:wheel_of_dharma: A community repository for Helm Charts of OpenSearch Project.
Home Page: https://opensearch.org/docs/latest/opensearch/install/helm/
License: Apache License 2.0
Is your feature request related to a problem? Please describe.
I think there ought to be liveness/readiness/startup probes for the opensearch statefulset and the opensearch-dashboards deployment.
Currently the pods are immediately marked ready on startup, leading to more than one of the nodes being unavailable which can lead to instability especially with lots of data.
Describe the solution you'd like
I am happy to implement something in a PR to resolve this, if that is something the project would want and my general ideas below sound good.
Opensearch:
Readiness: query health endpoint, which may require whitelisting or auth, could potentially look for green cluster status
Liveness: can check for tcp connection to 9200 or 9300
Startup: can check for health endpoint regardless of status?
Opensearch-dashboards:
Readiness: Health is at least yellow in /api/status
Liveness: 5601 is open to tcp
Startup: same as readiness
Describe alternatives you've considered
NA
Additional context
I am happy to implement if the ideas sound good.
Hi,
i've tried to install opensearch via helm, but pods are pending with this message:
forbidden sysctl: "vm.max_map_count" not whitelisted
I've tried to override the security settings, but did not help:
helm upgrade --install opensearch opensearch/opensearch --set sysctl.enabled=true --set podSecurityContext.runAsUser=0 --set securityContext.runAsNonRoot=false >test.ymlIm try to migrate from ES, but theirs helm using a bit different method:
they are using a fully privileges initcontainer to set the vm.max_map_count:
initContainers:
154 - name: configure-sysctl
155 securityContext:
156 runAsUser: 0
157 privileged: true
158 image: "docker.elastic.co/elasticsearch/elasticsearch:7.14.0"
159 imagePullPolicy: "IfNotPresent"
160 command: ["sysctl", "-w", "vm.max_map_count=262144"]
161 resources:
What would be the best practice? Others does not have this situation?
thanks
Describe the bug
I use a version of this chart internally and carry some patches locally. I use the standard SemVer scheme for this: v1.0.0+localpatches.1. This causes the installation to fail with an error:
Error: RoleBinding.rbac.authorization.k8s.io "dashboards-opensearch-dashboards-dashboards-rolebinding" is invalid: metadata.labels: Invalid value: "opensearch-dashboards-1.0.0+localpatches.1": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
To Reproduce
Steps to reproduce the behavior:
+Expected behavior
The chart version string should be escaped for use in labels.
Chart Name
Opensearch Dashboards
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Hello,
Can I use exactly the same helm values to deploy Opensearch that I had used to deploy Opendistro?
What differences should I keep in mind.
Thanks
Describe the bug
Helm repo add not working as expected in https://github.com/opensearch-project/helm-charts#installation
To Reproduce
$ helm repo add opensearch https://opensearch-project.github.io/helm-charts/
Error: looks like "https://opensearch-project.github.io/helm-charts/" is not a valid chart repository or cannot be reached: failed to fetch https://opensearch-project.github.io/helm-charts/index.yaml : 404 Not Found
Expected behavior
Helm repo added
Chart Name
All
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
Hi All,
I am trying to deploy OpenSearch in kubernetes environment.
below is the helm chart I am using it,
https://github.com/opendistro-for-elasticsearch/opendistro-build/tree/main/helm/opendistro-es
Helm version
[LRB_346_PCAA@k8s-rmp-master-0 ~]$ helm3 version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/LRB_346_PCAA/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/LRB_346_PCAA/.kube/config
version.BuildInfo{Version:"v3.3.4", GitCommit:"a61ce5633af99708171414353ed49547cf05013d", GitTreeState:"clean", GoVersion:"go1.14.9"}
Kubernetes version
[LRB_346_PCAA@k8s-rmp-master-0 ~]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.5", GitCommit:"6b1d87acf3c8253c123756b9e61dac642678305f", GitTreeState:"clean", BuildDate:"2021-03-18T01:10:43Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.5", GitCommit:"6b1d87acf3c8253c123756b9e61dac642678305f", GitTreeState:"clean", BuildDate:"2021-03-18T01:02:01Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
I have changed the images of kibana and elasticsearch in values.yaml and I used the opensearch 1.0.0 for elasticsearch and opensearch-dashboards 1.0.0 for kibana.
I have deployed the chart using the below command,
sudo helm3 install elasticsearch ./ -n t253-u000265
below is the pod status,
opendistro-es]$ kubectl get pods -w
NAME READY STATUS RESTARTS AGE
elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8 1/1 Running 0 26s
elasticsearch-opendistro-es-data-0 1/1 Running 0 26s
elasticsearch-opendistro-es-kibana-77cb457bf7-hsj8n 1/1 Running 0 26s
elasticsearch-opendistro-es-master-0 1/1 Running 0 26s
But when I checked the client pod logs below is the error,
[2021-09-23T18:49:45,018][INFO ][o.o.b.BootstrapChecks ] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2021-09-23T18:49:57,848][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:49:58,394][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:49:59,394][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:00,323][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:01,318][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:02,240][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:03,313][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:04,310][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:05,296][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:06,247][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:07,251][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:08,250][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8}{jMECGhb0RrKGeYhk7tmoqQ}{gw8c0vhXTT-FLbha8zr1UA}{127.0.0.1}{127.0.0.1:9300}{ir}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:50:08,304][ERROR][o.o.s.s.t.SecuritySSLNettyTransport] [elasticsearch-opendistro-es-client-5dd6c59b74-l6lr8] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:369) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:307) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:133) ~[?:?]
