Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin OpenSearch Security Demo Installer ** Warning: Do not use on production or public reachable systems ** Basedir: /usr/share/opensearch OpenSearch install type: rpm/deb on NAME="Amazon Linux" OpenSearch config dir: /usr/share/opensearch/config OpenSearch config file: /usr/share/opensearch/config/opensearch.yml OpenSearch bin dir: /usr/share/opensearch/bin OpenSearch plugins dir: /usr/share/opensearch/plugins OpenSearch lib dir: /usr/share/opensearch/lib Detected OpenSearch Version: x-content-1.3.19 Detected OpenSearch Security Version: 1.3.19.0 ### Success ### Execute this script now on all your nodes and then start all nodes ### OpenSearch Security will be automatically initialized. ### If you like to change the runtime configuration ### change the files in ../securityconfig and execute: "/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh" -cd "/usr/share/opensearch/plugins/opensearch-security/securityconfig" -icl -key "/usr/share/opensearch/config/kirk-key.pem" -cert "/usr/share/opensearch/config/kirk.pem" -cacert "/usr/share/opensearch/config/root-ca.pem" -nhnv ### or run ./securityadmin_demo.sh ### To use the Security Plugin ConfigurationGUI ### To access your secured cluster open https://: and log in with admin/admin. ### (Ignore the SSL certificate warning because we installed self-signed demo certificates) Enabling OpenSearch Security Plugin Enabling execution of OPENSEARCH_HOME/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli for OpenSearch Performance Analyzer Plugin [2026-07-01T15:08:50,974][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] version[1.3.19], pid[1], build[tar/3ce0904c5e452a18ba343eecf04005bfd91b3249/2024-08-23T00:37:19.891640Z], OS[Linux/5.10.250-1-MANJARO/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/11.0.24/11.0.24+8] [2026-07-01T15:08:50,978][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] JVM home [/usr/share/opensearch/jdk], using bundled JDK [true] [2026-07-01T15:08:50,978][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-12857586765377091890, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=/usr/share/opensearch/config/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dopensearch.cgroups.hierarchy.override=/, -Xmx1G, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/opensearch, -Dopensearch.path.conf=/usr/share/opensearch/config, -Dopensearch.distribution.type=tar, -Dopensearch.bundled_jdk=true] [2026-07-01T15:08:52,450][WARN ][stderr ] [pruva-cve20268054-fixed-os] SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". [2026-07-01T15:08:52,450][WARN ][stderr ] [pruva-cve20268054-fixed-os] SLF4J: Defaulting to no-operation (NOP) logger implementation [2026-07-01T15:08:52,450][WARN ][stderr ] [pruva-cve20268054-fixed-os] SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. [2026-07-01T15:08:52,469][INFO ][o.o.s.s.t.SSLConfig ] [pruva-cve20268054-fixed-os] SSL dual mode is disabled [2026-07-01T15:08:52,470][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] OpenSearch Config path is /usr/share/opensearch/config [2026-07-01T15:08:52,862][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] JVM supports TLSv1.3 [2026-07-01T15:08:52,865][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] Config directory is /usr/share/opensearch/config/, from there the key- and truststore files are resolved relatively [2026-07-01T15:08:53,383][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] TLS Transport Client Provider : JDK [2026-07-01T15:08:53,383][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] TLS Transport Server Provider : JDK [2026-07-01T15:08:53,383][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] TLS HTTP Provider : JDK [2026-07-01T15:08:53,383][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2] [2026-07-01T15:08:53,383][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-fixed-os] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2] [2026-07-01T15:08:53,587][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] Clustername: elastic-cluster [2026-07-01T15:08:53,592][WARN ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] Directory /usr/share/opensearch/config has insecure file permissions (should be 0700) [2026-07-01T15:08:54,330][INFO ][o.o.p.c.PluginSettings ] [pruva-cve20268054-fixed-os] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600 [2026-07-01T15:08:54,683][INFO ][o.o.i.r.ReindexPlugin ] [pruva-cve20268054-fixed-os] ReindexPlugin reloadSPI called [2026-07-01T15:08:54,684][INFO ][o.o.i.r.ReindexPlugin ] [pruva-cve20268054-fixed-os] Unable to find any implementation for RemoteReindexExtension [2026-07-01T15:08:54,708][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-fixed-os] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs [2026-07-01T15:08:54,740][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-fixed-os] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions [2026-07-01T15:08:54,742][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-fixed-os] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [aggs-matrix-stats] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [analysis-common] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [geo] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [ingest-common] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [ingest-geoip] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [ingest-user-agent] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [lang-expression] [2026-07-01T15:08:54,747][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [lang-mustache] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [lang-painless] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [mapper-extras] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [opensearch-dashboards] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [parent-join] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [percolator] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [rank-eval] [2026-07-01T15:08:54,748][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [reindex] [2026-07-01T15:08:54,749][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [repository-url] [2026-07-01T15:08:54,749][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded