Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hi, I am installing graylog-open on an ubuntu VM. I have got to the stage where I need to provision a certificate on the datanode. I am having difficulties here though as i dont get the option. I ended up using ChatGPT to try fix it.. and I fear I may have made it worse. So I would love some assistance in getting it working.
2. Describe your environment:
- OS Information:
Distributor ID: Ubuntu
Description: Ubuntu 24.04.2 LTS
Release: 24.04
Codename: noble
- Package Version:
netgrayadmin@net-graylog:~$ dpkg -l | grep -E “.(elasticsearch|graylog|mongo).”
ii graylog-6.3-repository 1-1 all Package to install Graylog 6.3 GPG key and repository
ii graylog-datanode 6.3.1-1 amd64 Graylog data node
ii graylog-server 6.3.1-1 amd64 Graylog server
ii mongodb-database-tools 100.12.2 amd64 mongodb-database-tools package provides tools for working with the MongoDB server:
ii mongodb-mongosh 2.5.5 amd64 MongoDB Shell CLI REPL Package
hi mongodb-org 7.0.21 amd64 MongoDB open source document-oriented database system (metapackage)
ii mongodb-org-database 7.0.21 amd64 MongoDB open source document-oriented database system (metapackage)
ii mongodb-org-database-tools-extra 7.0.21 amd64 Extra MongoDB database tools
ii mongodb-org-mongos 7.0.21 amd64 MongoDB sharded cluster query router
ii mongodb-org-server 7.0.21 amd64 MongoDB database server
ii mongodb-org-shell 7.0.21 amd64 MongoDB shell client
ii mongodb-org-tools 7.0.21 amd64 MongoDB tools
- Service logs, configurations, and environment variables:
sudo journalctl -u graylog-datanode.service --since “10 minutes ago”
Jul 17 11:21:58 net-graylog systemd[1]: graylog-datanode.service: Main process exited, code=exited, status=255/EXCEPTION
Jul 17 11:21:58 net-graylog systemd[1]: graylog-datanode.service: Failed with result ‘exit-code’.
Jul 17 11:21:58 net-graylog systemd[1]: graylog-datanode.service: Consumed 6.243s CPU time.
Jul 17 11:22:08 net-graylog systemd[1]: graylog-datanode.service: Scheduled restart job, restart counter is at 8327.
Jul 17 11:22:08 net-graylog systemd[1]: Started graylog-datanode.service - Graylog data node.
Jul 17 11:22:11 net-graylog systemd[1]: graylog-datanode.service: Main process exited, code=exited, status=255/EXCEPTION
Jul 17 11:22:11 net-graylog systemd[1]: graylog-datanode.service: Failed with result ‘exit-code’.
Jul 17 11:22:11 net-graylog systemd[1]: graylog-datanode.service: Consumed 6.244s CPU time.
##########
netgrayadmin@net-graylog:~$ sudo systemctl status graylog-datanode.service
graylog-datanode.service - Graylog data node
Loaded: loaded (/usr/lib/systemd/system/graylog-datanode.service; enabled; preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2025-07-17 11:22:48 UTC; 6s ago
Docs: http://docs.graylog.org/
Process: 924327 ExecStart=/usr/share/graylog-datanode/bin/graylog-datanode datanode -f /etc/graylog/datanode/datanode.conf (code=exited, status=255/EXCEPTION)
Main PID: 924327 (code=exited, status=255/EXCEPTION)
CPU: 5.486s
netgrayadmin@net-graylog:~$ sudo tail -n 50 /var/log/graylog-datanode/datanode.log
at org.graylog.datanode.configuration.OpensearchConfigurationService.lambda$get$0(OpensearchConfigurationService.java:107) ~[graylog-datanode.jar:?]
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source) ~[?:?]
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source) ~[?:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.get(OpensearchConfigurationService.java:108) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.triggerConfigurationChangedEvent(OpensearchConfigurationService.java:120) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.startUp(OpensearchConfigurationService.java:67) ~[graylog-datanode.jar:?]
at com.google.common.util.concurrent.AbstractIdleService$DelegateService.lambda$doStart$0(AbstractIdleService.java:63) ~[guava-33.4.8-jre.jar:?]
at com.google.common.util.concurrent.Callables.lambda$threadRenaming$1(Callables.java:104) ~[guava-33.4.8-jre.jar:?]
at java.base/java.lang.Thread.run(Unknown Source) ~[?:?]
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) ~[?:?]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source) ~[?:?]
at java.base/java.security.KeyStore.load(Unknown Source) ~[?:?]
at org.graylog.datanode.configuration.DatanodeKeystore.loadKeystore(DatanodeKeystore.java:159) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.DatanodeKeystore.hasSignedCertificate(DatanodeKeystore.java:90) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.variants.DatanodeKeystoreOpensearchCertificatesProvider.isConfigured(DatanodeKeystoreOpensearchCertificatesProvider.java:37) ~[graylog-datanode.jar:?]
at org.graylog.datanode.opensearch.configuration.beans.impl.OpensearchSecurityConfigurationBean.lambda$buildConfigurationPart$0(OpensearchSecurityConfigurationBean.java:99) ~[graylog-datanode.jar:?]
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source) ~[?:?]
at java.base/java.util.Spliterators$ArraySpliterator.tryAdvance(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReferencePipeline.findFirst(Unknown Source) ~[?:?]
at org.graylog.datanode.opensearch.configuration.beans.impl.OpensearchSecurityConfigurationBean.buildConfigurationPart(OpensearchSecurityConfigurationBean.java:100) ~[graylog-datanode.jar:?]
at org.graylog.datanode.opensearch.configuration.beans.impl.OpensearchSecurityConfigurationBean.buildConfigurationPart(OpensearchSecurityConfigurationBean.java:56) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.lambda$get$0(OpensearchConfigurationService.java:107) ~[graylog-datanode.jar:?]
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source) ~[?:?]
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[?:?]
at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source) ~[?:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.get(OpensearchConfigurationService.java:108) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.triggerConfigurationChangedEvent(OpensearchConfigurationService.java:120) ~[graylog-datanode.jar:?]
at org.graylog.datanode.configuration.OpensearchConfigurationService.startUp(OpensearchConfigurationService.java:67) ~[graylog-datanode.jar:?]
at com.google.common.util.concurrent.AbstractIdleService$DelegateService.lambda$doStart$0(AbstractIdleService.java:63) ~[guava-33.4.8-jre.jar:?]
at com.google.common.util.concurrent.Callables.lambda$threadRenaming$1(Callables.java:104) ~[guava-33.4.8-jre.jar:?]
at java.base/java.lang.Thread.run(Unknown Source) ~[?:?]
2025-07-17T11:24:14.689Z INFO [Datanode] SIGNAL received. Shutting down.
2025-07-17T11:24:14.689Z INFO [GracefulShutdown] Graceful shutdown initiated.
2025-07-17T11:24:14.690Z INFO [GracefulShutdown] Goodbye.
3. What steps have you already taken to try and solve the problem?
I confirmed the password_secret is the same for the server and data node.
Tried restarting services, reinstall datanode
4. How can the community help?
I am not an expert in linux in any fashion, but I believe my issue is easlily resolved, not sure how. If someone could steer me that would be great!
Cheers
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]