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) ~[?:?]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1282) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:620) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:583) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.59.Final.jar:4.1.59.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.59.Final.jar:4.1.59.Final]
at java.lang.Thread.run(Thread.java:832) [?:?]
Caused by: javax.crypto.BadPaddingException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1895) ~[?:?]
at sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) ~[?:?]
at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) ~[?:?]
at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110) ~[?:?]
... 27 more
Similarly in data logs I am getting the same error,
[2021-09-23T18:49:56,058][INFO ][o.o.n.Node ] [elasticsearch-opendistro-es-data-0] initialized
[2021-09-23T18:49:56,059][INFO ][o.o.n.Node ] [elasticsearch-opendistro-es-data-0] starting ...
[2021-09-23T18:49:56,066][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.data] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,066][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.ingest] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,066][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,069][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,204][INFO ][o.o.t.TransportService ] [elasticsearch-opendistro-es-data-0] publish_address {127.0.0.1:9300}, bound_addresses {[::]:9300}
[2021-09-23T18:49:56,205][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.data] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,205][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.ingest] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,205][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,208][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.data] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,208][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.ingest] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,208][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,208][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,208][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.data] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,209][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.ingest] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,209][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,221][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,352][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.data] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,352][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.ingest] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,352][DEPRECATION][o.o.d.c.s.Settings ] [elasticsearch-opendistro-es-data-0] [node.master] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version.
[2021-09-23T18:49:56,370][INFO ][o.o.b.BootstrapChecks ] [elasticsearch-opendistro-es-data-0] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2021-09-23T18:49:58,374][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-data-0] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-data-0}{KDD8dHGwQ6yhMWtbVi-PFQ}{sxMuB9g2T6eI22diUqKyCA}{127.0.0.1}{127.0.0.1:9300}{dr}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:49:59,736][WARN ][o.o.d.HandshakingTransportAddressConnector] [elasticsearch-opendistro-es-data-0] [connectToRemoteMasterNode[[fd74:ca9b:3a09:868c:172:18:0:449b]:9300]] completed handshake with [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}] but followup connection failed
org.opensearch.transport.ConnectTransportException: [elasticsearch-opendistro-es-master-0][127.0.0.1:9300] handshake failed. unexpected remote node {elasticsearch-opendistro-es-data-0}{KDD8dHGwQ6yhMWtbVi-PFQ}{sxMuB9g2T6eI22diUqKyCA}{127.0.0.1}{127.0.0.1:9300}{dr}
at org.opensearch.transport.TransportService.lambda$connectionValidator$5(TransportService.java:405) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListener$4.onResponse(ActionListener.java:170) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:492) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.TransportService$5.onResponse(TransportService.java:482) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:67) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleResponse(SecurityInterceptor.java:288) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1207) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.doHandleResponse(InboundHandler.java:266) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.transport.InboundHandler.lambda$handleResponse$1(InboundHandler.java:260) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:697) [opensearch-1.0.0.jar:1.0.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
[2021-09-23T18:49:59,759][ERROR][o.o.s.s.t.SecuritySSLNettyTransport] [elasticsearch-opendistro-es-data-0] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:369) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:307) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:133) ~[?:?]
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) ~[?:?]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1282) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:620) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:583) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.59.Final.jar:4.1.59.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.59.Final.jar:4.1.59.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.59.Final.jar:4.1.59.Final]
at java.lang.Thread.run(Thread.java:832) [?:?]
Caused by: javax.crypto.BadPaddingException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
Below is the master pod logs but I could see cluster state is RED
[2021-09-23T18:49:57,044][INFO ][o.o.c.s.MasterService ] [elasticsearch-opendistro-es-master-0] elected-as-master ([1] nodes joined)[{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}]}
[2021-09-23T18:49:57,091][INFO ][o.o.c.c.CoordinationState] [elasticsearch-opendistro-es-master-0] cluster UUID set to [Di2UaiCBQe2aKWQICmVIwg]
[2021-09-23T18:49:57,138][INFO ][o.o.c.s.ClusterApplierService] [elasticsearch-opendistro-es-master-0] master node changed {previous [], current [{elasticsearch-opendistro-es-master-0}{3TSgi__ETdOp5ateCv832g}{alO-X1KpQk-ID3XAaTlS1A}{127.0.0.1}{127.0.0.1:9300}{mr}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2021-09-23T18:49:57,173][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [elasticsearch-opendistro-es-master-0] Config override setting update called with empty string. Ignoring.
