Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin OpenSearch Security Demo Installer ** Warning: Do not use on production or public reachable systems ** Basedir: /usr/share/opensearch OpenSearch install type: rpm/deb on NAME="Amazon Linux" OpenSearch config dir: /usr/share/opensearch/config OpenSearch config file: /usr/share/opensearch/config/opensearch.yml OpenSearch bin dir: /usr/share/opensearch/bin OpenSearch plugins dir: /usr/share/opensearch/plugins OpenSearch lib dir: /usr/share/opensearch/lib Detected OpenSearch Version: x-content-1.3.19 Detected OpenSearch Security Version: 1.3.19.0 ### Success ### Execute this script now on all your nodes and then start all nodes ### OpenSearch Security will be automatically initialized. ### If you like to change the runtime configuration ### change the files in ../securityconfig and execute: "/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh" -cd "/usr/share/opensearch/plugins/opensearch-security/securityconfig" -icl -key "/usr/share/opensearch/config/kirk-key.pem" -cert "/usr/share/opensearch/config/kirk.pem" -cacert "/usr/share/opensearch/config/root-ca.pem" -nhnv ### or run ./securityadmin_demo.sh ### To use the Security Plugin ConfigurationGUI ### To access your secured cluster open https://: and log in with admin/admin. ### (Ignore the SSL certificate warning because we installed self-signed demo certificates) Enabling OpenSearch Security Plugin Enabling execution of OPENSEARCH_HOME/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli for OpenSearch Performance Analyzer Plugin [2026-07-01T15:06:55,691][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] version[1.3.19], pid[1], build[tar/3ce0904c5e452a18ba343eecf04005bfd91b3249/2024-08-23T00:37:19.891640Z], OS[Linux/5.10.250-1-MANJARO/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/11.0.24/11.0.24+8] [2026-07-01T15:06:55,694][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] JVM home [/usr/share/opensearch/jdk], using bundled JDK [true] [2026-07-01T15:06:55,695][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-1427262883546262602, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=/usr/share/opensearch/config/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dopensearch.cgroups.hierarchy.override=/, -Xmx1G, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/opensearch, -Dopensearch.path.conf=/usr/share/opensearch/config, -Dopensearch.distribution.type=tar, -Dopensearch.bundled_jdk=true] [2026-07-01T15:06:57,674][WARN ][stderr ] [pruva-cve20268054-vuln-os] SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". [2026-07-01T15:06:57,674][WARN ][stderr ] [pruva-cve20268054-vuln-os] SLF4J: Defaulting to no-operation (NOP) logger implementation [2026-07-01T15:06:57,674][WARN ][stderr ] [pruva-cve20268054-vuln-os] SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. [2026-07-01T15:06:57,693][INFO ][o.o.s.s.t.SSLConfig ] [pruva-cve20268054-vuln-os] SSL dual mode is disabled [2026-07-01T15:06:57,693][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] OpenSearch Config path is /usr/share/opensearch/config [2026-07-01T15:06:58,035][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] JVM supports TLSv1.3 [2026-07-01T15:06:58,036][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] Config directory is /usr/share/opensearch/config/, from there the key- and truststore files are resolved relatively [2026-07-01T15:06:58,551][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] TLS Transport Client Provider : JDK [2026-07-01T15:06:58,551][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] TLS Transport Server Provider : JDK [2026-07-01T15:06:58,551][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] TLS HTTP Provider : JDK [2026-07-01T15:06:58,551][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2] [2026-07-01T15:06:58,551][INFO ][o.o.s.s.DefaultSecurityKeyStore] [pruva-cve20268054-vuln-os] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2] [2026-07-01T15:06:58,759][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] Clustername: elastic-cluster [2026-07-01T15:06:58,763][WARN ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] Directory /usr/share/opensearch/config has insecure file permissions (should be 0700) [2026-07-01T15:06:59,546][INFO ][o.o.p.c.PluginSettings ] [pruva-cve20268054-vuln-os] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600 [2026-07-01T15:06:59,879][INFO ][o.o.i.r.ReindexPlugin ] [pruva-cve20268054-vuln-os] ReindexPlugin reloadSPI called [2026-07-01T15:06:59,880][INFO ][o.o.i.r.ReindexPlugin ] [pruva-cve20268054-vuln-os] Unable to find any implementation for RemoteReindexExtension [2026-07-01T15:06:59,903][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-vuln-os] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs [2026-07-01T15:06:59,932][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-vuln-os] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions [2026-07-01T15:06:59,933][INFO ][o.o.j.JobSchedulerPlugin ] [pruva-cve20268054-vuln-os] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config [2026-07-01T15:06:59,937][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [aggs-matrix-stats] [2026-07-01T15:06:59,937][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [analysis-common] [2026-07-01T15:06:59,937][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [geo] [2026-07-01T15:06:59,937][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [ingest-common] [2026-07-01T15:06:59,937][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [ingest-geoip] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [ingest-user-agent] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [lang-expression] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [lang-mustache] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [lang-painless] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [mapper-extras] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [opensearch-dashboards] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [parent-join] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [percolator] [2026-07-01T15:06:59,938][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [rank-eval] [2026-07-01T15:06:59,939][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [reindex] [2026-07-01T15:06:59,939][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [repository-url] [2026-07-01T15:06:59,939][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded module [transport-netty4] [2026-07-01T15:06:59,939][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-alerting] [2026-07-01T15:06:59,939][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-anomaly-detection] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-asynchronous-search] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-cross-cluster-replication] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-index-management] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-job-scheduler] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-knn] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-ml] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-observability] [2026-07-01T15:06:59,940][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-performance-analyzer] [2026-07-01T15:06:59,941][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-reports-scheduler] [2026-07-01T15:06:59,941][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-security] [2026-07-01T15:06:59,941][INFO ][o.o.p.PluginsService ] [pruva-cve20268054-vuln-os] loaded plugin [opensearch-sql] [2026-07-01T15:06:59,961][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml [2026-07-01T15:06:59,973][DEPRECATION][o.o.d.c.s.Settings ] [pruva-cve20268054-vuln-os] [node.max_local_storage_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version. [2026-07-01T15:06:59,982][INFO ][o.o.e.NodeEnvironment ] [pruva-cve20268054-vuln-os] using [1] data paths, mounts [[/ (overlay)]], net usable_space [101gb], net total_space [451.4gb], types [overlay] [2026-07-01T15:06:59,982][INFO ][o.o.e.NodeEnvironment ] [pruva-cve20268054-vuln-os] heap size [1gb], compressed ordinary object pointers [true] [2026-07-01T15:07:00,017][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] node name [pruva-cve20268054-vuln-os], node ID [_J532pyYQ9mG0h8kNbQHGQ], cluster name [elastic-cluster], roles [master, remote_cluster_client, data, ingest] [2026-07-01T15:07:03,949][WARN ][o.o.s.c.Salt ] [pruva-cve20268054-vuln-os] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2026-07-01T15:07:03,976][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Message routing enabled: true [2026-07-01T15:07:04,047][INFO ][o.o.s.f.SecurityFilter ] [pruva-cve20268054-vuln-os] indices are made immutable. [2026-07-01T15:07:04,621][INFO ][o.o.a.b.ADCircuitBreakerService] [pruva-cve20268054-vuln-os] Registered memory breaker. [2026-07-01T15:07:05,064][INFO ][o.o.m.c.b.MLCircuitBreakerService] [pruva-cve20268054-vuln-os] Registered ML memory breaker. [2026-07-01T15:07:05,725][INFO ][o.o.t.NettyAllocator ] [pruva-cve20268054-vuln-os] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}] [2026-07-01T15:07:05,732][INFO ][o.o.s.s.t.SSLConfig ] [pruva-cve20268054-vuln-os] SSL dual mode is disabled [2026-07-01T15:07:05,864][INFO ][o.o.d.DiscoveryModule ] [pruva-cve20268054-vuln-os] using discovery type [single-node] and seed hosts providers [settings] [2026-07-01T15:07:06,479][WARN ][o.o.g.DanglingIndicesState] [pruva-cve20268054-vuln-os] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2026-07-01T15:07:07,254][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [pruva-cve20268054-vuln-os] PerformanceAnalyzer Enabled: false [2026-07-01T15:07:07,307][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] initialized [2026-07-01T15:07:07,307][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] starting ... [2026-07-01T15:07:07,539][INFO ][o.o.t.TransportService ] [pruva-cve20268054-vuln-os] publish_address {172.25.0.2:9300}, bound_addresses {[::]:9300} [2026-07-01T15:07:07,851][INFO ][o.o.c.c.Coordinator ] [pruva-cve20268054-vuln-os] setting initial configuration to VotingConfiguration{_J532pyYQ9mG0h8kNbQHGQ} [2026-07-01T15:07:08,105][INFO ][o.o.c.s.MasterService ] [pruva-cve20268054-vuln-os] elected-as-master ([1] nodes joined)[{pruva-cve20268054-vuln-os}{_J532pyYQ9mG0h8kNbQHGQ}{ATsvHl2ORDiqzxUU-iPx1w}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{pruva-cve20268054-vuln-os}{_J532pyYQ9mG0h8kNbQHGQ}{ATsvHl2ORDiqzxUU-iPx1w}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]} [2026-07-01T15:07:08,184][INFO ][o.o.c.c.CoordinationState] [pruva-cve20268054-vuln-os] cluster UUID set to [KAnh3HtgQre2KlGH4z17QA] [2026-07-01T15:07:08,273][INFO ][o.o.c.s.ClusterApplierService] [pruva-cve20268054-vuln-os] master node changed {previous [], current [{pruva-cve20268054-vuln-os}{_J532pyYQ9mG0h8kNbQHGQ}{ATsvHl2ORDiqzxUU-iPx1w}{172.25.0.2}{172.25.