Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error upgrading from 4.3 to 4.4: "No enum constant org.opensearch.security.securityconf.impl.CType.ALLOWLIST" #899

Open
4001982248998 opened this issue Mar 29, 2023 · 0 comments
Open

error upgrading from 4.3 to 4.4: "No enum constant org.opensearch.security.securityconf.impl.CType.ALLOWLIST" #899

4001982248998 opened this issue Mar 29, 2023 · 0 comments

Comments

@4001982248998
Copy link

I am experiencing an issue while upgrading a six-node-cluster from version 4.3 to 4.4. I'm not sure if this is a software defect or if I've made a mistake somewhere in my implementation.

As for my troubleshooting steps, I could not really think of anything, because to me, it looks like something the Ansible playbook or role should take care for. But sometimes I am wrong. ;-)

This is the prettified error (well, three actually, but it is the same for every indexer node):

TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] ***************************************************************************************************************************************
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo

{
    "attempts": 2,
    "changed": true,
    "cmd": [
        "sudo",
        "-u",
        "wazuh-indexer",
        "OPENSEARCH_PATH_CONF=/etc/wazuh-indexer",
        "JAVA_HOME=/usr/share/wazuh-indexer/jdk",
        "/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh",
        "-cd",
        "/etc/wazuh-indexer/opensearch-security/",
        "-icl",
        "-p",
        "9200",
        "-cd",
        "/etc/wazuh-indexer/opensearch-security/",
        "-nhnv",
        "-cacert",
        "/etc/wazuh-indexer/certs/root-ca.pem",
        "-cert",
        "/etc/wazuh-indexer/certs/admin.pem",
        "-key",
        "/etc/wazuh-indexer/certs/admin-key.pem",
        "-h",
        "10.11.15.152",
    ],
    "delta": "0:00:03.483855",
    "end": "2023-03-29 12:12:37.972572",
    "msg": "non-zero return code",
    "rc": 255,
    "start": "2023-03-29 12:12:34.488717",
    "stderr": "",
    "stderr_lines": [],
    "stdout": '**************************************************************************\n** This tool will be deprecated in the next major release of OpenSearch **\n** https://github.com/opensearch-project/security/issues/1755           **\n**************************************************************************\nSecurity Admin v7\nWill connect to 10.11.15.152:9200 ... done\nConnected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"\nOpenSearch Version: 2.4.1\nContacting opensearch cluster \'opensearch\' and wait for YELLOW clusterstate ...\nClustername: wazuh\nClusterstate: GREEN\nNumber of nodes: 4\nNumber of data nodes: 4\n.opendistro_security index already exists, so we do not need to create one.\nPopulate config from /etc/wazuh-indexer/opensearch-security/\nWill update \'/config\' with /etc/wazuh-indexer/opensearch-security/config.yml \n   SUCC: Configuration for \'config\' created or updated\nWill update \'/roles\' with /etc/wazuh-indexer/opensearch-security/roles.yml \n   SUCC: Configuration for \'roles\' created or updated\nWill update \'/rolesmapping\' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \n   SUCC: Configuration for \'rolesmapping\' created or updated\nWill update \'/internalusers\' with /etc/wazuh-indexer/opensearch-security/internal_users.yml \n   SUCC: Configuration for \'internalusers\' created or updated\nWill update \'/actiongroups\' with /etc/wazuh-indexer/opensearch-security/action_groups.yml \n   SUCC: Configuration for \'actiongroups\' created or updated\nWill update \'/tenants\' with /etc/wazuh-indexer/opensearch-security/tenants.yml \n   SUCC: Configuration for \'tenants\' created or updated\nWill update \'/nodesdn\' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml \n   SUCC: Configuration for \'nodesdn\' created or updated\nWill update \'/whitelist\' with /etc/wazuh-indexer/opensearch-security/whitelist.yml \n   SUCC: Configuration for \'whitelist\' created or updated\nWill update \'/audit\' with /etc/wazuh-indexer/opensearch-security/audit.yml \n   SUCC: Configuration for \'audit\' created or updated\nWill update \'/allowlist\' with /etc/wazuh-indexer/opensearch-security/allowlist.yml \n   SUCC: Configuration for \'allowlist\' created or updated\nFAIL: 1 nodes reported failures. Failure is /{"_nodes":{"total":4,"successful":3,"failed":1,"failures":[{"type":"failed_node_exception","reason":"Failed node [JfVUmLVRQZ-nDCA5uJPEYw]","node_id":"JfVUmLVRQZ-nDCA5uJPEYw","caused_by":{"type":"illegal_argument_exception","reason":"No enum constant org.opensearch.security.securityconf.impl.CType.ALLOWLIST"}}]},"cluster_name":"wazuh","configupdate_response":{"nodes":{"CfGw7MYrSgmY_vN2o4O0Gg":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null},"XXcHslRdSyeSffg7HinINw":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null},"7DRAHDLgRAGPJfbWZgolkQ":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null}},"node_size":3,"has_failures":true,"failures_size":1}}\nFAIL: Expected 4 nodes to return response, but got 3\nSUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null\nSUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null\nSUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null\nDone with failures',
    "stdout_lines": [
        "**************************************************************************",
        "** This tool will be deprecated in the next major release of OpenSearch **",
        "** https://github.com/opensearch-project/security/issues/1755           **",
        "**************************************************************************",
        "Security Admin v7",
        "Will connect to 10.11.15.152:9200 ... done",
        'Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"',
        "OpenSearch Version: 2.4.1",
        "Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...",
        "Clustername: wazuh",
        "Clusterstate: GREEN",
        "Number of nodes: 4",
        "Number of data nodes: 4",
        ".opendistro_security index already exists, so we do not need to create one.",
        "Populate config from /etc/wazuh-indexer/opensearch-security/",
        "Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml ",
        "   SUCC: Configuration for 'config' created or updated",
        "Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml ",
        "   SUCC: Configuration for 'roles' created or updated",
        "Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml ",
        "   SUCC: Configuration for 'rolesmapping' created or updated",
        "Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml ",
        "   SUCC: Configuration for 'internalusers' created or updated",
        "Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml ",
        "   SUCC: Configuration for 'actiongroups' created or updated",
        "Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml ",
        "   SUCC: Configuration for 'tenants' created or updated",
        "Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml ",
        "   SUCC: Configuration for 'nodesdn' created or updated",
        "Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml ",
        "   SUCC: Configuration for 'whitelist' created or updated",
        "Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml ",
        "   SUCC: Configuration for 'audit' created or updated",
        "Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml ",
        "   SUCC: Configuration for 'allowlist' created or updated",
        'FAIL: 1 nodes reported failures. Failure is /{"_nodes":{"total":4,"successful":3,"failed":1,"failures":[{"type":"failed_node_exception","reason":"Failed node [JfVUmLVRQZ-nDCA5uJPEYw]","node_id":"JfVUmLVRQZ-nDCA5uJPEYw","caused_by":{"type":"illegal_argument_exception","reason":"No enum constant org.opensearch.security.securityconf.impl.CType.ALLOWLIST"}}]},"cluster_name":"wazuh","configupdate_response":{"nodes":{"CfGw7MYrSgmY_vN2o4O0Gg":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null},"XXcHslRdSyeSffg7HinINw":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null},"7DRAHDLgRAGPJfbWZgolkQ":{"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null}},"node_size":3,"has_failures":true,"failures_size":1}}',
        "FAIL: Expected 4 nodes to return response, but got 3",
        'SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null',
        'SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null',
        'SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null',
        "Done with failures",
    ],
}

Could you please take a look at the issue and let me know if this is a known bug or if there's something I can do to fix it on my end?

Thank you for your time and assistance.
@4001982248998 4001982248998 changed the title error upgrading from 4.3 to 4.4: error upgrading from 4.3 to 4.4: "No enum constant org.opensearch.security.securityconf.impl.CType.ALLOWLIST" Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@4001982248998