Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discovery EC2 Plugin Logs Warning on Startup #56333

Closed
original-brownbear opened this issue May 7, 2020 · 1 comment · Fixed by #56346
Closed

Discovery EC2 Plugin Logs Warning on Startup #56333

original-brownbear opened this issue May 7, 2020 · 1 comment · Fixed by #56346
Assignees
@DaveCTurner
Labels
>bug :Distributed/Discovery-Plugins Anything related to our integration plugins with EC2, GCP and Azure Team:Distributed Meta label for distributed team

Comments

@original-brownbear
Copy link
Member

Currently, any installation (seen in 7.7 and newer) that has the EC2 discovery plugin installed will log this on startup:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/brownbear/.aws/config" "read")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
	at java.security.AccessController.checkPermission(AccessController.java:1036) ~[?:?]
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:408) ~[?:?]
	at java.lang.SecurityManager.checkRead(SecurityManager.java:747) ~[?:?]
	at java.io.File.exists(File.java:818) ~[?:?]
	at com.amazonaws.profile.path.config.SharedConfigDefaultLocationProvider.getLocation(SharedConfigDefaultLocationProvider.java:36) ~[aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.profile.path.AwsProfileFileLocationProviderChain.getLocation(AwsProfileFileLocationProviderChain.java:41) ~[aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader.getProfilesConfigFile(BasicProfileConfigFileLoader.java:69) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader.getProfile(BasicProfileConfigFileLoader.java:55) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.retry.internal.RetryModeResolver.profile(RetryModeResolver.java:92) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.retry.internal.RetryModeResolver.resolveRetryMode(RetryModeResolver.java:83) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.retry.internal.RetryModeResolver.<init>(RetryModeResolver.java:46) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.retry.RetryPolicy.<clinit>(RetryPolicy.java:35) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.retry.PredefinedRetryPolicies.<clinit>(PredefinedRetryPolicies.java:30) [aws-java-sdk-core-1.11.749.jar:?]
	at com.amazonaws.ClientConfiguration.<clinit>(ClientConfiguration.java:89) [aws-java-sdk-core-1.11.749.jar:?]
	at java.lang.Class.forName0(Native Method) [?:?]
	at java.lang.Class.forName(Class.java:340) [?:?]
	at org.elasticsearch.discovery.ec2.Ec2DiscoveryPlugin.lambda$static$0(Ec2DiscoveryPlugin.java:69) [discovery-ec2-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at java.security.AccessController.doPrivileged(AccessController.java:312) [?:?]
	at org.elasticsearch.discovery.ec2.Ec2DiscoveryPlugin.<clinit>(Ec2DiscoveryPlugin.java:63) [discovery-ec2-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:569) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:518) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:433) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:159) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.node.Node.<init>(Node.java:308) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.node.Node.<init>(Node.java:257) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:225) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:225) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:387) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) [elasticsearch-cli-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]

This does not have any effect on the functionality as far as I can tell but we should do something about not logging this at least. It seems this was introduced by recent changes to the AWS SDK.
@original-brownbear original-brownbear added >bug :Distributed/Discovery-Plugins Anything related to our integration plugins with EC2, GCP and Azure labels May 7, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-distributed (:Distributed/Discovery-Plugins)

@elasticmachine elasticmachine added the Team:Distributed Meta label for distributed team label May 7, 2020
@DaveCTurner DaveCTurner self-assigned this May 7, 2020
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this issue May 7, 2020
@DaveCTurner
Hide c.a.a.p.i.BasicProfileConfigFileLoader noise
c47783d 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN` logs
when the security manager prevents access to the user's home directory and
therefore to their shared client configuration. This is actually the behaviour
we want, and it's harmless and handled by the SDK as if the profile config
doesn't exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates elastic#20313
Closes elastic#56333
@DaveCTurner DaveCTurner mentioned this issue May 7, 2020
Merged
DaveCTurner added a commit that referenced this issue May 7, 2020
@DaveCTurner
Hide c.a.a.p.i.BasicProfileConfigFileLoader noise (#56346)
806e2d2 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN` logs
when the security manager prevents access to the user's home directory and
therefore to their shared client configuration. This is actually the behaviour
we want, and it's harmless and handled by the SDK as if the profile config
doesn't exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates #20313
Closes #56333
DaveCTurner added a commit that referenced this issue May 7, 2020
@DaveCTurner
Hide c.a.a.p.i.BasicProfileConfigFileLoader noise (#56346)
8f4af29 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN` logs
when the security manager prevents access to the user's home directory and
therefore to their shared client configuration. This is actually the behaviour
we want, and it's harmless and handled by the SDK as if the profile config
doesn't exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates #20313
Closes #56333
DaveCTurner added a commit that referenced this issue May 7, 2020
@DaveCTurner
Hide c.a.a.p.i.BasicProfileConfigFileLoader noise (#56346)
61abf9d 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN` logs
when the security manager prevents access to the user's home directory and
therefore to their shared client configuration. This is actually the behaviour
we want, and it's harmless and handled by the SDK as if the profile config
doesn't exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates #20313
Closes #56333
DaveCTurner added a commit that referenced this issue May 7, 2020
@DaveCTurner
Hide c.a.a.p.i.BasicProfileConfigFileLoader noise (#56346)
9c1a112 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN` logs
when the security manager prevents access to the user's home directory and
therefore to their shared client configuration. This is actually the behaviour
we want, and it's harmless and handled by the SDK as if the profile config
doesn't exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates #20313
Closes #56333
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DaveCTurner DaveCTurner

Labels
>bug :Distributed/Discovery-Plugins Anything related to our integration plugins with EC2, GCP and Azure Team:Distributed Meta label for distributed team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide c.a.a.p.i.BasicProfileConfigFileLoader noise DaveCTurner/elasticsearch
3 participants
@DaveCTurner @original-brownbear @elasticmachine