Skip to content
This repository has been archived by the owner on Mar 30, 2023. It is now read-only.

Fix issue with kibana.keystore and uptaind built-in passwords on cluster start #362

Merged
merged 2 commits into from
Aug 21, 2020
Merged

Fix issue with kibana.keystore and uptaind built-in passwords on cluster start #362

merged 2 commits into from
Aug 21, 2020

Conversation

russcam
Copy link
Contributor

@russcam russcam commented Aug 21, 2020

This PR fixes two issues:

  1. In Escape double quotes in passwords and use kibana keystore #359, the function to check if a built-in user password has been applied was fixed to check the HTTP response status code, as it should have been doing. This change surfaced an issue related to concurrent updates to the built-in user passwords from multiple node VMs whereby a response of
{
  "error": {
    "root_cause": [{
      "type": "status_exception",
      "reason": "Cluster state has not been recovered yet, cannot write to the [null] index"
    }],
    "type": "status_exception",
    "reason": "Cluster state has not been recovered yet, cannot write to the [null] index"
  },
  "status": 503
}

can be returned when the security index is not ready. This is now handled by waiting for the security index to be green before continuing to update built-in user passwords.

  1. In Kibana 7.9.0, the default location of the kibana.keystore is now /etc/kibana/kibana.keystore, and requires permissions to create there that the kibana user does not have. For 7.9.0, this PR now checks /etc/kibana/kibana.keystore for the presence of an existing keystore, and uses root with --allow-root to interact with the keystore CLI.

russcam added 2 commits August 21, 2020 12:08
@russcam
Use different kibana keystore commands based on version
29e7ab7 
This commit updates the kibana keystore operations
to use a different command and check for keystore
existence location based on version.
@russcam
Check that security index is green before upating built-in passwords
97afa66 
This commit updates the built-in password setting process
to check that the security index is green before proceeding.
Due to concurrent password updating from each node, it is possible
for the security index to not be ready when attempting to
update passwords, leading to a response of

{
  "error": {
    "root_cause": [{
      "type": "status_exception",
      "reason": "Cluster state has not been recovered yet, cannot write to the [null] index"
    }],
    "type": "status_exception",
    "reason": "Cluster state has not been recovered yet, cannot write to the [null] index"
  },
  "status": 503
}
@russcam russcam added the bug label Aug 21, 2020
@russcam russcam force-pushed the fix/cluster-start branch from a59b9ea to 97afa66 Compare August 21, 2020 04:20
@russcam
Copy link
Contributor Author

russcam commented Aug 21, 2020

tested on 6.8.12, 7.5.2 and 7.9.0. Merging in

@russcam russcam merged commit 21038ad into master Aug 21, 2020
@russcam russcam deleted the fix/cluster-start branch August 21, 2020 04:21
@russcam russcam mentioned this pull request Aug 27, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@russcam