perfSONAR User Q&A and Other Discussion

[William Leight <>]

Hi all,

       Raising this one again.  I found where the pscheduler_logstash role's permissions are set, in /etc/opensearch/opensearch-security/roles.yml, but adding indices:admin/create to the bottom of the pscheduler_logstash role definition, as shown below, didn't seem to do anything: after I restarted opensearch and logstash, the same error appeared.  The error message in the opensearch log file, also shown below, makes it seem like it's looking at this role to check the permissions, so it's really not clear to me why this isn't working.  Any advice on how to solve this would be much appreciated.

thanks,

will

pscheduler_logstash:
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster_manage_index_templates'
  index_permissions:
    - index_patterns:
      - 'pscheduler_*'
      - 'prometheus_*'
      allowed_actions:
      - 'write'
      - 'read'
      - 'delete'
      - 'create_index'
      - 'manage'
      - 'indices:admin/template/delete'
      - 'indices:admin/template/get'

      - 'indices:admin/template/put'
      - 'indices:admin/create'

[2024-07-17T16:47:45,367][INFO ][o.o.s.p.PrivilegesEvaluator] [net2ps2] No index-level perm match for User [name=pscheduler_logstash, backend_roles=[], requestedTenant=null] Resolved [aliases=[], allIndices=[prometheus_perfsonar_host], types=[*], originalRequested=[prometheus_perfsonar_host], remoteIndices=[]] [Action [indices:admin/create]] [RolesChecked [own_index, pscheduler_logstash]]

On Thu, Jul 11, 2024 at 4:53 PM William Leight <> wrote:

Dear experts,

     I recently restarted the server that perfsonar 5.1.1-1 was running on, and now see the below error in logstash.  I did some poking around on the internet but I'm not sure where these permissions are defined.  Does anybody have an idea of what went wrong?

thanks,

will

[2024-07-11T20:23:43,222][INFO ][logstash.outputs.opensearch][prometheus][96afc05d7424ebaaedcb02e1a5f196fbde90b822107fde90062dce58f91fc47d] Retrying failed action {:status=>403, :action=">["create"," {:_id=>nil, :_index=>"prometheus_node", :routing=>nil}, {"@timestamp"=>2024-07-11T20:23:42.936981408Z, "is_local"=>"true", "meta"=>{"os"=>{"image_version"=>"", "variant"=>"", "id"=>"ubuntu", "variant_id"=>"", "build_id"=>"", "image_id"=>"", "id_like"=>"debian", "name"=>"Ubuntu", "version_codename"=>"focal", "version_id"=>"20.04", "pretty_name"=>"Ubuntu 20.04.6 LTS", "version"=>"20.04.6 LTS (Focal Fossa)"}, "labels"=>{"code"=>"503"}, "id"=>"localhost", "uname"=>{"machine"=>"x86_64", "nodename"=>"net2ps2", "domainname"=>"(none)", "release"=>"5.4.0-189-generic", "sysname"=>"Linux", "version"=>"#209-Ubuntu SMP Fri Jun 7 14:05:13 UTC 2024"}}, "values"=>{"promhttp_metric_handler_requests_total"=>{"delta"=>0.0, "val"=>0.0, "rate"=>0.0}}, "type"=>"node", "@version"=>"1"}], :error=>{"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=pscheduler_logstash, backend_roles=[], requestedTenant=null]"}}