[2021-09-23T18:49:57,220][INFO ][o.o.h.AbstractHttpServerTransport] [elasticsearch-opendistro-es-master-0] publish_address {127.0.0.1:9200}, bound_addresses {[::]:9200}
[2021-09-23T18:49:57,221][INFO ][o.o.n.Node ] [elasticsearch-opendistro-es-master-0] started
[2021-09-23T18:49:57,221][INFO ][o.o.s.OpenSearchSecurityPlugin] [elasticsearch-opendistro-es-master-0] Node started
[2021-09-23T18:49:57,222][INFO ][o.o.s.c.ConfigurationRepository] [elasticsearch-opendistro-es-master-0] Will attempt to create index .opendistro_security and default configs if they are absent
[2021-09-23T18:49:57,223][INFO ][o.o.s.OpenSearchSecurityPlugin] [elasticsearch-opendistro-es-master-0] 0 OpenSearch Security modules loaded so far: []
[2021-09-23T18:49:57,223][INFO ][o.o.s.c.ConfigurationRepository] [elasticsearch-opendistro-es-master-0] Background init thread started. Install default config?: true
[2021-09-23T18:49:57,267][INFO ][o.o.g.GatewayService ] [elasticsearch-opendistro-es-master-0] recovered [0] indices into cluster_state
[2021-09-23T18:49:57,446][INFO ][o.o.c.m.MetadataCreateIndexService] [elasticsearch-opendistro-es-master-0] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1]
[2021-09-23T18:49:57,461][INFO ][o.o.c.r.a.AllocationService] [elasticsearch-opendistro-es-master-0] Cluster health status changed from [YELLOW] to [RED] (reason: [index [.opendistro_security] created]).
[2021-09-23T18:50:27,512][INFO ][o.o.s.c.ConfigurationRepository] [elasticsearch-opendistro-es-master-0] Index .opendistro_security created?: true
[2021-09-23T18:50:27,513][INFO ][o.o.s.c.ConfigurationRepository] [elasticsearch-opendistro-es-master-0] Node started, try to initialize it. Wait for at least yellow cluster state....
[2021-09-23T18:50:57,169][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Performing move cluster state metadata.
[2021-09-23T18:51:57,170][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Performing move cluster state metadata.
[2021-09-23T18:52:57,171][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Performing move cluster state metadata.
[2021-09-23T18:53:57,171][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Performing move cluster state metadata.
[2021-09-23T18:53:57,172][INFO ][o.o.i.i.MetadataService ] [elasticsearch-opendistro-es-master-0] Move Metadata succeed, set finish flag to true. Indices failed to get indexed: {}
[2021-09-23T18:54:56,878][INFO ][o.o.j.s.JobSweeper ] [elasticsearch-opendistro-es-master-0] Running full sweep
[2021-09-23T18:54:57,172][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Cancel background move metadata process.
[2021-09-23T18:54:57,172][INFO ][o.o.i.i.ManagedIndexCoordinator] [elasticsearch-opendistro-es-master-0] Performing move cluster state metadata.
[2021-09-23T18:54:57,172][INFO ][o.o.i.i.MetadataService ] [elasticsearch-opendistro-es-master-0] Move metadata has finished.
[2021-09-23T18:59:56,881][INFO ][o.o.j.s.JobSweeper ] [elasticsearch-opendistro-es-master-0] Running full sweep
[2021-09-23T19:04:56,883][INFO ][o.o.j.s.JobSweeper ] [elasticsearch-opendistro-es-master-0] Running full sweep
So I tried exec into the pod to see the cluster status but I am getting the below response,
kubectl exec -it elasticsearch-opendistro-es-master-0 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[opensearch@elasticsearch-opendistro-es-master-0 ~]$
[opensearch@elasticsearch-opendistro-es-master-0 ~]$ curl -k -u admin:admin https://elasticsearch-opendistro-es-client-service:9200/_cluster/health?pretty=true
OpenSearch Security not initialized.[opensearch@elasticsearch-opendistro-es-master-0 ~]$
Attached the helm package with values.yaml
Please correct me If I am doing anything wrong.
Thanks,
Ganeshbabu R
Describe the bug
Setting the chart value esJavaOpts has no effect on the Java Options used by the running Opensearch process.
To Reproduce
Steps to reproduce the behavior:
esJavaOpts to a non-default value.esJavaOpts is ignored.Expected behavior
I expect the esJavaOpts values to be applied.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Is your feature request related to a problem? Please describe.
Chart for Data Prepper which can be used with the OpenSearch Helm Chart
Describe the solution you'd like
N/A
Describe alternatives you've considered
N/A
Additional context
https://opensearch.org/docs/monitoring-plugins/trace/data-prepper/
Is your feature request related to a problem? Please describe.
Kubernetes 1.18 and greater support the IngressClassName spec stanza as part of the Ingress kind.
Describe the solution you'd like
If defined in the chart values file, the Ingress spec stanza should use the IngressClassName value.
Describe alternatives you've considered
While we may be able to also leverage an ingress class name annotation, this is not always accepted.
