Issue running indexer-security-init.sh before cluster upgrade
13 views
Skip to first unread message
felixm
Nov 4, 2025, 11:16:59 AM (13 hours ago) Nov 4
to Wazuh | Mailing List
I installed a Wazuh 4.12 cluster envrionment using the ansible deployement method several months ago everything appears to be running properly. I would like to upgrade to 4.14 and in following the documentation I'm running the
/usr/share/wazuh-indexer/bin/indexer-security-init.sh to back up the security configuration and I receive a runtime exception error.
/usr/share/wazuh-indexer/bin/indexer-security-init.sh --options "-backup /etc/wazuh-indexer/opensearch-security -icl -nhnv"
According to GET _cluster/health/ the cluster is green
{
"cluster_name": "wazuh",
"status": "green",
"timed_out": false,
"number_of_nodes": 2,
"number_of_data_nodes": 2,
"discovered_master": true,
"discovered_cluster_manager": true,
"active_primary_shards": 559,
"active_shards": 1073,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100
}
/usr/share/wazuh-indexer/bin/indexer-security-init.sh --options "-backup /etc/wazuh-indexer/opensearch-security -icl -nhnv"
wzinds01:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 10.X.X.2:9300 ... done
ERR: An unexpected RuntimeException occured: error while performing request
Trace:
java.lang.RuntimeException: error while performing request
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:1257)
at org.opensearch.client.RestClient.performRequest(RestClient.java:358)
at org.opensearch.client.RestClient.performRequest(RestClient.java:346)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:575)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:165)
Caused by: org.apache.http.ProtocolException: Not a valid protocol version: This is not an HTTP port
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parse(AbstractMessageParser.java:209)
at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:245)
at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:87)
at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:40)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:121)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.apache.http.ParseException: Not a valid protocol version: This is not an HTTP port
at org.apache.http.message.BasicLineParser.parseProtocolVersion(BasicLineParser.java:148)
at org.apache.http.message.BasicLineParser.parseStatusLine(BasicLineParser.java:366)
at org.apache.http.impl.nio.codecs.DefaultHttpResponseParser.createMessage(DefaultHttpResponseParser.java:112)
at org.apache.http.impl.nio.codecs.DefaultHttpResponseParser.createMessage(DefaultHttpResponseParser.java:50)
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parseHeadLine(AbstractMessageParser.java:156)
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parse(AbstractMessageParser.java:207)
... 11 more
Security Admin v7
Will connect to 10.X.X.2:9300 ... done
ERR: An unexpected RuntimeException occured: error while performing request
Trace:
java.lang.RuntimeException: error while performing request
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:1257)
at org.opensearch.client.RestClient.performRequest(RestClient.java:358)
at org.opensearch.client.RestClient.performRequest(RestClient.java:346)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:575)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:165)
Caused by: org.apache.http.ProtocolException: Not a valid protocol version: This is not an HTTP port
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parse(AbstractMessageParser.java:209)
at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:245)
at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:87)
at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:40)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:121)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.apache.http.ParseException: Not a valid protocol version: This is not an HTTP port
at org.apache.http.message.BasicLineParser.parseProtocolVersion(BasicLineParser.java:148)
at org.apache.http.message.BasicLineParser.parseStatusLine(BasicLineParser.java:366)
at org.apache.http.impl.nio.codecs.DefaultHttpResponseParser.createMessage(DefaultHttpResponseParser.java:112)
at org.apache.http.impl.nio.codecs.DefaultHttpResponseParser.createMessage(DefaultHttpResponseParser.java:50)
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parseHeadLine(AbstractMessageParser.java:156)
at org.apache.http.impl.nio.codecs.AbstractMessageParser.parse(AbstractMessageParser.java:207)
... 11 more
According to GET _cluster/health/ the cluster is green
{
"cluster_name": "wazuh",
"status": "green",
"timed_out": false,
"number_of_nodes": 2,
"number_of_data_nodes": 2,
"discovered_master": true,
"discovered_cluster_manager": true,
"active_primary_shards": 559,
"active_shards": 1073,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100
}
wzinds01:~# curl -k -u admin https://10.X.X.2:9200/_cat/nodes?v
Enter host password for user 'admin':
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
10.X.X.3 85 97 6 0.28 0.58 0.60 dimr cluster_manager,data,ingest,remote_cluster_client * wzinds02-i
10.X.X.2 87 98 8 0.72 0.50 0.61 dimr cluster_manager,data,ingest,remote_cluster_client - wzinds01-i
Enter host password for user 'admin':
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
10.X.X.3 85 97 6 0.28 0.58 0.60 dimr cluster_manager,data,ingest,remote_cluster_client * wzinds02-i
10.X.X.2 87 98 8 0.72 0.50 0.61 dimr cluster_manager,data,ingest,remote_cluster_client - wzinds01-i
filebeat tests ok, so I don't believe it is certificate related
wzinds01:~# filebeat test output
elasticsearch: https://10.X.X.2:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.X.X.2
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.X.X.3:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.X.X.3
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.X.X.2:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.X.X.2
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.X.X.3:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.X.X.3
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
journalctl -xe -u wazuh-indexer is listing some warnings:
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: A terminally deprecated method in java.lang.System has been called
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.1.jar)
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager will be removed in a future release
Nov 04 14:54:25 wzinds01 systemd-entrypoint[2503054]: Nov 04, 2025 2:54:25 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Nov 04 14:54:25 wzinds01 systemd-entrypoint[2503054]: WARNING: COMPAT locale provider will be removed in a future release
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: A terminally deprecated method in java.lang.System has been called
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.1.jar)
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager will be removed in a future release
Nov 04 14:54:37 wzinds01 systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
Subject: A start job for unit wazuh-indexer.service has finished successfully
Defined-By: systemd
Support: http://www.ubuntu.com/support
A start job for unit wazuh-indexer.service has finished successfully.
The job identifier is 4537680
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.1.jar)
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Nov 04 14:54:24 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager will be removed in a future release
Nov 04 14:54:25 wzinds01 systemd-entrypoint[2503054]: Nov 04, 2025 2:54:25 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Nov 04 14:54:25 wzinds01 systemd-entrypoint[2503054]: WARNING: COMPAT locale provider will be removed in a future release
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: A terminally deprecated method in java.lang.System has been called
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.1.jar)
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Nov 04 14:54:26 wzinds01 systemd-entrypoint[2503054]: WARNING: System::setSecurityManager will be removed in a future release
Nov 04 14:54:37 wzinds01 systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
Subject: A start job for unit wazuh-indexer.service has finished successfully
Defined-By: systemd
Support: http://www.ubuntu.com/support
A start job for unit wazuh-indexer.service has finished successfully.
The job identifier is 4537680
journalctl -u wazuh-indexer.service | grep -i -E "error"
Nov 01 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 01 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 02 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 02 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 03 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 03 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 04 00:00:00 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 04 00:00:00 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 01 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 02 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 02 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 03 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 03 00:00:01 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 04 00:00:00 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Nov 04 00:00:00 wzinds01 systemd-entrypoint[2385277]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Please let me know if there is anything else I can share to troubleshoot.
Thanks,
Thanks,
Felix
juanjos...@wazuh.com
Nov 4, 2025, 12:38:58 PM (12 hours ago) Nov 4
to Wazuh | Mailing List
Hi Felix, I'll be working with you to solve this issue, just let me do some research and I will back to you shortly
Reply all
Reply to author
Forward
0 new messages