Log Security index is unavailable. short circuiting retrieval of user – How To Solve Related Issues

Log Security index is unavailable. short circuiting retrieval of user – How To Solve Related Issues

Updated: April-20

Elasticsearch Version: 1.7-8.0

Background

To resolve issues causing many log errors you can try our Elasticsearch Check-Up it analyses ES configuration to provide actionable recommendations (no installation required) 


To troubleshoot log “Security index is unavailable. short circuiting retrieval of user” it’s important to understand a few problems related to Elasticsearch concepts index, plugin. See bellow important tips and explanations on these concepts

What the Security index is:

From Elasticsearch version 6.8 and onwards, the Security feature is available for free. This means you can secure your cluster by creating multiple users and roles, and all of this information is stored in a unique index called .security<es-major-version>.

Please note the dot ‘.’ at the beginning of the index name.

What this error means:

Elasticsearch index can have several states, and sometimes due to several factors, it can become unavailable, for instance because of missing primary shards, an Elasticsearch cluster running out of disk space and so on. When Elasticsearch needs to read the user information for a request, several steps occur internally. For example, the request “get user API”, which looks like this:
 GET /_security/user/ 
Note that `_security` is the index name used for the security API call. This is an API that would require Elasticsearch to find the information stored in the security index. The following things happen internally to figure out the user information (its id, role, permission etc):
  1. Elasticsearch freezes the security index, so others can’t update the security index when it’s reading the sensitive (security) information.
  2. Elasticsearch checks if the security index is available or not.
  3. If the index isn’t available, then there is no point of querying the security index and short circuiting the query part, and it logs this as an error message as below:
 security index is unavailable. short circuiting retrieval of user. 

Quick troubleshooting steps:

  1. Check if the `.security` index exists or not, by using below _cat/indices?v API and if the index exists, the output of this API would look like:
     health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
    green open .security-7 9blPln4uSKScEzWtMfJXNA 1 0 7 0 24.3kb 24.3kb 
  2. Check if the security index is available, because there is no direct API that can show this. Still, as mentioned earlier, cluster RED state or disk space can cause an index to become unavailable, and checking and fixing these issues will help make the index available.
This Opster Guide can help identify and fix issues caused by low disk space.

Log Context

Log”Security index is unavailable. short circuiting retrieval of user [{}]” classname is NativeUsersStore.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         final SecurityIndexManager frozenSecurityIndex = securityIndex.freeze();
        if (frozenSecurityIndex.isAvailable() == false) {
            if (frozenSecurityIndex.indexExists()) {
                logger.trace("could not retrieve user [{}] because security index does not exist"; user);
            } else {
                logger.error("security index is unavailable. short circuiting retrieval of user [{}]"; user);
            }
            listener.onResponse(null);
        } else {
            securityIndex.checkIndexVersionThenExecute(listener::onFailure; () ->
                    executeAsyncWithOrigin(client.threadPool().getThreadContext(); SECURITY_ORIGIN;




Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 Unable To Form Cluster After Half O  

X Pack Authentication Issue  

The Security Index Is Not Yet Avail

 

About Opster

Opster detects, resolves, optimizes, automates and prevents incidents in Elasticsearch. Opster’s line of products delivers a fundamentally more effective Elasticsearch operation and backs it up with superb production support and consulting.

Find Configuration Errors

Analyze Now