Additional context
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "opensearch.uname" . -}}
{{- $servicePort := .Values.httpPort -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
+ {{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+ {{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}Is your feature request related to a problem? Please describe.
[Enhancement][GitHub Actions] Add GitHub Action to auto bump chart version
Right now we require PR creator to bump the chart version when they raise the PR,
so that the chart releaser can release a new version after merge.
It will be much easier to have a version autobumper, take action after a PR is merged,
and will resolve edge cases where multiple PRs change to the same 1.x.x version and conflict against each other if any of them merge 1st.
Describe the solution you'd like
See above.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Hi
both docker and helm instructions a quite simple to follow, but from what i read and experienced they lead to some situation where nothing works as expected
It would be nice to provide a *non-production" values.yaml for both as a quickstart that disable ssl and authentiation.
And at least one example on how to configure the latter...
From futher reading i understand that there is a security plugin in both opensearch and opensearch_dashboard... but for the latter i did not find a way to disable it via config ? only remove the plugin entirely ? which would easily be possible while deploying via helm ?
We can add examples of different values for different kinds of deployment for OpenSearch stack. It will be great for end users to directly edit those example deployment values for their use-case/purpose.
Is your feature request related to a problem? Please describe.
Issues / PRs are getting spammed with so much unnecessary discussion which can be great but makes thing so much slower.
Can we get an official channel? If not, I'll make an unofficial one somewhere.
Describe the solution you'd like
A Slack channel / Instant message option for communication with the community.
Describe the bug
Adding any extraEnvs to the opensearch values.yaml throws a YAML parse error during helm install / helm upgrade.
To Reproduce
Steps to reproduce the behavior:
values.yamlhelm install --values=charts/opensearch/values.yaml mycluster charts/opensearchExpected behavior
Would expect the extra environment variables to be added to the config.
Chart Name
opensearch
Screenshots
Config example:
extraEnvs:
- name: THE_FOO
value: "in the bar"output
# helm upgrade --values=values-opensearch.yaml mycluster opensearch --debug
upgrade.go:139: [debug] preparing upgrade for mycluster
Error: UPGRADE FAILED: YAML parse error on opensearch/templates/statefulset.yaml: error converting YAML to JSON: yaml: line 132: did not find expected key
helm.go:88: [debug] error converting YAML to JSON: yaml: line 132: did not find expected key
YAML parse error on opensearch/templates/statefulset.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
helm.sh/helm/v3/pkg/action/action.go:165
helm.sh/helm/v3/pkg/action.(*Upgrade).prepareUpgrade
helm.sh/helm/v3/pkg/action/upgrade.go:231
helm.sh/helm/v3/pkg/action.(*Upgrade).RunWithContext
helm.sh/helm/v3/pkg/action/upgrade.go:140
main.newUpgradeCmd.func2
helm.sh/helm/v3/cmd/helm/upgrade.go:198
github.com/spf13/cobra.(*Command).execute
github.com/spf13/[email protected]/command.go:856
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/[email protected]/command.go:974
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/[email protected]/command.go:902
main.main
helm.sh/helm/v3/cmd/helm/helm.go:87
runtime.main
runtime/proc.go:225
runtime.goexit
runtime/asm_amd64.s:1371
UPGRADE FAILED
main.newUpgradeCmd.func2
helm.sh/helm/v3/cmd/helm/upgrade.go:200
github.com/spf13/cobra.(*Command).execute
github.com/spf13/[email protected]/command.go:856
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/[email protected]/command.go:974
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/[email protected]/command.go:902
main.main
helm.sh/helm/v3/cmd/helm/helm.go:87
runtime.main
runtime/proc.go:225
runtime.goexit
runtime/asm_amd64.s:1371
Host/Environment (please complete the following information):
Additional context
N/A
Describe the bug
The Stateful Set template specifies an incorrect indentation of 10 for extraEnvs. The correct value should be 8.
Error: INSTALLATION FAILED: YAML parse error on logging/charts/opensearch/templates/statefulset.yaml: error converting YAML to JSON: yaml: line 122: did not find expected key
make: *** [install] Error 1To Reproduce
Steps to reproduce the behavior:
Specify values for the extraEnvs stanza in the values.yaml file for the OpenSearch chart. For example,
extraEnvs:
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"Expected behavior
The expected behavior is for the chart to install.
Chart Name
Specify the Chart which is affected? OpenSearch
Screenshots
None
Host/Environment (please complete the following information):
Additional context
I have a fix for this defect already so will plan to submit a PR.
diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml
index 5087527..535d821 100644
--- a/charts/opensearch/templates/statefulset.yaml
+++ b/charts/opensearch/templates/statefulset.yaml
@@ -251,7 +251,7 @@ spec:
fi
cp -a {{ .Values.opensearchHome }}/config/opensearch.keystore /tmp/keystore/
- env: {{ toYaml .Values.extraEnvs | nindent 10 }}
+ env: {{ toYaml .Values.extraEnvs | nindent 8 }}
envFrom: {{ toYaml .Values.envFrom | nindent 10 }}
resources: {{ toYaml .Values.initResources | nindent 10 }}
volumeMounts:
@@ -318,11 +318,11 @@ spec:
value: "{{ $enabled }}"
{{- end }}
{{- if .Values.extraEnvs }}
-{{ toYaml .Values.extraEnvs | indent 10 }}
+{{ toYaml .Values.extraEnvs | indent 8 }}
{{- end }}
{{- if .Values.envFrom }}
envFrom:
-{{ toYaml .Values.envFrom | indent 10 }}
+{{ toYaml .Values.envFrom | indent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.enabled }}After making this change, the chart deploys as expected.
