perfsonar-user - Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update
Subject: perfSONAR User Q&A and Other Discussion
List archive
Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update
Chronological Thread
- From: Andreas Haupt <>
- To:
- Subject: Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update
- Date: Tue, 06 Jun 2023 16:06:32 +0200
- Dkim-filter: OpenDKIM Filter v2.11.0 smtp-o-3.desy.de C194E6080E
- Organization: DESY
Hi Andrew,
On Tue, 2023-06-06 at 05:33 -0700, Andrew Lake wrote:
> Hi,
>
> Would it be possible to try a clean install on the SL box? I suspect there
> is a partial setup which is not triggering the desired scripts. You could
> also just do a “yum remove perfsonar-toolkit perfsonar-archive perfsonar-
> logstash perfsonar-logstash-output-plugin opensearch” followed by a “yum
> install perfsonar-toolkit”.
Still same issue, but now I see the problem. I think the order of the OS
checks is just wrong. This patch would fix it:
---
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh.orig 202
3-06-06 15:32:29.274094862 +0200
+++
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh
2023-06-0615:32:44.382677776+0200
@@ -1,9 +1,9 @@
#!/bin/bash
-if command -v lsb_release &> /dev/null; then
- OS=$(lsb_release -si)
-elif [ -e '/etc/redhat-release' ]; then
+if [ -e '/etc/redhat-release' ]; then
OS="redhat"
+elif command -v lsb_release &> /dev/null; then
+ OS=$(lsb_release -si)
else
OS="Unknown"
fi
@@ -21,4 +21,4 @@
else
echo "$0 - [ERROR]: Unknown operating system"
exit 1
-fi
\ No newline at end of file
+fi
Same patch needs to be applied to
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh
Otherwise the installations ends up this way:
[...]
Running transaction
Installing : opensearch-2.6.0-1.x86_64
1/7
### NOT starting on installation, please execute the following statements to
configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in
/var/log/opensearch/install_demo_configuration.log
Installing : perfsonar-logstash-output-plugin-5.0.2-1.el7.noarch
2/7
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in
version 9.0 and will likely be removed in a future release.
Installing file:
/usr/lib/perfsonar//logstash/plugin/logstash-output-plugin-offline-7.17.9.zip
Resolving
dependencies................................................................................................
Install successful
Installing : perfsonar-logstash-5.0.2-1.el7.noarch
3/7
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh - [ERROR]:
Unknown operating system
Created symlink from
/etc/systemd/system/multi-user.target.wants/logstash.service to
/etc/systemd/system/logstash.service.
Installing : perfsonar-archive-5.0.2-1.el7.noarch
4/7
Created symlink from
/etc/systemd/system/multi-user.target.wants/opensearch.service to
/usr/lib/systemd/system/opensearch.service.
Created symlink from
/etc/systemd/system/multi-user.target.wants/logstash.service to
/etc/systemd/system/logstash.service.
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh -
[ERROR]: Unknown operating system
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
ERR: An unexpected IllegalArgumentException occured: Could not find
certificate file /etc/opensearch/admin.pem
Trace:
java.lang.IllegalArgumentException: Could not find certificate file
/etc/opensearch/admin.pem
at
org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1476)
at
org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:458)
at
org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
Caused by: java.io.FileNotFoundException: /etc/opensearch/admin.pem (No such
file or directory)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:216)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157)
at
org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1473)
... 2 more
grep: /etc/perfsonar/opensearch/auth_setup.out: No such file or directory
Unable to find admin password in /etc/perfsonar/opensearch/auth_setup.out.
Exiting.
grep: /etc/perfsonar/opensearch/auth_setup.out: No such file or directory
Installing : perfsonar-toolkit-archive-utils-5.0.2-1.el7.noarch
5/7
Installing : perfsonar-core-5.0.2-1.el7.noarch
6/7
Installing : perfsonar-toolkit-5.0.2-1.el7.noarch
7/7
Note: Forwarding request to 'systemctl enable httpd.service'.
Verifying : perfsonar-core-5.0.2-1.el7.noarch
1/7
Verifying : perfsonar-logstash-5.0.2-1.el7.noarch
2/7
Verifying : perfsonar-logstash-output-plugin-5.0.2-1.el7.noarch
3/7
Verifying : perfsonar-toolkit-archive-utils-5.0.2-1.el7.noarch
4/7
Verifying : perfsonar-toolkit-5.0.2-1.el7.noarch
5/7
Verifying : perfsonar-archive-5.0.2-1.el7.noarch
6/7
Verifying : opensearch-2.6.0-1.x86_64
7/7
Installed:
perfsonar-toolkit.noarch 0:5.0.2-1.el7
[...]
Same should actually apply for CentOS systems as the check is
"lsb_release -si" by default. The later check
if [[ $OS == "redhat" ]]; then
does not work on CentOS, either ... I find this indeed strange that it
works at so many other sites. Just for reference: this would be the output
of "$OS" without the above check on CentOS nodes:
[pal51] ~ % lsb_release -si
CentOS
And on my SL7 test system:
[gordo-vm33] /root # lsb_release -si
Scientific
Nevertheless, even after running patched
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh &
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh all
this does not get the archive configuration right, although many of the
errors vanish. Still "elasticsearch.exceptions.AuthenticationException"
shows up.
Cheers,
Andreas
--
| Andreas Haupt | E-Mail:
| DESY Zeuthen | WWW: http://www.zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andrew Lake, 06/01/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andrew Lake, 06/01/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andreas Haupt, 06/02/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andreas Haupt, 06/06/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andrew Lake, 06/06/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andreas Haupt, 06/06/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andrew Lake, 06/06/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andreas Haupt, 06/06/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andreas Haupt, 06/02/2023
- Re: [perfsonar-user] elasticsearch.exceptions.AuthenticationException since PS-5.0 Update, Andrew Lake, 06/01/2023
Archive powered by MHonArc 2.6.24.