elastic/elasticsearch

Reduce error logging from security during node startup

Open

#61.182 aperta il 17 ago 2020

Vedi su GitHub
 (2 commenti) (2 reazioni) (0 assegnatari)Java (25.882 fork)batch import
:Security/Security>bugTeam:Securityhelp wanted

Metriche repository

Star
 (76.700 star)
Metriche merge PR
 (Merge medio 2g) (1000 PR mergiate in 30 g)

Descrizione

There are places (e.g. NativeUsersStore) where we log a message at ERROR level if the security index exists, but is unavailable.

During normal operation, that's a reasonable things to treat as an error. However, during node/cluster startup, it is normal for the security index to exist, but not yet be recovered. In those cases the ERROR message is extreme and leads to confusions - admins may treat this as a sign of a cluster problem, when it is in fact a normal operation.

We should log something - the admin should be informed at authc is failing because the cluster hasn't fully recovered yet - but the message should reflect "cluster is still starting up, cannot authenticate against native realm".

The native users store is not the only example of this, but it's the main one.

Guida contributor