Describe the bug
Can't reproduce default demo setup on kubernetes.
To Reproduce
Steps to reproduce the behavior:
SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
[opensearch-cluster-master-0] master not discovered or elected yet
Expected behavior
Cluster gets GREEN state
Plugins
Please list all plugins currently enabled.
cluster.name: opensearch-cluster
# Bind to all interfaces because we don't know what IP address Docker will assign to us.
network.host: 0.0.0.0
# # minimum_master_nodes need to be explicitly set when bound on a public IP
# # set to 1 to allow single node clusters
discovery.zen.minimum_master_nodes: 1
plugins:
security:
ssl:
transport:
pemcert_filepath: esnode.pem
pemkey_filepath: esnode-key.pem
pemtrustedcas_filepath: root-ca.pem
enforce_hostname_verification: false
http:
enabled: false
pemcert_filepath: esnode.pem
pemkey_filepath: esnode-key.pem
pemtrustedcas_filepath: root-ca.pem
allow_unsafe_democertificates: true
allow_default_init_securityindex: true
authcz:
admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
audit.type: internal_opensearch
enable_snapshot_restore_privilege: true
check_snapshot_restore_write_privileges: true
restapi:
roles_enabled: ["all_access", "security_rest_api_access"]
system_indices:
enabled: true
indices:
[
".opendistro-alerting-config",
".opendistro-alerting-alert*",
".opendistro-anomaly-results*",
".opendistro-anomaly-detector*",
".opendistro-anomaly-checkpoints",
".opendistro-anomaly-detection-state",
".opendistro-reports-*",
".opendistro-notifications-*",
".opendistro-notebooks",
".opendistro-asynchronous-search-response*",
]
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
Describe the bug
The chart does not install on EKS v1.19+ if you have ingress enabled.
To Reproduce
Steps to reproduce the behavior:
$ helm --kube-version=v1.20.7-eks-d88609 template --set ingress.enabled=true --namespace dashboards dashboards ./charts/opensearch-dashboards/ | kubectl apply --dry-run=server -f -
serviceaccount/dashboards-opensearch-dashboards-dashboards created (server dry run)
rolebinding.rbac.authorization.k8s.io/dashboards-opensearch-dashboards-dashboards-rolebinding created (server dry run)
service/dashboards-opensearch-dashboards created (server dry run)
deployment.apps/dashboards-opensearch-dashboards created (server dry run)
error: error validating "STDIN": error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "serviceName" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "servicePort" in io.k8s.api.networking.v1.IngressBackend]; if you choose to ignore these errors, turn validation off with --validate=false
Expected behavior
Ingress object should be valid.
Chart Name
Opensearch Dashboards
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Describe the bug
I tried deploying OpenSearch using the helm chart, it’s working fine when the cluster name is set to default opesearch-cluster, but when it’s set to something custom, it’s throwing error -
OpenSearch Security not initialised
Values which resulting error -
clusterName: "foobar"
nodeGroup: "master"
masterService: "foobar-master"
config:
opensearch.yml:
cluster.name: foobar-cluster
Working Values
clusterName: "opensearch-cluster"
nodeGroup: "master"
masterService: "opensearch-cluster-master"
config:
opensearch.yml:
cluster.name: opensearch-cluster
Describe the bug
The keystore init container doesn't work because the opensearch-keystore binary is not in $PATH.
To Reproduce
Steps to reproduce the behavior:
keystore values in the chart values.Expected behavior
Specified values should be added to the keystore.
Chart Name
Opensearch.
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
This is an example on my charts repository, it does the job. Maybe there are better more in-depth options available nowadays;
https://github.com/DandyDeveloper/charts/blob/master/.github/workflows/test.yaml
Is your feature request related to a problem? Please describe.
Resources render with namespace "" which results to current namespace of the current context.
Describe the solution you'd like
Add namespace to the resources as {{ .Release.Namespace | quote }}
Describe the bug
The env var DISABLE_INSTALL_DEMO_CONFIG is not respected at deploy time. This is really due to a fixed bug in the underlying image, see opensearch-project/opensearch-build#436, but it is not available in a released image yet so currently the Helm chart cannot be used for production / production-like scenarios without building a custom image.
To Reproduce
Steps to reproduce the behavior:
values.yaml file which sets DISABLE_INSTALL_DEMO_CONFIG to "true" in the extraEnvsvalues.yamlls config/ to see the demo certs are still present.Expected behavior
Demo certs are not bundled into the default image, and can be disabled from being generated for production / production-like releases. No custom image is required to create an OpenSearch cluster w/o demo certs.
