How To Solve Issues Related to Log – The security index is not yet available – no role mappings can be loaded

Get an Elasticsearch Check-Up


Check if your ES issues are caused from misconfigured settings
(Free 2 min process)

ES Check Up

Elasticsearch Error Guide In Page Navigation :

Troubleshooting Background – start here to get the full picture       
Related Issues – selected resources on related issues  
Log Context – usefull for experts
About Opster – offering a diffrent approach to troubleshoot Elasticsearch

Check My Elasticsearch 


Troubleshooting background

To troubleshoot Elasticsearch log “The security index is not yet available – no role mappings can be loaded” it’s important to know common problems related to Elasticsearch concepts: index, mapping, plugin. See below-detailed explanations complete with common problems, examples and useful tips.

Index in Elasticsearch

What it is

In Elasticsearch, an index (indices in plural) can be thought of as a table inside a database that has a schema and can have one or more shards and replicas. An Elasticsearch index is divided into shards and each shard is an instance of a Lucene index.

Indices are used to store the documents in dedicated data structures corresponding to the data type of fields. For example, text fields are stored inside an inverted index whereas numeric and geo fields are stored inside BKD trees.

Examples
Create Index

The following example is based on Elasticsearch version 5.x onwards. An index with two shards, each having one replica will be created with the name test_index1

PUT /test_index1?pretty
{
    "settings" : {
        "number_of_shards" : 2,
        "number_of_replicas" : 1
    },
    "mappings" : {
        "properties" : {
            "tags" : { "type" : "keyword" },
            "updated_at" : { "type" : "date" }
        }
    }
}
List Indices

All the index names and their basic information can be retrieved using the following command:

GET _cat/indices?v
Index a document

Let’s add a document in the index with below command:

PUT test_index1/_doc/1
{
  "tags": [
    "opster",
    "elasticsearch"
  ],
  "date": "01-01-2020"
}
Query an index
GET test_index1/_search
{
  "query": {
    "match_all": {}
  }
}
Query Multiple Indices

It is possible to search multiple indices with a single request. If it is a raw HTTP request, Index names should be sent in comma-separated format, as shown in the example below, and in the case of a query via a programming language client such as python or Java, index names are to be sent in a list format.

GET test_index1,test_index2/_search
Delete Indices
DELETE test_index1
Common Problems
  • It is good practice to define the settings and mapping of an Index wherever possible because if this is not done, Elasticsearch tries to automatically guess the data type of fields at the time of indexing. This automatic process may have disadvantages, such as mapping conflicts, duplicate data and incorrect data types being set in the index. If the fields are not known in advance, it’s better to use dynamic index templates.
  • Elasticsearch supports wildcard patterns in Index names, which sometimes aids with querying multiple indices, but can also be very destructive too. For example, It is possible to delete all the indices in a single command using the following commands:
DELETE /*

To disable this, you can add the following lines in the elasticsearch.yml:

action.destructive_requires_name: true

Plugin in Elasticsearch

What it is

Plugins are used to extend the functionality of Elasticsearch. In addition to the core plugins available to you, it is possible to write custom plugins as well. Plugins are generated in a zip format with the mandatory file structure.

Examples:
  • Core Plugins: Xpack for Security and monitoring, Discovery plugins for EC2
  • Adding S3 plugin for storing snapshots on S3
sudo bin/elasticsearch-plugin install repository-s3
  • Adding HDFS plugin for storing snapshots on HDFS
sudo bin/elasticsearch-plugin install repository-hdfs
  • Removing a plugin
sudo bin/elasticsearch-plugin remove repository-hdfs
Notes:
  • Plugins are installed using the Elasticsearch-plugin script, which enables actions such as  listing, removing and installing plugins.
  • Core plugins can be installed simply by providing the name of the plugin to the Elasticsearch-plugin command.
  • You can also download the plugin manually and then install it using the elasticsearch-plugin install command, providing the file name/path of the plugin’s source file.
  • When a plugin is removed, you will need to restart the elasticsearch node(s) in order to complete the removal process.
Common Problems:
  • You need to install the required plugins in your Elasticsearch deployment before moving it to production machines. (as it’s likely your production machines are behind a proxy and it’s very hard to get plugins installed behind a proxy).
  • The same is true when you are going to deploy elasticsearch using Docker images, you will most likely be rebuilding the standard image and including your required plugins in the custom docker build. Make sure the docker build is run on a build machine that is not behind a proxy, otherwise the plugin installation will fail during docker build.

Click here to get to our list of the Most frequent issues caused by Elasticsearch Plugins


To help troubleshoot related issues we have gathered selected Q&A from the community and issues from Github , please review the following for further information :

The Security Index Is Not Yet Avail
discuss.elastic.co/t/the-security-index-is-not-yet-available-no-role-mappings-can-be-loaded/107295

 

Pki Authentication Cant Map Users
discuss.elastic.co/t/pki-authentication-cant-map-users/120385

 


Log Context

Log ”The security index is not yet available – no role mappings can be loaded” classname is NativeRoleMappingStore.java
We have extracted the following from Elasticsearch source code to get an in-depth context :

<pre class="wp-block-syntaxhighlighter-code"> 
    private void getMappings(ActionListener<List<ExpressionRoleMapping>> listener) {
        if (securityIndex.isAvailable()) {
            loadMappings(listener);
        } else {
            logger.info("The security index is not yet available - no role mappings can be loaded");
            if (logger.isDebugEnabled()) {
                logger.debug("Security Index [{}] [exists: {}] [available: {}] [mapping up to date: {}]";
                        SECURITY_INDEX_NAME;
                        securityIndex.indexExists();
                        securityIndex.isAvailable();




</pre>

About Opster

Incorporating deep knowledge and broad history of Elasticsearch issues. Opster’s solution identifies and predicts root causes of Elasticsearch problems, provides recommendations and can automatically perform various actions to manage, troubleshoot and prevent issues

We are constantly updating our analysis of Elasticsearch logs, errors, and exceptions. Sharing best practices and providing troubleshooting guides.

Learn more: Glossary | Blog| Troubleshooting guides | Error Repository

Need help with any Elasticsearch issue ? Contact Opster

Did this page help you?