Graylog 7 Data Node migration from OpenSearch 2.19.2-1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident: I am attempting to do an in-place migration from OpenSearch 2.19.2-1 to Graylog Data Node 7.0.5-2 using the documentation available at Data Node Migration

2. Describe your environment:

• OS Information: Rocky Linux 8.10 (Green Obsidian)

• Package Version: OpenSearch 2.19.2-1 (currently running), Graylog Data Node 7.0.5-2

• Service logs, configurations, and environment variables:

Graylog datanode conf:

node_id_file = /var/lib/graylog-datanode/node-id
node_name = my-opensrch-01
password_secret = <actual, correct graylog secret>
mongodb_uri = mongodb://graylog:graylog-nice-pw@my-graylog-01.mydomain.com:27017,my-graylog-02.mydomain.com:27017,my-graylog-03.mydomain.com:27017/graylog?replicaSet=rs0

bind_address = 10.10.0.237
datanode_http_port = 8999
http_publish_uri = http://10.10.0.237:8999/

clustername = graylog-search
node_roles = data,cluster_manager
initial_cluster_manager_nodes = my-opensrch-01.mydomain.com,my-opensrch-02.mydomain.com,my-opensrch-03.mydomain.com
opensearch_discovery_seed_hosts = 10.10.0.237,10.10.0.238,10.10.0.239

opensearch_network_host = 10.10.0.237
opensearch_http_port = 9200
opensearch_transport_port = 9300
opensearch_location = /usr/share/opensearch/
opensearch_data_location = /mnt/opensearch/
opensearch_logs_location = /var/log/graylog-datanode/opensearch/

Datanode.log file:

2026-03-30T09:28:24.312-07:00 WARN  [CmdLineTool] Couldn't create native lib dir </datanode/config/native_libs>. Unable to set ZstdTempFolder system property.
java.nio.file.AccessDeniedException: /datanode
	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createAndCheckIsDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createDirectories(Unknown Source)
	at org.graylog2.bootstrap.CmdLineTool.doRun(CmdLineTool.java:310)
	at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:287)
	at org.graylog.datanode.bootstrap.Main.main(Main.java:59)
2026-03-30T09:28:24.408-07:00 INFO  [ImmutableFeatureFlagsCollector] Following feature flags are used: {}
2026-03-30T09:28:24.410-07:00 WARN  [PluginLoader] Plugin directory /plugin does not exist, not loading plugins.
2026-03-30T09:28:24.649-07:00 INFO  [CmdLineTool] Running with JVM arguments: -Dlog4j.configurationFile=file:///etc/graylog/datanode/log4j2.xml -Xms1g -Xmx1g -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -XX:+UnlockExperimentalVMOptions -Djdk.tls.acknowledgeCloseNotify=true
2026-03-30T09:28:24.878-07:00 INFO  [cluster] Adding discovered server my-graylog-01.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:24.890-07:00 INFO  [cluster] Adding discovered server my-graylog-02.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:24.890-07:00 INFO  [cluster] Adding discovered server my-graylog-03.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:24.906-07:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "5.6.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "4.18.0-553.el8_10.x86_64"}, "platform": "Java/Eclipse Adoptium/21.0.10+7-LTS"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=MongoCredential{mechanism=null, userName='graylog', source='graylog', password=<hidden>, mechanismProperties=<hidden>}, transportSettings=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, com.mongodb.client.model.mql.ExpressionCodecProvider@2262d6d5, com.mongodb.Jep395RecordCodecProvider@40de8f93, com.mongodb.KotlinCodecProvider@6ff0b1cc, EnumCodecProvider{}]}, loggerSettings=LoggerSettings{maxDocumentLength=1000}, clusterSettings={hosts=[my-graylog-01.mydomain.com:27017, my-graylog-02.mydomain.com:27017, my-graylog-03.mydomain.com:27017], srvServiceName=mongodb, mode=MULTIPLE, requiredClusterType=REPLICA_SET, requiredReplicaSetName='rs0', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='15 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverMonitoringMode=AUTO, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, dnsClient=null, inetAddressResolver=null, contextProvider=null, timeoutMS=null}
2026-03-30T09:28:24.907-07:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "5.6.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "4.18.0-553.el8_10.x86_64"}, "platform": "Java/Eclipse Adoptium/21.0.10+7-LTS"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=MongoCredential{mechanism=null, userName='graylog', source='graylog', password=<hidden>, mechanismProperties=<hidden>}, transportSettings=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, com.mongodb.client.model.mql.ExpressionCodecProvider@2262d6d5, com.mongodb.Jep395RecordCodecProvider@40de8f93, com.mongodb.KotlinCodecProvider@6ff0b1cc, EnumCodecProvider{}]}, loggerSettings=LoggerSettings{maxDocumentLength=1000}, clusterSettings={hosts=[my-graylog-01.mydomain.com:27017, my-graylog-02.mydomain.com:27017, my-graylog-03.mydomain.com:27017], srvServiceName=mongodb, mode=MULTIPLE, requiredClusterType=REPLICA_SET, requiredReplicaSetName='rs0', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='15 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverMonitoringMode=AUTO, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, dnsClient=null, inetAddressResolver=null, contextProvider=null, timeoutMS=null}
2026-03-30T09:28:24.928-07:00 INFO  [cluster] Waiting for server to become available for operation { ping: 1 } with ID 5. Remaining time: 29995 ms. Selector: ReadPreferenceServerSelector{readPreference=primary}, topology description: {type=REPLICA_SET, servers=[{address=my-graylog-03.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}, {address=my-graylog-01.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}, {address=my-graylog-02.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}].
2026-03-30T09:28:24.938-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-02.mydomain.com:27017, type=REPLICA_SET_PRIMARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=15526300, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-02:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=7fffffff00000000000000a2, setVersion=5, topologyVersion=TopologyVersion{processId=69c5734b7911307697c7fb33, counter=7}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269263784977}
2026-03-30T09:28:24.938-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-01.mydomain.com:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=16226075, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-01.mydomain.com:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5729ebb9e82ecc9da539c, counter=10}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269263765349}
2026-03-30T09:28:24.938-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-03.mydomain.com:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=15480240, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-03:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5736d190a4b6ade386cca, counter=5}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269263762203}
2026-03-30T09:28:24.940-07:00 INFO  [cluster] Adding discovered server my-graylog-03:27017 to client view of cluster
2026-03-30T09:28:24.941-07:00 INFO  [cluster] Adding discovered server my-graylog-02:27017 to client view of cluster
2026-03-30T09:28:24.941-07:00 INFO  [cluster] Server my-graylog-03.mydomain.com:27017 is no longer a member of the replica set.  Removing from client view of cluster.
2026-03-30T09:28:24.943-07:00 INFO  [cluster] Server my-graylog-02.mydomain.com:27017 is no longer a member of the replica set.  Removing from client view of cluster.
2026-03-30T09:28:24.943-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-03:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=948417, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-03:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5736d190a4b6ade386cca, counter=5}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269280325280}
2026-03-30T09:28:24.943-07:00 INFO  [cluster] Discovered replica set primary my-graylog-02.mydomain.com:27017 with max election id 7fffffff00000000000000a2 and max set version 5
2026-03-30T09:28:24.944-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-02:27017, type=REPLICA_SET_PRIMARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=924691, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-02:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=7fffffff00000000000000a2, setVersion=5, topologyVersion=TopologyVersion{processId=69c5734b7911307697c7fb33, counter=7}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269281636209}
2026-03-30T09:28:24.945-07:00 INFO  [cluster] Discovered replica set primary my-graylog-02:27017 with max election id 7fffffff00000000000000a2 and max set version 5
2026-03-30T09:28:25.001-07:00 INFO  [DatanodeDirectories] Opensearch of the node 2e68dfab-c04b-40d6-a7c4-451dc771202a uses following directories as its storage: DatanodeDirectories{dataTargetDir='/mnt/opensearch', logsTargetDir='/var/log/graylog-datanode/opensearch', configurationSourceDir='Optional.empty', configurationTargetDir='/datanode/config'}
2026-03-30T09:28:25.028-07:00 INFO  [cluster] Adding discovered server my-graylog-01.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:25.028-07:00 INFO  [cluster] Adding discovered server my-graylog-02.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:25.029-07:00 INFO  [cluster] Adding discovered server my-graylog-03.mydomain.com:27017 to client view of cluster
