From 4ffdce637741c9b0bd8d5c3ea1a98277343d30a4 Mon Sep 17 00:00:00 2001 From: aetter Date: Tue, 21 Sep 2021 11:34:44 -0700 Subject: [PATCH] Minor improvements Troubleshooting expired certificates, settings, broken link, etc. --- _monitoring-plugins/pa/dashboards.md | 2 +- _monitoring-plugins/pa/index.md | 4 ++-- _opensearch/configuration.md | 8 +++++++ _troubleshoot/index.md | 31 +++++++++++++++++++--------- 4 files changed, 32 insertions(+), 13 deletions(-) diff --git a/_monitoring-plugins/pa/dashboards.md b/_monitoring-plugins/pa/dashboards.md index 2d8c9ec9..561f6fa3 100644 --- a/_monitoring-plugins/pa/dashboards.md +++ b/_monitoring-plugins/pa/dashboards.md @@ -1,6 +1,6 @@ --- layout: default -title: Create Dashboards +title: Create PerfTop Dashboards parent: Performance Analyzer nav_order: 2 --- diff --git a/_monitoring-plugins/pa/index.md b/_monitoring-plugins/pa/index.md index c83df772..006af045 100644 --- a/_monitoring-plugins/pa/index.md +++ b/_monitoring-plugins/pa/index.md @@ -48,11 +48,11 @@ Otherwise, just specify the OpenSearch endpoint: ./opensearch-perf-top-macos --dashboard dashboards/.json --endpoint my-cluster.my-domain.com ``` -PerfTop has four pre-built dashboards in the `dashboards` directory, but you can also [create your own]({{site.url}}{{site.baseurl}}/dashboards/). +PerfTop has four pre-built dashboards in the `dashboards` directory, but you can also [create your own]({{site.url}}{{site.baseurl}}/monitoring-plugins/pa/dashboards/). You can also load the pre-built dashboards (ClusterOverview, ClusterNetworkMemoryAnalysis, ClusterThreadAnalysis, or NodeAnalysis) without the JSON files, such as `--dashboard ClusterThreadAnalysis`. -PerfTop has no interactivity. Start the application, monitor the dashboard, and press esc, q, or Ctrl + C to quit. +PerfTop has no interactivity. Start the application, monitor the dashboard, and press Esc, Q, or Ctrl + C to quit. {: .note } diff --git a/_opensearch/configuration.md b/_opensearch/configuration.md index a6a0f995..d28767bf 100755 --- a/_opensearch/configuration.md +++ b/_opensearch/configuration.md @@ -65,4 +65,12 @@ PUT _cluster/settings You can find `opensearch.yml` in `/usr/share/opensearch/config/opensearch.yml` (Docker) or `/etc/opensearch/opensearch.yml` (most Linux distributions) on each node. +You don't mark settings in `opensearch.yml` as persistent or transient, and settings use the flat form: + +```yml +cluster.name: my-application +action.auto_create_index: true +compatibility.override_main_response_version: true +``` + The demo configuration includes a number of settings for the security plugin that you should modify before using OpenSearch for a production workload. To learn more, see [Security]({{site.url}}{{site.baseurl}}/security-plugin/). diff --git a/_troubleshoot/index.md b/_troubleshoot/index.md index 76a03551..fc11a6b6 100644 --- a/_troubleshoot/index.md +++ b/_troubleshoot/index.md @@ -11,16 +11,32 @@ redirect_from: /troubleshoot/ This page contains a list of common issues and workarounds. -## Java error during startup - -You might see `[ERROR][c.a.o.s.s.t.OpenSearchSecuritySSLNettyTransport] [opensearch-node1] SSL Problem Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)` when starting OpenSearch. This problem is a [known issue with Java](https://bugs.openjdk.java.net/browse/JDK-8221218) and doesn't affect the operation of the cluster. - - ## OpenSearch Dashboards fails to start If you encounter the error `FATAL Error: Request Timeout after 30000ms` during startup, try running OpenSearch Dashboards on a more powerful machine. We recommend four CPU cores and 8 GB of RAM. +## Multi-tenancy issues in OpenSearch Dashboards + +If you're testing multiple users in OpenSearch Dashboards and encounter unexpected changes in tenant, use Google Chrome in an Incognito window or Firefox in a Private window. + + +## Expired certificates + +If your certificates have expired, you might receive the following error or something similar: + +``` +ERROR org.opensearch.security.ssl.transport.SecuritySSLNettyTransport - Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed +Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Sep 16 11:27:55 PDT 2021 +``` + +To check the expiration date for a certificate, run this command: + +```bash +openssl x509 -enddate -noout -in +``` + + ## Encryption at rest The operating system for each OpenSearch node handles encryption of data at rest. To enable encryption at rest in most Linux distributions, use the `cryptsetup` command: @@ -85,8 +101,3 @@ The security plugin blocks the update by script operation (`POST /_update ## Illegal reflective access operation in logs This is a known issue with Performance Analyzer that shouldn't affect functionality. - - -## Multi-tenancy issues in OpenSearch Dashboards - -If you're testing multiple users in OpenSearch Dashboards and encounter unexpected changes in tenant, use Google Chrome in an Incognito window or Firefox in a Private window.