module [transport-netty4] [2026-07-01T15:08:54,749][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-alerting] [2026-07-01T15:08:54,749][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-anomaly-detection] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-asynchronous-search] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-cross-cluster-replication] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-index-management] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-job-scheduler] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-knn] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-ml] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-observability] [2026-07-01T15:08:54,750][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-performance-analyzer] [2026-07-01T15:08:54,751][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-reports-scheduler] [2026-07-01T15:08:54,751][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-security] [2026-07-01T15:08:54,751][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-fixed-os] loaded plugin [opensearch-sql] [2026-07-01T15:08:54,778][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml [2026-07-01T15:08:54,791][DEPRECATION][o.o.d.c.s.Settings ] [pruva-cve20268054-fixed-os] [node.max_local_storage_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version. [2026-07-01T15:08:54,803][INFO ][o.o.e.NodeEnvironment ] [pruva-cve20268054-fixed-os] using [1] data paths, mounts [[/ (overlay)]], net usable_space [101gb], net total_space [451.4gb], types [overlay] [2026-07-01T15:08:54,803][INFO ][o.o.e.NodeEnvironment ] [pruva-cve20268054-fixed-os] heap size [1gb], compressed ordinary object pointers [true] [2026-07-01T15:08:54,843][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] node name [pruva-cve20268054-fixed-os], node ID [o6-bPl32QkGOIlFs9ThH7Q], cluster name [elastic-cluster], roles [master, remote_cluster_client, data, ingest] [2026-07-01T15:08:58,904][WARN ][o.o.s.c.Salt ] [pruva-cve20268054-fixed-os] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2026-07-01T15:08:58,931][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Message routing enabled: true [2026-07-01T15:08:58,996][INFO ][o.o.s.f.SecurityFilter ] [pruva-cve20268054-fixed-os] indices are made immutable. [2026-07-01T15:08:59,610][INFO ][o.o.a.b.ADCircuitBreakerService] [pruva-cve20268054-fixed-os] Registered memory breaker. [2026-07-01T15:09:00,014][INFO ][o.o.m.c.b.MLCircuitBreakerService] [pruva-cve20268054-fixed-os] Registered ML memory breaker. [2026-07-01T15:09:00,542][INFO ][o.o.t.NettyAllocator ] [pruva-cve20268054-fixed-os] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}] [2026-07-01T15:09:00,547][INFO ][o.o.s.s.t.SSLConfig ] [pruva-cve20268054-fixed-os] SSL dual mode is disabled [2026-07-01T15:09:00,665][INFO ][o.o.d.DiscoveryModule ] [pruva-cve20268054-fixed-os] using discovery type [single-node] and seed hosts providers [settings] [2026-07-01T15:09:01,401][WARN ][o.o.g.DanglingIndicesState] [pruva-cve20268054-fixed-os] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2026-07-01T15:09:02,306][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [pruva-cve20268054-fixed-os] PerformanceAnalyzer Enabled: false [2026-07-01T15:09:02,341][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] initialized [2026-07-01T15:09:02,341][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] starting ... [2026-07-01T15:09:02,522][INFO ][o.o.t.TransportService ] [pruva-cve20268054-fixed-os] publish_address {172.25.0.2:9300}, bound_addresses {[::]:9300} [2026-07-01T15:09:02,837][INFO ][o.o.c.c.Coordinator ] [pruva-cve20268054-fixed-os] setting initial configuration to VotingConfiguration{o6-bPl32QkGOIlFs9ThH7Q} [2026-07-01T15:09:03,077][INFO ][o.o.c.s.MasterService ] [pruva-cve20268054-fixed-os] elected-as-master ([1] nodes joined)[{pruva-cve20268054-fixed-os}{o6-bPl32QkGOIlFs9ThH7Q}{CoWK27MnSkugU8kxOT35dg}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{pruva-cve20268054-fixed-os}{o6-bPl32QkGOIlFs9ThH7Q}{CoWK27MnSkugU8kxOT35dg}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]} [2026-07-01T15:09:03,141][INFO ][o.o.c.c.CoordinationState] [pruva-cve20268054-fixed-os] cluster UUID set to [nl5KByeMR6uXrDF6y-sWSQ] [2026-07-01T15:09:03,186][INFO ][o.o.c.s.ClusterApplierService] [pruva-cve20268054-fixed-os] master node changed {previous [], current [{pruva-cve20268054-fixed-os}{o6-bPl32QkGOIlFs9ThH7Q}{CoWK27MnSkugU8kxOT35dg}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 1, version: 1, reason: Publication{term=1, version=1} [2026-07-01T15:09:03,200][INFO ][o.o.a.c.ADClusterEventListener] [pruva-cve20268054-fixed-os] Cluster is not recovered yet. [2026-07-01T15:09:03,213][INFO ][o.o.i.i.ManagedIndexCoordinator] [pruva-cve20268054-fixed-os] Cache master node onMaster time: 1782918543213 [2026-07-01T15:09:03,220][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [pruva-cve20268054-fixed-os] Config override setting update called with empty string. Ignoring. [2026-07-01T15:09:03,243][INFO ][o.o.h.AbstractHttpServerTransport] [pruva-cve20268054-fixed-os] publish_address {172.25.0.2:9200}, bound_addresses {[::]:9200} [2026-07-01T15:09:03,243][INFO ][o.o.n.Node ] [pruva-cve20268054-fixed-os] started [2026-07-01T15:09:03,244][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] Node started [2026-07-01T15:09:03,244][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Will attempt to create index .opendistro_security and default configs if they are absent [2026-07-01T15:09:03,247][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-fixed-os] 0 OpenSearch Security modules loaded so far: [] [2026-07-01T15:09:03,245][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Background