[BUG][Security Plugin configuration | Initialize the opensearch security index in opensearch with custom configs]

[wyfaq]

Describe the bug
REST-layer traffic not use tls,but run securityadmin.sh failed.
According to the official documentation (https://opensearch.org/docs/latest/security/configuration/tls/), the REST layer does not need to enable TLS, but an error will be reported when executing securityadmin.sh.

To Reproduce
Steps to reproduce the behavior:

1. turn off https for rest ,The configuration is as follows:
   plugins.security.ssl.http.enabled: false
2. restart opensearch
3. run securityadmin.sh ,command is as follows:
   bash /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -diagnose -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/admin.pem -key /usr/share/opensearch/config/admin.key -f /usr/share/opensearch/config/opensearch-security/internal_users.yml -nhnv -icl -h 10.200.200.21
4. the errors message :
   Security Admin v7
   Will connect to 10.200.200.21:9200 ... done
   ERR: An unexpected IOException occured: Unrecognized SSL message, plaintext connection?
   Trace:
   java.io.IOException: Unrecognized SSL message, plaintext connection?
   at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:959)
   at org.opensearch.client.RestClient.performRequest(RestClient.java:333)
   at org.opensearch.client.RestClient.performRequest(RestClient.java:321)
   at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:573)
   at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:163)
   Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
   at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:145)
   at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:64)
   at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:612)
   at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
   at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
   at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
   at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:279)
   at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:333)
   at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:545)
   at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
   at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
   at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
   at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
   at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
   at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
   at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
   at java.base/java.lang.Thread.run(Thread.java:833)

Screenshots

Host/Environment (please complete the following information):

• Ansible Version: [ 2.15.6]
• Playbook Version: [2.10.0]

solution
if not use tls for rest layer, How to do?

[wyfaq]

closed