2026-03-30T09:28:25.029-07:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "5.6.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "4.18.0-553.el8_10.x86_64"}, "platform": "Java/Eclipse Adoptium/21.0.10+7-LTS"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=MongoCredential{mechanism=null, userName='graylog', source='graylog', password=<hidden>, mechanismProperties=<hidden>}, transportSettings=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, com.mongodb.client.model.mql.ExpressionCodecProvider@2262d6d5, com.mongodb.Jep395RecordCodecProvider@40de8f93, com.mongodb.KotlinCodecProvider@6ff0b1cc, EnumCodecProvider{}]}, loggerSettings=LoggerSettings{maxDocumentLength=1000}, clusterSettings={hosts=[my-graylog-01.mydomain.com:27017, my-graylog-02.mydomain.com:27017, my-graylog-03.mydomain.com:27017], srvServiceName=mongodb, mode=MULTIPLE, requiredClusterType=REPLICA_SET, requiredReplicaSetName='rs0', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='15 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverMonitoringMode=AUTO, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, dnsClient=null, inetAddressResolver=null, contextProvider=null, timeoutMS=null}
2026-03-30T09:28:25.030-07:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "5.6.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "4.18.0-553.el8_10.x86_64"}, "platform": "Java/Eclipse Adoptium/21.0.10+7-LTS"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=MongoCredential{mechanism=null, userName='graylog', source='graylog', password=<hidden>, mechanismProperties=<hidden>}, transportSettings=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, com.mongodb.client.model.mql.ExpressionCodecProvider@2262d6d5, com.mongodb.Jep395RecordCodecProvider@40de8f93, com.mongodb.KotlinCodecProvider@6ff0b1cc, EnumCodecProvider{}]}, loggerSettings=LoggerSettings{maxDocumentLength=1000}, clusterSettings={hosts=[my-graylog-01.mydomain.com:27017, my-graylog-02.mydomain.com:27017, my-graylog-03.mydomain.com:27017], srvServiceName=mongodb, mode=MULTIPLE, requiredClusterType=REPLICA_SET, requiredReplicaSetName='rs0', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='15 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, proxySettings=ProxySettings{host=null, port=null, username=null, password=null}}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverMonitoringMode=AUTO, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, dnsClient=null, inetAddressResolver=null, contextProvider=null, timeoutMS=null}
2026-03-30T09:28:25.030-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-01.mydomain.com:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=904852, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-01.mydomain.com:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5729ebb9e82ecc9da539c, counter=10}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269367546992}
2026-03-30T09:28:25.030-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-02.mydomain.com:27017, type=REPLICA_SET_PRIMARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=775963, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-02:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=7fffffff00000000000000a2, setVersion=5, topologyVersion=TopologyVersion{processId=69c5734b7911307697c7fb33, counter=7}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269367749064}
2026-03-30T09:28:25.031-07:00 INFO  [cluster] Adding discovered server my-graylog-03:27017 to client view of cluster
2026-03-30T09:28:25.031-07:00 INFO  [cluster] Waiting for server to become available for operation { ping: 1 } with ID 24. Remaining time: 29999 ms. Selector: ReadPreferenceServerSelector{readPreference=primary}, topology description: {type=REPLICA_SET, servers=[{address=my-graylog-03.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}, {address=my-graylog-01.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}, {address=my-graylog-02.mydomain.com:27017, type=UNKNOWN, state=CONNECTING}].
2026-03-30T09:28:25.031-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-03.mydomain.com:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=827242, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-03:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5736d190a4b6ade386cca, counter=5}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269368087439}
2026-03-30T09:28:25.031-07:00 INFO  [cluster] Adding discovered server my-graylog-02:27017 to client view of cluster
2026-03-30T09:28:25.032-07:00 INFO  [cluster] Server my-graylog-03.mydomain.com:27017 is no longer a member of the replica set.  Removing from client view of cluster.
2026-03-30T09:28:25.032-07:00 INFO  [cluster] Server my-graylog-02.mydomain.com:27017 is no longer a member of the replica set.  Removing from client view of cluster.
2026-03-30T09:28:25.032-07:00 INFO  [cluster] Discovered replica set primary my-graylog-02.mydomain.com:27017 with max election id 7fffffff00000000000000a2 and max set version 5
2026-03-30T09:28:25.033-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-02:27017, type=REPLICA_SET_PRIMARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=1181238, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-02:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=7fffffff00000000000000a2, setVersion=5, topologyVersion=TopologyVersion{processId=69c5734b7911307697c7fb33, counter=7}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269370643219}
2026-03-30T09:28:25.033-07:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=my-graylog-03:27017, type=REPLICA_SET_SECONDARY, cryptd=false, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=27, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=1308033, minRoundTripTimeNanos=0, setName='rs0', canonicalAddress=my-graylog-03:27017, hosts=[my-graylog-03:27017, my-graylog-01.mydomain.com:27017, my-graylog-02:27017], passives=[], arbiters=[], primary='my-graylog-02:27017', tagSet=TagSet{[]}, electionId=null, setVersion=5, topologyVersion=TopologyVersion{processId=69c5736d190a4b6ade386cca, counter=5}, lastWriteDate=Mon Mar 30 09:28:24 PDT 2026, lastUpdateTimeNanos=36535269370654100}
2026-03-30T09:28:25.034-07:00 INFO  [cluster] Discovered replica set primary my-graylog-02:27017 with max election id 7fffffff00000000000000a2 and max set version 5
2026-03-30T09:28:25.060-07:00 INFO  [MongoDBPreflightCheck] Connected to MongoDB version 8.2.5
2026-03-30T09:28:25.062-07:00 ERROR [CmdLineTool] Startup error:
java.lang.IllegalArgumentException: Could not detect any opensearch distribution. Directory used for Opensearch detection: /usr/share/opensearch. Please configure opensearch_location to a directory that contains an opensearch distribution for your architecture x64. You can download Opensearch from https://opensearch.org/downloads.html . Please extract the downloaded distribution and point opensearch_location configuration option to that directory.
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.createErrorMessage(OpensearchDistributionProvider.java:104)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.createErrorMessage(OpensearchDistributionProvider.java:98)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.detectInSubdirectory(OpensearchDistributionProvider.java:87)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.lambda$detectInDirectory$1(OpensearchDistributionProvider.java:69)
	at java.base/java.util.Optional.orElseGet(Unknown Source)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.detectInDirectory(OpensearchDistributionProvider.java:69)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.lambda$new$0(OpensearchDistributionProvider.java:55)
	at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:201)
	at org.graylog.datanode.configuration.OpensearchDistributionProvider.get(OpensearchDistributionProvider.java:60)
	at org.graylog.datanode.bootstrap.preflight.OpensearchBinPreflightCheck.runCheck(OpensearchBinPreflightCheck.java:52)
	at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:421)
	at org.graylog2.bootstrap.preflight.PreflightCheckService.runChecks(PreflightCheckService.java:52)
	at org.graylog.datanode.bootstrap.DatanodeBootstrap.runPreFlightChecks(DatanodeBootstrap.java:81)
	at org.graylog.datanode.bootstrap.DatanodeBootstrap.beforeInjectorCreation(DatanodeBootstrap.java:76)
	at org.graylog2.bootstrap.CmdLineTool.doRun(CmdLineTool.java:362)
	at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:287)
	at org.graylog.datanode.bootstrap.Main.main(Main.java:59)

