed single-node cluster with cluster UUID [KyTIChCLQpS0IIpqDl6uxQ], but it is configured as if to discover other nodes and form a multi-node cluster via the [discovery.seed_hosts=[127.0.0.1, 192.168.0.10, [::1]]] setting. Fully-formed clusters do not attempt to discover other nodes, and nodes with different cluster UUIDs cannot belong to the same cluster. The cluster UUID persists across restarts and can only be changed by deleting the contents of the node's data path(s). Remove the discovery configuration to suppress this message."

In the elasticsearch.yml file, the discovery.seeds_hosts is commented out (#) properly, so I am not sure as to why that is stil showing up in the logs when I restart Elasticsearch.

As far as Magento goes, it is showing, "Could not ping search engine: No alive nodes. All the 1 nodes seem to be down.". The Magento Stack Exchange post talks specifically about that message, but the information on that post didn't help my situation.

This seems like a compounded issue, some Elasticsearch and some Magento. If I can at least get this side to be verified, then I can step away from this part and focus on the Magento connectivity piece.

Thank you again for any assistance or direction. It's greatly appreciated.

When I am running my curl tests, here are the results of those. I believe they are responding properly and should show that my Elasticsearch is functioning properly. Could someone please confirm.

hasu@Hasu-PE-R415:~$ curl http://---redacted---.net:9200
{
"name" : "node01",
"cluster_name" : "magento",
"cluster_uuid" : "KyTI---redacted---6uxQ",
"version" : {
"number" : "8.14.3",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "d55f984299e0e88dee72ebd8255f7ff130859ad0",
"build_date" : "2024-07-07T22:04:49.882652950Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}

hasu@Hasu-PE-R415:~$ curl -XGET http://---redacted---.net:9200/_cat/nodes?pretty
192.168.0.10 2 56 1 1.86 0.76 0.37 cdfhilmrstw * node01

hasu@Hasu-PE-R415:~$ curl -XGET http://---redacted---.net:9200/_cat/health?pretty
1722615315 16:15:15 magento green 1 1 1 1 0 0 0 0 - 100.0%

hasu@Hasu-PE-R415:~$