Known Issues
Known Issues in 2022.11.1
-
There is a known issue where the create-assignment-index command fails if the user has different OpenSearch passwords (keystore and truststore) from those set in the
vault.yml
file.ForgeRock fixed this bug in Autonomous Identity version 2022.11.2, but it still exists in versions 2022.11.1 and 2022.11.0.
The workaround is to update the OpenSearch keystore and truststore passwords stored in the configuration using curl or OpenSearch.
Update the OpenSearch keystore and truststore passwords using curl:-
Use curl to retrieve the configuration:
curl -X GET "https://<IP>:9200/autonomous-iam_common_config_latest/_search" \ -H 'Content-Type: application/json'\ -d '{ "query": { "match": { "name": "analytics_env_config" } }' \ -u 'elasticadmin:elasticpwd' \ --cacert /opt/apps/opensearch/config/root-ca.pem
-
Using curl, update the OpenSearch keystore password:
curl -X POST "https://<IP>:9200/autonomous-iam_common_config_latest/_update_by_query" \ -H 'Content-Type: application/json' \ -d '{ "query": { "match": { "name.keyword": "analytics_env_config", "script": { "source": "ctx._source.value.elasticsearch.ssl.keystorePass=\"CORRECTPWD\"" } } } }' \ -u 'elasticadmin:elasticpwd' \ --cacert /opt/apps/opensearch/config/root-ca.pem
-
Using curl, update the OpenSearch truststore password:
curl -X POST "https://<IP>:9200/autonomous-iam_common_config_latest/_update_by_query" \ -H 'Content-Type: application/json' \ -d '{ "query": { "match": { "name.keyword": "analytics_env_config", "script": { "source": "ctx._source.value.elasticsearch.ssl.truststorePass=\"CORRECTPWD\"" } } } }' \ -u 'elasticadmin:elasticpwd' \ --cacert /opt/apps/opensearch/config/root-ca.pem
-
Redeploy the API stack:
docker stack rm api docker stack deploy --with-registry-auth --compose-file /opt/autoid/res/api/docker-compose.yml api
-
Update the UI and nginx:
docker service update --force ui_zoran-ui && docker service update --force nginx_nginx
Update the OpenSearch keystore and truststore passwords in OpenSearch:-
In OpenSearch, update the keystore password:
POST autonomous-iam_common_config_latest/_update_by_query { "query": { "match": { "name.keyword": "analytics_env_config" } }, "script": { "source": "ctx._source.value.elasticsearch.ssl.keystorePass ='CORRECTPWD'" } }
-
In OpenSearch, update the truststore password:
POST autonomous-iam_common_config_latest/_update_by_query { "query": { "match": { "name.keyword": "analytics_env_config" } }, "script": { "source": "ctx._source.value.elasticsearch.ssl.keystorePass ='CORRECTPWD'" } }
-
Redeploy the API stack:
docker stack rm api docker stack deploy --with-registry-auth --compose-file /opt/autoid/res/api/docker-compose.yml api
-
Update the UI and nginx:
docker service update --force ui_zoran-ui && docker service update --force nginx_nginx
-
Known Issues in 2022.11.0
There is a known issue with RHEL8/CentOS Stream 8 when Docker swarm overlay network configuration breaks when the
outside network maximum transmission unit (mtu) is smaller than the default value. The mtu
is the maximum
size of the packet that can be transmitted from a network interface.
Refer to https://github.com/moby/libnetwork/issues/2661 and https://github.com/moby/moby/pull/43197.
When deploying a multinode configuration on RHEL 8/CentOS Stream 8, run the following steps:
-
Check mtu for docker0 and eth0 using
ifconfig | grep mtu
. -
Set the docker0 mtu value to be equal to
eth0
usingsudo ifconfig eth0 mtu 1500
. Make sure to set the command on all nodes and also after each virtual machine reboot.