3. What steps have you already taken to try and solve the problem?

I have dug through the documentation extensively, I have tried various paths for the Opensearch_location setting, all based off of the output from rpm -ql opensearch, which returns 3 primary directories:

/etc/opensearch
/usr/share/opensearch
/var/lib/opensearch

Opensearch is configured as specified in the graylog 6.3 documentation: the data and log directories are chown’d opensearch:opensearch and have been for quite some time, this is still a currently working configuration

The contents of /mnt/opensearch:

ls -lah /mnt/opensearch/
total 20K
drwxr-xr-x. 3 opensearch opensearch 195 Jan 24  2025 .
drwxr-xr-x. 5 root       root        62 Feb 20 18:29 ..
-rw-r--r--. 1 opensearch opensearch   5 May 30  2025 batch_metrics_enabled.conf
-rw-r--r--. 1 opensearch opensearch   5 May 30  2025 logging_enabled.conf
drwxr-xr-x. 3 opensearch opensearch  15 Jan 24  2025 nodes
-rw-r--r--. 1 opensearch opensearch   5 May 30  2025 performance_analyzer_enabled.conf
-rw-r--r--. 1 opensearch opensearch   5 May 30  2025 rca_enabled.conf
-rw-r--r--. 1 opensearch opensearch   5 May 30  2025 thread_contention_monitoring_enabled.conf

4. How can the community help?

What am I missing at this point? I have the data directory pointed to where the current opensearch data lives, I have the opensearch_location pointed at what I believe is the distribution location, I have a currently working opensearch cluster, serving a currently working Graylog 7.0.5 cluster. I can’t for the life of me figure out why it’s trying to create /datanode, nor do I know how to fix that. I need to have this use /mnt/opensearch - and if I have to move things around a bit, that’s fine- /mnt/opensearch is a dedicated storage device specifically for opensearch, and I need the data node to use it as well. if I need to create its own subdirectory off of that, I can do that- but I still have no idea how to configure the data node to use it. I also cannot get the data node to start.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