Chart Name
opensearch
Screenshots
❯ docker run -it opensearchproject/opensearch:1.0.1 /bin/bash
[opensearch@5b445f0fb4ea ~]$ ls
LICENSE.txt NOTICE.txt README.md bin config data jdk lib logs modules opensearch-docker-entrypoint.sh opensearch-onetime-setup.sh opensearch-tar-install.sh performance-analyzer-rca plugins securityadmin_demo.sh
[opensearch@5b445f0fb4ea ~]$ ls config/
esnode-key.pem esnode.pem jvm.options jvm.options.d kirk-key.pem kirk.pem log4j2.properties opensearch-notebooks opensearch-reports-scheduler opensearch.yml root-ca.pem
[opensearch@5b445f0fb4ea ~]$ exit
Host/Environment (please complete the following information):
Is your feature request related to a problem? Please describe.
Right now when persistent volume for opensearch is enabled, chart uses a hard-coded image for an initcontainer:
helm-charts/charts/opensearch/templates/statefulset.yaml
Lines 216 to 219 in dd0c692
Since we can use images only from our private registry, we can't deploy this chart directly, but we have to customise it.
Describe the solution you'd like
Make it configurable via values.yaml
persistence:
enabled: true
initContainerImage: busybox
initContainerImageTag: latestand update necessary templates.
If you aggree on the change, I can create a PR to add it.
It will be great if we can have a well written README describing the different options Helm Charts have. It should contain the following components:
values.yaml and how to use them.P:S: I would love to contribute on this part 😸
Is your feature request related to a problem? Please describe.
We were using helm chart version 1.0.0 from the old repository and trying to migrate to the newer versions from this one we found out that a new init container to set the file system permissions was added when persistence is enabled. We are using in some of our k8s instances EFS with dynamic provisioning which doesn't allow to set the permissions on the file system causing the init container to fail and thus the node cannot start.
This wasn't an issue on the previous version without the init container as the EFS CSI driver takes care of setting the permissions so the chown is not needed in that case.
Describe the solution you'd like
It should be possible to disable the volume permissions init container when persistence is enabled. Maybe a new property can be added to the values file to enable/disable the init container instead of just checking if persistence is enabled.
Describe alternatives you've considered
We are still using version 1.0.0 of the chart as it doesn't have that init container and it works fine for now. Going forward the solution would probably be maintaining a fork of the chart but it would be preferable to have the toggle option in the values file.
Additional context
No additional context.
Is your feature request related to a problem? Please describe.
Let chart to take snapshots (eg. to volume mounts/s3 buckets)
Describe the solution you'd like
Register a repository as described here
Describe alternatives you've considered
An InitContainer that sets the repo
Additional context
Add any other context or screenshots about the feature request here.
Describe the bug
It is difficult to share securityConfig values between Opensearch chart installs which are part of the same Opensearch cluster, when using the combined securityConfig.config.data value.
Currently the secret name must be defined in the securityConfig.config.securityConfigSecret, but it cannot be the same name for different chart installs in the same namespace.
To Reproduce
Steps to reproduce the behavior:
securityConfig.config.* which is used by multiple chart installs which make up a single Opensearch cluster running in a single namespace.Expected behavior
I'd expect the secret name to be auto-generated and not conflict between chart installs.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Describe the bug
The Stateful Set template specifies an incorrect indentation of 10 for extraVolumeMounts. The correct value should be 8.
To Reproduce
Steps to reproduce the behavior:
Specify values for the extraVolumeMounts stanza in the values.yaml file for the OpenSearch chart. For example,
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
readOnly: trueExpected behavior
The chart should install.
Chart Name
opensearch
Screenshots
N/A
Host/Environment (please complete the following information):
Helm Version: 3.7.0
Kubernetes Version: 1.21.5
Additional context
Will update PR #63
Is your feature request related to a problem? Please describe.
We have hardcoded several paths in Helm Charts.
It would be better if we parameterize them.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Is your feature request related to a problem? Please describe.
There is no sample configuration for TLS enabled in Dashboards charts. The chart directly disables SSL in its default config unlike OpenSearch chart
Describe the solution you'd like
A sample demo configuration for TLS enabled using demo certificates something like this.
Describe alternatives you've considered
A good detailed instructions with examples will also help.
Additional context
This will help users configure TLS in their charts. It will be very useful for users having minimal knowledge about how TLS works in Dashboards.
Reference : https://github.com/opensearch-project/opensearch-devops/blob/main/Helm/opensearch-dashboards/values.yaml#L77
Describe the bug
The rendered templates for opensearch cause yamllint warnings due to inconsistent indentation.
To Reproduce
Steps to reproduce the behavior:
helm template --namespace opensearch opensearch ./charts/opensearch > /tmp/opensearch.yaml/tmp/opensearch.yaml with and editor that has yamllint integration, or just run yamllint /tmp/opensearch.yamlExpected behavior
The YAML should be well formed.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Describe the bug
The rendered templates for opensearch-dashboards cause yamllint warnings due to inconsistent indentation.
