Giters

rancher / opni

Multi Cluster Observability with AIOps

Home Page:https://opni.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Opensearch dashboard HTTP 500 when browser sends old credentials

jan-law opened this issue · comments

commented

On Chrome with opni running on k3s, reinstall the opensearch dashboard and obtain a new set of credentials. When navigating to the opensearch dashboard for the first time, the browser will apply the old cached credentials, resulting in an HTTP 500 from the authentication error instead of displaying the login page:

image

Request URL:
https://ec2-3-128-253-90.us-east-2.compute.amazonaws.com:5601/
Request Method:
GET
Status Code:
500 Internal Server Error

kubectl logs opni-dashboards-64d6457fbf-685b6 -n opni
{"type":"error","@timestamp":"2023-06-15T17:45:19Z","tags":["connection","client","error"],"pid":1,"level":"error","error":{"message":"139929676846976:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 139929676846976:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139929676846976:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
{"type":"log","@timestamp":"2023-06-15T17:45:20Z","tags":["error","http","server","OpenSearchDashboards"],"pid":1,"message":"Error: Authentication Exception\n    at SecurityClient.authinfo (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:115:13)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n    at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/authentication_type.ts:208:18\n    at Object.interceptAuth [as authenticate] (/usr/share/opensearch-dashboards/src/core/server/http/lifecycle/auth.js:112:22)\n    at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n    at module.exports.internals.Auth._authenticate (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/auth.js:273:30)\n    at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n    at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)"}
{"type":"error","@timestamp":"2023-06-15T17:45:19Z","tags":[],"pid":1,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toInternalError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:80:19)\n    at Object.interceptAuth [as authenticate] (/usr/share/opensearch-dashboards/src/core/server/http/lifecycle/auth.js:151:34)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n    at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n    at module.exports.internals.Auth._authenticate (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/auth.js:273:30)\n    at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n    at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://ec2-3-128-253-90.us-east-2.compute.amazonaws.com:5601/","message":"Internal Server Error"}
{"type":"response","@timestamp":"2023-06-15T17:45:19Z","tags":[],"pid":1,"method":"get","statusCode":500,"req":{"url":"/","method":"get","headers":{"host":"ec2-3-128-253-90.us-east-2.compute.amazonaws.com:5601","connection":"keep-alive","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","sec-fetch-site":"none","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"127.0.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"},"res":{"statusCode":500,"responseTime":446,"contentLength":9},"message":"GET / 500 446ms - 9.0B"}

Workaround: clear browser cache, then reload page. the opensearch dashboard login page will be rendered correctly