1. Describe your incident:
As part of a larger infrastructure deployment in a test lab, I am trying to bring up a graylog instance with a graylog datanode in docker containers. Easy enough to do that with docker run and docker-compose files. That all is working fine. I can manually go through the preflight steps and get it working. I am trying to automate preflight CA cert provisioning and distribution and have been unable to get that working.
2. Describe your environment:
- OS Information:
Apple Silicon macOS Sonoma 14.5 host with docker containers running in colima - Package Version:
6.0.2 - Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have generated a CA and provided the ca.pem file to manual preflight, which work so I know the ca.pem file is good. I am mounting the folder where the ca.pem is stored to the graynode container and executing the securityadmin.sh script.
First problem is that the securityadmin.sh script can’t find java. I think it has to do with the OS being an arm64 version instead of x86:
root@datanode:/# uname -a
Linux datanode 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 02:32:42 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
I fixed that by finding the JAVA_HOME via a docker exec find command and then run the securityadmin.sh providing the JAVA_HOME variable. The output from that is:
Will connect to localhost:9200
ERR: Seems there is no OpenSearch running on localhost:9200 - Will exit
4. How can the community help?
I know the securityadmin.sh is deprecated. Maybe so long ago it is now actually not supported. Is there another way to automate the use of my CA certificate so that I don’t have to go through the manual preflight?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]