Autonomous Identity 2022.11.1

Known Issues

Known Issues in 2022.11.1

  • There is a known issue where the create-assignment-index command fails if the user has different OpenSearch passwords (keystore and truststore) from those set in the vault.yml file.

    ForgeRock fixed this bug in Autonomous Identity version 2022.11.2, but it still exists in versions 2022.11.1 and 2022.11.0.

    The workaround is to update the OpenSearch keystore and truststore passwords stored in the configuration using curl or OpenSearch.

    Update the OpenSearch keystore and truststore passwords using curl:
    1. Use curl to retrieve the configuration:

      curl -X GET "https://<IP>:9200/autonomous-iam_common_config_latest/_search" \
       -H 'Content-Type: application/json'\
       -d '{
        "query": {
          "match": {
            "name": "analytics_env_config"
          }
        }' \
       -u 'elasticadmin:elasticpwd' \
       --cacert /opt/apps/opensearch/config/root-ca.pem
    2. Using curl, update the OpenSearch keystore password:

      curl -X POST "https://<IP>:9200/autonomous-iam_common_config_latest/_update_by_query" \
        -H 'Content-Type: application/json' \
        -d '{
          "query": {
            "match": {
              "name.keyword": "analytics_env_config",
              "script": {
                "source": "ctx._source.value.elasticsearch.ssl.keystorePass=\"CORRECTPWD\""
              }
            }
          }
        }' \
        -u 'elasticadmin:elasticpwd' \
        --cacert /opt/apps/opensearch/config/root-ca.pem
    3. Using curl, update the OpenSearch truststore password:

      curl -X POST "https://<IP>:9200/autonomous-iam_common_config_latest/_update_by_query" \
        -H 'Content-Type: application/json' \
        -d '{
          "query": {
            "match": {
              "name.keyword": "analytics_env_config",
              "script": {
                "source": "ctx._source.value.elasticsearch.ssl.truststorePass=\"CORRECTPWD\""
              }
            }
          }
        }' \
        -u 'elasticadmin:elasticpwd' \
        --cacert /opt/apps/opensearch/config/root-ca.pem
    4. Redeploy the API stack:

      docker stack rm api
      docker stack deploy --with-registry-auth --compose-file /opt/autoid/res/api/docker-compose.yml api
    5. Update the UI and nginx:

      docker service update --force ui_zoran-ui && docker service update --force nginx_nginx
    Update the OpenSearch keystore and truststore passwords in OpenSearch:
    1. In OpenSearch, update the keystore password:

      POST autonomous-iam_common_config_latest/_update_by_query
      {
        "query": {
          "match": {
            "name.keyword": "analytics_env_config"
          }
        },
        "script": {
          "source": "ctx._source.value.elasticsearch.ssl.keystorePass ='CORRECTPWD'"
        }
      }
    2. In OpenSearch, update the truststore password:

      POST autonomous-iam_common_config_latest/_update_by_query
      {
        "query": {
          "match": {
            "name.keyword": "analytics_env_config"
          }
        },
        "script": {
          "source": "ctx._source.value.elasticsearch.ssl.keystorePass ='CORRECTPWD'"
        }
      }
    3. Redeploy the API stack:

      docker stack rm api
      docker stack deploy --with-registry-auth --compose-file /opt/autoid/res/api/docker-compose.yml api
    4. Update the UI and nginx:

      docker service update --force ui_zoran-ui && docker service update --force nginx_nginx

Known Issues in 2022.11.0

There is a known issue with RHEL8/CentOS Stream 8 when Docker swarm overlay network configuration breaks when the outside network maximum transmission unit (mtu) is smaller than the default value. The mtu is the maximum size of the packet that can be transmitted from a network interface.

When deploying a multinode configuration on RHEL 8/CentOS Stream 8, run the following steps:

  1. Check mtu for docker0 and eth0 using ifconfig | grep mtu.

  2. Set the docker0 mtu value to be equal to eth0 using sudo ifconfig eth0 mtu 1500. Make sure to set the command on all nodes and also after each virtual machine reboot.

Copyright © 2010-2024 ForgeRock, all rights reserved.