I’ve also reviewed the following ticket: Still can't seem to perform a Datanode migration From this I gather that

1. I cannot do a live migration using the current Opensearch

2. The entire Graylog cluster has to be shutdown and all the current opensearch nodes must be removed

This is really not a good thing- I was under the impression from the documentation that a live migration was a possibility, and fairly simple. From reading this, it looks like I may as well nuke and pave my entire cluster and start over from scratch. Is this actually the case, and one cannot do a live migration from opensearch to graylog data node?

Also, what is the benefit of even doing this? From what I can tell, it locks us out of being able to manage the opensearch backend, so no stats, no monitoring. If we want to have what we currently have, we have to get enterprise licensing. Is this actually the case?

Hello @plessley,

You can carry out a migration without shutting down the cluster, pause processing on each Graylog node and wait for the buffers to drain - then begin work on migrating while the Graylog nodes cache messages within their journal.

Data Node offers a layer of operational functions around Opensearch such as cert creation but the Opensearch functions are still available too - for instance I have metrics exporting to Prometheus and Grafana.

As for the migration itself, it seems you altered the default location for the version of Opensearch that ships with Data Node. Try changing to the below.

opensearch_location = /usr/share/graylog-datanode/dist

The first error seems related to the temp directory being used for the initial starting of the service, I’m not sure why it’s attempting to use /datanode. This folder could be created and the ownership given to graylog-datanode or perhaps altering the tmp directory within the java options.

From reading the migration documentation, I was under the mistaken impression that the config wanted to know where the currently running Opensearch existed. If that’s the issue, that’s easily solved. As far as how you’re monitoring it, from what I can see the managed Opensearch instance gets locked down- I don’t see anyway of getting access to it after the upgrade. I would like to use external monitoring to keep track of usage, trending, etc.

@Wine_Merchant If you would be willing to share a scrubbed example of how you’re access the opensearch backend after the datanode migration, I (am I’m sure a lot of others) would be very interested in seeing it.

Only locked down in the sense that Security is enabled, a client cert can be generated within the UI to directly communicate the Opensearch API or a token can be generated making use of the password secret from the server/datenode.conf.

The below grabs the password secret and encodes it to base64.

#!/bin/bash
# jwt.sh
# Uses `password_secret` from `/etc/graylog/datanode/datanode.conf`
#   to build a JWT (JSON web token). This token will have the
#   ability to successfully authenticate to OpenSearch secured
#   by Graylog Data Node.

# Header
header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')

# Payload
now=$(date +%s)
expiration=$(($now + 864000)) # Ten days from now
payload=$(echo -n "{\"jti\":\"graylog_test_token\",\"os_roles\":\"admin\",\"iat\":$now,\"sub\":\"admin\",\"iss\":\"graylog\",\"nbf\":$now,\"exp\":$expiration}" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')

secret="$1"

# Signature
signature=$(echo -n "$header.$payload" | openssl dgst -sha256 -hmac "$secret" -binary | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')

# JWT
jwt="$header.$payload.$signature"

echo $jwt

This utilises the above to curl Openearch, alter the api endpoint to whatever you want to query.

#!/bin/bash
# test-jwt-w-password-secret.sh
# Uses `jwt.sh` to obtain a valid JWT token. Attempts to
#   authenticate to localhost OpensSearch at localhost:9200

curl -k -H "Authorization: Bearer $(./jwt.sh $(cat /etc/graylog/datanode/datanode.conf | grep -P "password_secret = .*" | sed 's/password_secret =[[:blank:]]*//g'))" https://localhost:9200