init thread started. Install default config?: true [2026-07-01T15:09:03,249][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Wait for cluster to be available ... [2026-07-01T15:09:03,272][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-fixed-os] Node added: [o6-bPl32QkGOIlFs9ThH7Q] [2026-07-01T15:09:03,279][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-fixed-os] Add data node to AD version hash ring: o6-bPl32QkGOIlFs9ThH7Q [2026-07-01T15:09:03,284][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-fixed-os] All nodes with known AD version: {o6-bPl32QkGOIlFs9ThH7Q=ADNodeInfo{version=1.3.19, isEligibleDataNode=true}} [2026-07-01T15:09:03,284][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-fixed-os] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0 [2026-07-01T15:09:03,284][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-fixed-os] Build AD version hash ring successfully [2026-07-01T15:09:03,286][INFO ][o.o.a.c.ADDataMigrator ] [pruva-cve20268054-fixed-os] Start migrating AD data [2026-07-01T15:09:03,286][INFO ][o.o.a.c.ADDataMigrator ] [pruva-cve20268054-fixed-os] AD job index doesn't exist, no need to migrate [2026-07-01T15:09:03,286][INFO ][o.o.a.c.ADClusterEventListener] [pruva-cve20268054-fixed-os] Init AD version hash ring successfully [2026-07-01T15:09:03,334][INFO ][o.o.g.GatewayService ] [pruva-cve20268054-fixed-os] recovered [0] indices into cluster_state [2026-07-01T15:09:04,402][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-fixed-os] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:09:04,416][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-fixed-os] updating number_of_replicas to [0] for indices [.opendistro_security] [2026-07-01T15:09:04,752][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-fixed-os] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]). [2026-07-01T15:09:04,802][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Index .opendistro_security created?: true [2026-07-01T15:09:04,802][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Node started, try to initialize it. Wait for at least yellow cluster state.... [2026-07-01T15:09:04,809][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'config' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:04,991][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] create_mapping [_doc] [2026-07-01T15:09:05,143][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'config' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,144][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'roles' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,175][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,259][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'roles' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,259][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'rolesmapping' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,290][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,363][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'rolesmapping' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,363][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'internalusers' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,394][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,462][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'internalusers' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,462][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'actiongroups' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,491][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,575][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'actiongroups' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,575][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'tenants' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,604][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,674][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'tenants' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,674][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'nodesdn' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true [2026-07-01T15:09:05,698][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,801][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'nodesdn' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,801][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'whitelist' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true [2026-07-01T15:09:05,830][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:05,923][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'whitelist' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:05,924][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Will update 'audit' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:09:05,978][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [.opendistro_security/qcpVLeqRTqOtjIUU0p3zQg] update_mapping [_doc] [2026-07-01T15:09:06,048][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-fixed-os] Doc with id 'audit' and version 2 is updated in .opendistro_security index. [2026-07-01T15:09:06,443][INFO ][stdout ] [pruva-cve20268054-fixed-os] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl [2026-07-01T15:09:06,445][INFO ][stdout ] [pruva-cve20268054-fixed-os] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent [2026-07-01T15:09:06,445][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing on REST API is enabled. [2026-07-01T15:09:06,446][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing. [2026-07-01T15:09:06,446][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing on Transport API is enabled. [2026-07-01T15:09:06,446][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing. [2026-07-01T15:09:06,446][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing of request body is enabled. [2026-07-01T15:09:06,447][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Bulk requests resolution is disabled during request