To Reproduce
Steps to reproduce the behavior:
helm template --namespace dashboards dashboards ./charts/opensearch-dashboards > /tmp/dashboards.yaml/tmp/dashboards.yaml with and editor that has yamllint integration, or just run yamllint /tmp/dashboards.yamlExpected behavior
The YAML should be well formed.
Chart Name
Opensearch Dashboards
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Is your feature request related to a problem? Please describe.
Ported from: opensearch-project/opensearch-devops#68
Add support for the exporter.
Describe the solution you'd like
Best done by mounting an initContainer that will write the plugins. This can be a bit of a pain for persistence between containers, but I will look into using the existing PVC volume to install the plugins against.
Describe alternatives you've considered
N/R
Additional context
N/R
Is your feature request related to a problem? Please describe.
We have contacted @nickytd about onboarding his helm repo to opensearch helm-charts.
https://github.com/nickytd/kubernetes-logging-helm
https://github.com/opensearch-project/helm-charts
Since we are still in the process of migrating Helm to helm-charts repo.
What would be a good way for this onboarding to be smooth.
Describe the solution you'd like
opensearch-project/helm-charts to host kubernetes-logging-helm as one of the charts beside the existing opensearch/dashboards ones.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Deployment Error
On a Kubernetes Cluster Version 1.21.3 i tried to deploy OpenSearch with Helm.
All pods deploy.
When i run
kubectl exec -it opensearch-cluster-master-0 -- /bin/bash
i get at first the message: Defaulted container "opensearch" out of: opensearch, fsgroup-volume (init)
After that im in the Pod and i run
curl -XGET https://localhost:9200 -u 'admin:admin' --insecure
which gives following output: OpenSearch Security not initialized.[opensearch@opensearch-cluster-master-0 ~]$
The logs of Pods after command
kubectl logs opensearch-cluster-master-0
[2021-09-27T12:11:26,745][WARN ][o.o.c.c.ClusterFormationFailureHelper] [opensearch-cluster-master-0] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and [cluster.initial_master_nodes] is empty on this node: have discovered [{opensearch-cluster-master-0}{ghk7yaqUTmu3zU4qS3HEEQ}{SGHYqXbrRMS4EsLfPdNDkQ}{172.16.73.110}{172.16.73.110:9300}{dimr}, {opensearch-cluster-master-2}{HwXoAsOuQBescAuj1Iglbw}{IYGWumyjQquN8GOOA8tZZw}{172.16.149.176}{172.16.149.176:9300}{dimr}, {opensearch-cluster-master-1}{I6xUeOjVScuzp4lhdMMgdg}{qIJxNrfXTdG0oCqTYKI2pg}{172.16.100.221}{172.16.100.221:9300}{dimr}]; discovery will continue using [172.16.100.221:9300, 172.16.149.176:9300] from hosts providers and [{opensearch-cluster-master-0}{ghk7yaqUTmu3zU4qS3HEEQ}{SGHYqXbrRMS4EsLfPdNDkQ}{172.16.73.110}{172.16.73.110:9300}{dimr}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
[2021-09-27T12:11:26,841][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [opensearch-cluster-master-0] Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, AUDIT] (index=.opendistro_security)
org.opensearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];
at org.opensearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:203) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:189) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:72) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.get.TransportMultiGetAction.doExecute(TransportMultiGetAction.java:53) ~[opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:192) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.indexmanagement.rollup.actionfilter.FieldCapsFilter.apply(FieldCapsFilter.kt:141) [opensearch-index-management-1.0.0.0.jar:1.0.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:190) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.performanceanalyzer.action.PerformanceAnalyzerActionFilter.apply(PerformanceAnalyzerActionFilter.java:99) [opensearch-performance-analyzer-1.0.0.0.jar:1.0.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:190) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:234) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:154) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:190) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.support.TransportAction.execute(TransportAction.java:168) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.action.support.TransportAction.execute(TransportAction.java:96) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:99) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:88) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:428) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.client.support.AbstractClient.multiGet(AbstractClient.java:546) [opensearch-1.0.0.jar:1.0.0]
at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.loadAsync(ConfigurationLoaderSecurity7.java:211) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.configuration.ConfigurationLoaderSecurity7.load(ConfigurationLoaderSecurity7.java:102) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.getConfigurationsFromIndex(ConfigurationRepository.java:375) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:321) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:306) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at org.opensearch.security.configuration.ConfigurationRepository$1.run(ConfigurationRepository.java:166) [opensearch-security-1.0.0.0.jar:1.0.0.0]
at java.lang.Thread.run(Thread.java:832) [?:?]
We have a couple of questions regarding the new Opensearch project and 1.0.0 release.
We are currently using Opendistro-for-Elasticearch 1.13.x.
Also see opendistro-for-elasticsearch/opendistro-build#780
Thanks.
Is your feature request related to a problem? Please describe.
I have difficulty following the git history of the repository because merged PRs are rebased on top of main. This means that the commit IDs change and git doesn't know that two commits with different IDs represent the same change.