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 1, version: 1, reason: Publication{term=1, version=1} [2026-07-01T15:07:08,290][INFO ][o.o.a.c.ADClusterEventListener] [pruva-cve20268054-vuln-os] Cluster is not recovered yet. [2026-07-01T15:07:08,311][INFO ][o.o.i.i.ManagedIndexCoordinator] [pruva-cve20268054-vuln-os] Cache master node onMaster time: 1782918428311 [2026-07-01T15:07:08,328][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [pruva-cve20268054-vuln-os] Config override setting update called with empty string. Ignoring. [2026-07-01T15:07:08,389][INFO ][o.o.h.AbstractHttpServerTransport] [pruva-cve20268054-vuln-os] publish_address {172.25.0.2:9200}, bound_addresses {[::]:9200} [2026-07-01T15:07:08,389][INFO ][o.o.n.Node ] [pruva-cve20268054-vuln-os] started [2026-07-01T15:07:08,390][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] Node started [2026-07-01T15:07:08,391][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Will attempt to create index .opendistro_security and default configs if they are absent [2026-07-01T15:07:08,394][INFO ][o.o.s.OpenSearchSecurityPlugin] [pruva-cve20268054-vuln-os] 0 OpenSearch Security modules loaded so far: [] [2026-07-01T15:07:08,394][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Background init thread started. Install default config?: true [2026-07-01T15:07:08,398][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Wait for cluster to be available ... [2026-07-01T15:07:08,419][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-vuln-os] Node added: [_J532pyYQ9mG0h8kNbQHGQ] [2026-07-01T15:07:08,428][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-vuln-os] Add data node to AD version hash ring: _J532pyYQ9mG0h8kNbQHGQ [2026-07-01T15:07:08,432][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-vuln-os] All nodes with known AD version: {_J532pyYQ9mG0h8kNbQHGQ=ADNodeInfo{version=1.3.19, isEligibleDataNode=true}} [2026-07-01T15:07:08,434][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-vuln-os] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0 [2026-07-01T15:07:08,435][INFO ][o.o.a.c.HashRing ] [pruva-cve20268054-vuln-os] Build AD version hash ring successfully [2026-07-01T15:07:08,436][INFO ][o.o.a.c.ADDataMigrator ] [pruva-cve20268054-vuln-os] Start migrating AD data [2026-07-01T15:07:08,436][INFO ][o.o.a.c.ADDataMigrator ] [pruva-cve20268054-vuln-os] AD job index doesn't exist, no need to migrate [2026-07-01T15:07:08,436][INFO ][o.o.a.c.ADClusterEventListener] [pruva-cve20268054-vuln-os] Init AD version hash ring successfully [2026-07-01T15:07:08,482][INFO ][o.o.g.GatewayService ] [pruva-cve20268054-vuln-os] recovered [0] indices into cluster_state [2026-07-01T15:07:09,650][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-vuln-os] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:07:09,673][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-vuln-os] updating number_of_replicas to [0] for indices [.opendistro_security] [2026-07-01T15:07:10,096][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-vuln-os] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]). [2026-07-01T15:07:10,150][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Index .opendistro_security created?: true [2026-07-01T15:07:10,151][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Node started, try to initialize it. Wait for at least yellow cluster state.... [2026-07-01T15:07:10,157][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'config' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,311][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] create_mapping [_doc] [2026-07-01T15:07:10,462][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'config' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:10,463][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'roles' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,503][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:10,593][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'roles' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:10,593][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'rolesmapping' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,626][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:10,700][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'rolesmapping' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:10,701][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'internalusers' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,732][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:10,848][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'internalusers' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:10,849][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'actiongroups' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,878][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:10,961][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'actiongroups' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:10,961][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'tenants' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:10,985][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:11,058][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'tenants' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:11,059][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'nodesdn' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true [2026-07-01T15:07:11,081][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:11,159][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'nodesdn' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:11,160][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'whitelist' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true [2026-07-01T15:07:11,180][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:11,246][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'whitelist' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:11,247][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Will update 'audit' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false [2026-07-01T15:07:11,296][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [.opendistro_security/r9zQUCFhQG6hIfztbF4aog] update_mapping [_doc] [2026-07-01T15:07:11,376][INFO ][o.o.s.s.ConfigHelper ] [pruva-cve20268054-vuln-os] Doc with id 'audit' and version 2 is updated in .opendistro_security index. [2026-07-01T15:07:11,834][INFO ][stdout ] [pruva-cve20268054-vuln-os] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl [2026-07-01T15:07:11,835][INFO ][stdout ] [pruva-cve20268054-vuln-os] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent [2026-07-01T15:07:11,836][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing on REST API is enabled. [2026-07-01T15:07:11,837][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing. [2026-07-01T15:07:11,837][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing on Transport API is enabled. [2026-07-01T15:07:11,837][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing. [2026-07-01T15:07:11,838][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing of request body is enabled. [2026-07-01T15:07:11,838][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Bulk requests resolution is disabled during request auditing. [2026-07-01T15:07:11,839][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Index resolution is enabled during request auditing. [2026-07-01T15:07:11,839][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Sensitive headers auditing is enabled. [2026-07-01T15:07:11,840][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing requests from kibanaserver users is disabled. [2026-07-01T15:07:11,846][WARN ][o.o.s.a.r.AuditMessageRouter] [pruva-cve20268054-vuln-os] No endpoint configured for categories [BAD_HEADERS, FAILED_LOGIN, MISSING_PRIVILEGES, GRANTED_PRIVILEGES, OPENDISTRO_SECURITY_INDEX_ATTEMPT, SSL_EXCEPTION, AUTHENTICATED, INDEX_EVENT, COMPLIANCE_DOC_READ, COMPLIANCE_DOC_WRITE, COMPLIANCE_EXTERNAL_CONFIG, COMPLIANCE_INTERNAL_CONFIG_READ, COMPLIANCE_INTERNAL_CONFIG_WRITE], using default endpoint [2026-07-01T15:07:11,846][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing of external configuration is disabled. [2026-07-01T15:07:11,846][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing of internal configuration is enabled. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing only metadata information for read request is enabled. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing will watch {} for read requests. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing read operation requests from kibanaserver users is disabled. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing only metadata information for write request is enabled. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing diffs for write requests is disabled. [2026-07-01T15:07:11,847][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing write operation requests from kibanaserver users is disabled. [2026-07-01T15:07:11,848][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Auditing will watch for write requests. [2026-07-01T15:07:11,848][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] .opendistro_security is used as internal security index. [2026-07-01T15:07:11,848][INFO ][o.o.s.a.i.AuditLogImpl ] [pruva-cve20268054-vuln-os] Internal index used for posting audit logs is null [2026-07-01T15:07:11,849][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Hot-reloading of audit configuration is enabled [2026-07-01T15:07:11,849][INFO ][o.o.s.c.ConfigurationRepository] [pruva-cve20268054-vuln-os] Node 'pruva-cve20268054-vuln-os' initialized [2026-07-01T15:07:52,445][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-vuln-os] [security-auditlog-2026.07.01] creating index, cause [auto(bulk api)], templates [], shards [1]/[1] [2026-07-01T15:07:52,641][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:07:52,642][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-vuln-os] updating number_of_replicas to [0] for indices [cluster_dotcms-vuln.working_20260701150752] [2026-07-01T15:07:52,724][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [security-auditlog-2026.07.01/7ZIQ8gjzQqyrbHneV1092g] create_mapping [_doc] [2026-07-01T15:07:52,984][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] create_mapping [_doc] [2026-07-01T15:07:53,173][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,240][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,319][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,386][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,475][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,850][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,921][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:53,998][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:54,075][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:54,147][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:54,209][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:54,274][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:54,336][INFO ][o.o.c.m.MetadataCreateIndexService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752] creating index, cause [api], templates [], shards [1]/[1] [2026-07-01T15:07:54,337][INFO ][o.o.c.r.a.AllocationService] [pruva-cve20268054-vuln-os] updating number_of_replicas to [0] for indices [cluster_dotcms-vuln.live_20260701150752] [2026-07-01T15:07:54,553][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] create_mapping [_doc] [2026-07-01T15:07:54,638][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:54,712][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:54,769][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:54,829][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:54,889][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:54,963][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,023][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,086][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,144][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,201][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,297][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:55,365][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:56,630][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:56,681][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [security-auditlog-2026.07.01/7ZIQ8gjzQqyrbHneV1092g] update_mapping [_doc] [2026-07-01T15:07:56,705][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:56,777][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:56,933][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:56,948][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.live_20260701150752/dw1P3XYUQfCSWPJbA3Wk7A] update_mapping [_doc] [2026-07-01T15:07:57,029][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:57,102][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:07:57,174][INFO ][o.o.c.m.MetadataMappingService] [pruva-cve20268054-vuln-os] [cluster_dotcms-vuln.working_20260701150752/p8beCNATS4e1XyRliPaMtg] update_mapping [_doc] [2026-07-01T15:08:08,315][INFO ][o.o.i.i.ManagedIndexCoordinator] [pruva-cve20268054-vuln-os] Performing move cluster state metadata. [2026-07-01T15:08:08,317][INFO ][o.o.i.i.MetadataService ] [pruva-cve20268054-vuln-os] ISM config index not exist, so we cancel the metadata migration job. [2026-07-01T15:08:08,319][INFO ][o.o.i.i.ManagedIndexCoordinator] [pruva-cve20268054-vuln-os] Performing ISM template migration. [2026-07-01T15:08:08,320][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] Doing ISM template migration 1 time. [2026-07-01T15:08:08,321][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] Use 2026-07-01T14:07:08.311Z as migrating ISM template last_updated_time [2026-07-01T15:08:08,322][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] ISM templates: {} [2026-07-01T15:08:08,323][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] Policies to update: [] [2026-07-01T15:08:08,330][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] Failure experienced when migrating ISM Template and update ISM policies: {} [2026-07-01T15:08:08,405][INFO ][o.o.c.s.ClusterSettings ] [pruva-cve20268054-vuln-os] updating [plugins.index_state_management.template_migration.control] from [0] to [-1] [2026-07-01T15:08:08,408][INFO ][o.o.i.i.m.ISMTemplateService] [pruva-cve20268054-vuln-os] Successfully update template migration setting