auditing. [2026-07-01T15:09:06,447][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Index resolution is enabled during request auditing. [2026-07-01T15:09:06,447][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Sensitive headers auditing is enabled. [2026-07-01T15:09:06,447][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing requests from kibanaserver users is disabled. [2026-07-01T15:09:06,453][WARN ][o.o.s.a.r.AuditMessageRouter] [pruva-cve20268054-fixed-os] No endpoint configured for categories [BAD_HEADERS, FAILED_LOGIN, MISSING_PRIVILEGES, GRANTED_PRIVILEGES, OPENDISTRO_SECURITY_INDEX_ATTEMPT, SSL_EXCEPTION, AUTHENTICATED, INDEX_EVENT, COMPLIANCE_DOC_READ, COMPLIANCE_DOC_WRITE, COMPLIANCE_EXTERNAL_CONFIG, COMPLIANCE_INTERNAL_CONFIG_READ, COMPLIANCE_INTERNAL_CONFIG_WRITE], using default endpoint [2026-07-01T15:09:06,453][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing of external configuration is disabled. [2026-07-01T15:09:06,453][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing of internal configuration is enabled. [2026-07-01T15:09:06,453][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing only metadata information for read request is enabled. [2026-07-01T15:09:06,453][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing will watch {} for read requests. [2026-07-01T15:09:06,453][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing read operation requests from kibanaserver users is disabled. [2026-07-01T15:09:06,454][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing only metadata information for write request is enabled. [2026-07-01T15:09:06,454][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing diffs for write requests is disabled. [2026-07-01T15:09:06,454][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing write operation requests from kibanaserver users is disabled. [2026-07-01T15:09:06,454][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Auditing will watch for write requests. [2026-07-01T15:09:06,454][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] .opendistro_security is used as internal security index. [2026-07-01T15:09:06,455][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-fixed-os] Internal index used for posting audit logs is null [2026-07-01T15:09:06,456][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Hot-reloading of audit configuration is enabled [2026-07-01T15:09:06,456][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-fixed-os] Node 'pruva-cve20268054-fixed-os' initialized [2026-07-01T15:09:39,266][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-fixed-os] [security-auditlog-2026.07.01] creating index, cause [auto(bulk api)], templates [], shards [1]/[1] [2026-07-01T15:09:39,413][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:09:39,414][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-fixed-os] updating number_of_replicas to [0] for indices [cluster_dotcms-fixed.working_20260701150939] [2026-07-01T15:09:39,585][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [security-auditlog-2026.07.01/Ig14H4f0Q4mAFCi-VwLGKA] create_mapping [_doc] [2026-07-01T15:09:39,709][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [security-auditlog-2026.07.01/Ig14H4f0Q4mAFCi-VwLGKA] update_mapping [_doc] [2026-07-01T15:09:39,843][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] create_mapping [_doc] [2026-07-01T15:09:40,024][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,097][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,173][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,284][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,355][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,431][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,500][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,573][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,642][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,711][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,778][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,847][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:40,908][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:09:40,909][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-fixed-os] updating number_of_replicas to [0] for indices [cluster_dotcms-fixed.live_20260701150939] [2026-07-01T15:09:41,092][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] create_mapping [_doc] [2026-07-01T15:09:41,157][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,220][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,299][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,383][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,462][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,541][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,614][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,705][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,781][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,840][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,897][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:41,952][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:43,126][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:43,187][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:43,194][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [security-auditlog-2026.07.01/Ig14H4f0Q4mAFCi-VwLGKA] update_mapping [_doc] [2026-07-01T15:09:43,262][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:43,412][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:43,486][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.live_20260701150939/A8TYtFK3RpaKshGK2fuvVA] update_mapping [_doc] [2026-07-01T15:09:43,543][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:43,643][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc] [2026-07-01T15:09:43,705][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-fixed-os] [cluster_dotcms-fixed.working_20260701150939/afYNVeeATVm2Z96Zb9VWyQ] update_mapping [_doc]