Describe the solution you'd like
Please use merge commits and avoid rebasing/rewriting the git commits in PRs.
Describe alternatives you've considered
n/a
Additional context
n/a
Is your feature request related to a problem? Please describe.
A chart for Logstash will be helpful in deploying OpenSearch stacks to Kubernetes
Describe the solution you'd like
N/A
Describe alternatives you've considered
N/A
Additional context
This will help cater many use-cases for log ingestion, analytics etc.
Coming from opensearch-project/project-meta#17
A Developer Certificate of Origin is required on commits in the OpenSearch-Project.
See doc.yml for an example workflow. Ensure CONTRIBUTING.md to has a section on the DCO per the project template.
Describe the bug
The networkpolicy template contains a redundant line.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
creationTimestamp should not be in templates since it only makes sense for an instantiated object.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
Support an easy way to start OpenSearch in local machine or K8S, such as docker compose、Helm Chart or something
Describe alternatives you've considered
Support Helm Chart and docker deploy docs
Describe the bug
Helm and Kubernetes recommend a standard set of labels. The Opensearch chart does not follow that recommendation.
https://helm.sh/docs/chart_best_practices/labels/#standard-labels
https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
To Reproduce
Compare the labels on the templates in the Opensearch chart to the recommended set of labels.
Expected behavior
I expect the chart to follow best practices with regards to labelling, which helps the chart integrate with standard tooling and procedures.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
n/a
Additional context
n/a
Describe the bug
I specified an array of secretMount values, but one of them was missing a required key. When the chart was applied it created a resource missing a required field.
To Reproduce
Steps to reproduce the behavior:
secretMount values missing a parameter such as secretNameExpected behavior
I expect that chart configuration errors are caught at apply time where possible, and an error message is displayed.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Describe the bug
A stale readme is present here which is not required as we already have chart level README
To Reproduce
N/A
Expected behavior
Stale README should be removed
Chart Name
OpenSearch
Screenshots
N/A
Host/Environment (please complete the following information):
N/A
Additional context
Add any other context about the problem here.
Describe the bug
A clear and concise description of what the bug is.
Failed to mount multiple secrets at once from securityConfigSecrets.config.data plus volume permissions
To Reproduce
Steps to reproduce the behavior:
enabled: true
path: "/usr/share/opensearch/plugins/opensearch-security/securityconfig"
actionGroupsSecret:
configSecret:
internalUsersSecret:
rolesSecret:
rolesMappingSecret:
tenantsSecret:
#The following option simplifies securityConfig by using a single secret and specifying the respective secrets in the corresponding files instead of creating different secrets for config,internal users, roles, roles mapping and tenants
#Note that this is an alternative to the above secrets and shouldn't be used if the above secrets are used
config:
securityConfigSecret: mysecret
data:
config.yml: |-
Returns the following:
helm.go:88: [debug] error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{".Chart.Name":interface {}(nil)}```
After applying a few fixes at opensearch/templates/securityconfig.yaml
It shows the following:
```opensearch-cluster-master-1 opensearch [2021-09-08T05:44:38,943][INFO ][o.o.p.PluginsService ] [opensearch-cluster-master-1] loaded plugin [opensearch-sql]
opensearch-cluster-master-1 opensearch [2021-09-08T05:44:39,058][INFO ][o.o.s.OpenSearchSecurityPlugin] [opensearch-cluster-master-1] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
opensearch-cluster-master-1 opensearch [2021-09-08T05:44:39,613][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [opensearch-cluster-master-1] uncaught exception in thread [main]
opensearch-cluster-master-1 opensearch org.opensearch.bootstrap.StartupException: OpenSearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/opensearch/data/nodes];
Due to fsgroup permissions..
Expected behavior
A clear and concise description of what you expected to happen.
Chart Name
Specify the Chart which is affected?
Opensearch
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
Describe the bug
The rendered chart has a line containing only spaces, which causes yamllint warnings.
To Reproduce
Steps to reproduce the behavior:
helm template --namespace opensearch opensearch ./charts/opensearch > /tmp/opensearch.yaml/tmp/opensearch.yaml with and editor that has yamllint integration, or just run yamllint /tmp/opensearch.yamltrailing-spaces errors.Expected behavior
The YAML should be well formed.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Describe the bug
I created a custom image based on the official opensearchproject/opensearch docker image.
When I specified this image in the chart the majorVersion annotation was not set correctly.
To Reproduce
Steps to reproduce the behaviour:
opensearchproject/opensearch image.majorVersion annotation is incorrect.Expected behavior
I expect the majorVersion annotation to work correctly regardless of the image specified.
Chart Name
Opensearch
Screenshots
n/a
Host/Environment (please complete the following information):
Additional context
n/a
Hello
I am unable to find the field "existingCertSecret" in plugins.security.ssl in opensearch helm chart to configure transport TLS for nodes.
Earlier , as in opendistro , we got it at here
But not in opensearch.
Due to which I am not able to configure TLS using issuer and certificates.
Kindly help.
Thanks
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.