After additional fixes were put in place in the datanode config file

node_id_file = /etc/graylog/datanode/node-id
config_location = /etc/graylog/datanode
password_secret = ooRiyai8aequeiche9eik6oong8notax7Yei3quoh7taighaimoo3ie1cuf0saeJ
root_password_sha2 =
mongodb_uri = mongodb://graylog:graylog-nice-pw@graylog-01:27017,graylog-02:27017,graylog-03:27017/graylog?replicaSet=rs0

node_name = gem-opensrch-02
bind_address = 10.10.0.238
datanode_http_port = 8999
#http_publish_uri = http://10.10.0.238:8999/
clustername = graylog-search
node_roles = data,cluster_manager
initial_cluster_manager_nodes = opensrch-01.mydomain.com,opensrch-02.mydomain.com,opensrch-03.mydomain.com
opensearch_heap = 31g
opensearch_discovery_seed_hosts = 10.10.0.237,10.10.0.238,10.10.0.239
opensearch_network_host = 10.10.0.238
opensearch_http_port = 9200
opensearch_transport_port = 9300
opensearch_location = /usr/share/graylog-datanode/dist
opensearch_config_location = /var/lib/graylog-datanode/opensearch/config
opensearch_data_location = /mnt/opensearch
opensearch_logs_location = /var/log/graylog-datanode/opensearch

This allows the node to come up in graylog’s migration configuration. After updating user graylog-datanode to be part of opensearch group, and setting the directory permissions to 757 on /mnt/opensearch, the node still doesn’t fully configure. I get stuck in step provisioning certificate, but the status of the node has changed to “STARTING”. Checking the logs shows repeated entries of

2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl] [2026-04-02T16:13:36,646][WARN ][o.o.h.AbstractHttpServerTransport] [gem-opensrch-02] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/10.10.0.238:9200, remoteAddress=/10.10.0.238:32832}
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl] io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f6e6f6465733f66696c7465725f706174683d6e6f6465732e2a2e76657273696f6e2532436e6f6465732e2a2e687474702e7075626c6973685f616464726573732532436e6f6465732e2a2e697020485454502f312e310d0a617574686f72697a6174696f6e3a204261736963206233426c626e4e6c59584a6a6144706a623239734c57397a4c5842330d0a757365722d6167656e743a206f70656e7365617263682d6a732f312e312e3020286c696e757820342e31382e302d3535332e656c385f31302e7838365f36342d7836343b204e6f64652e6a73207631382e31392e30290d0a782d6f70656e7365617263682d70726f647563742d6f726967696e3a206f70656e7365617263682d64617368626f617264730d0a486f73743a2031302e31302e302e3233383a393230300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500) ~[netty-codec-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[netty-codec-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:796) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:697) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:660) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [netty-transport-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:998) [netty-common-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.121.Final.jar:4.1.121.Final]
2026-04-02T16:13:36.647-07:00 INFO  [OpensearchProcessImpl]     at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]

repeated hundreds of times. I think this is complaining about my current opensearch cluster NOT running SSL, while the datanode does. This has been frustrating me for a few hours now as I’ve not managed to get past this point. Shutting down opensearch and restarting graylog-datanode at least hasn’t lost any data that I can tell, but it’s still not able to progress.

This can be a little frustrating, so currently the certification process is failing for the Data Noes? Are there any logs around the failing cert process on either Graylog or the Data Node?

Is the underlying version on Opensearch now stuck in a loop of booting?

From what I can tell, the certificate has been issued, both hosts that I’ve tried this on are exhibiting the exact same issues, hence why sometimes the logs will reflect opensrch-01 or opensrch-02. Pulling the certificate from the datanode looks correct:

openssl s_client -showcerts -connect 10.10.0.238:8999
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 CN = Graylog CA
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 CN = Graylog CA
verify return:1
depth=0 CN = opensrch-02.mydomain.com
verify return:1
---
Certificate chain
 0 s:CN = opensrch-02.mydomain.com
   i:CN = Graylog CA
-----BEGIN CERTIFICATE-----
<real certificate>
-----END CERTIFICATE-----
 1 s:CN = Graylog CA
   i:CN = Graylog CA
-----BEGIN CERTIFICATE-----
<real certificate>
-----END CERTIFICATE-----
---
Server certificate
subject=CN = opensrch-02.mydomain.com

issuer=CN = Graylog CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3334 bytes and written 369 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: <redacted>
    Session-ID-ctx:
    Resumption PSK: <redacted>
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 98 b4 e2 0d 02 f3 5a 34-12 fa 60 81 da bb a3 a0   ......Z4..`.....
  ...
    0ae0 - f1                                                .

    Start Time: 1775246642
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---

From what I can see, it looks like graylog is trying to talk to the node over plaintext instead of tls.

with opensearch running - Pastebin.com

The address in use errors are expected (I think, if I’m understanding the migration steps correctly), this is initially being started to configure access from graylog. Shutting down opensearch and starting graylog-datanode again, stops at the same “provisioning certificate” step.

without opensearch running - Pastebin.com