Security index is unavailable short circuiting retrieval of user – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-8.9

Briefly, this error occurs when Elasticsearch cannot access the security index, which is crucial for user authentication and authorization. This could be due to issues like insufficient permissions, network problems, or the index being deleted or corrupted. To resolve this, you can check the index’s status and restore it if necessary, ensure the user has appropriate permissions, or troubleshoot network connectivity. If the index is corrupted, you may need to recreate it. Always ensure to have regular backups to prevent data loss.

This log could be avoided if detected earlier. Before you read this guide, we recommend you run the Elasticsearch Error Check-Up which detects issues in ES that cause log errors.
The Check-Up includes checks that would help you prevent log “Security index is unavailable. short circuiting retrieval of user”. It’s a free tool that requires no installation and takes 2 minutes to complete. You can run the Check-Up here.

What the security index is

From Elasticsearch version 6.8 and onwards, the Security feature is available for free. This means you can secure your cluster by creating multiple users and roles, and all of this information is stored in a unique index called .security-<es-major-version>.

Please note the dot ‘.’ at the beginning of the index name.

What this error means

Elasticsearch index can have several states, and sometimes due to several factors, it can become unavailable, for instance because of missing primary shards, an Elasticsearch cluster running out of disk space and so on. When Elasticsearch needs to read the user information for a request, several steps occur internally.

Note that `_security` is the endpoint name used for the security API call. This is an API that would require Elasticsearch to find the information stored in the security index. The following things happen internally to figure out the user information (its ID, role, permission etc):

  1. Elasticsearch checks if the security index is available or not.
  2. Elasticsearch freezes the security index, so others can’t update the security index when it’s reading the sensitive (security) information.
  3. If the index isn’t available, then there is no point of querying the security index and short circuiting the query part, and it logs this as an error message as below:

 security index is unavailable. short circuiting retrieval of user. 

Quick troubleshooting steps

  1. Check if the `.security` index exists or not, by using below _cat/indices?v API and if the index exists, the output of this API would look like:

health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

green open .security-7 9blPln4uSKScEzWtMfJXNA 1 0 7 0 24.3kb 24.3kb 

  1. Check if the security index is available, because there is no direct API that can show this. Still, as mentioned earlier, cluster RED state or disk space can cause an index to become unavailable, and checking and fixing these issues will help make the index available.

This Opster Guide can help identify and fix issues caused by low disk space.

Log Context

Log “security index is unavailable. short circuiting retrieval of user [{}]” classname is NativeUsersStore.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

        final SecurityIndexManager frozenSecurityIndex = securityIndex.freeze();
        if (frozenSecurityIndex.isAvailable() == false) {
            if (frozenSecurityIndex.indexExists() == false) {
                logger.trace("could not retrieve user [{}] because security index does not exist"; user);
            } else {
                logger.error("security index is unavailable. short circuiting retrieval of user [{}]"; user);
            }
            listener.onResponse(null);
        } else {
            securityIndex.checkIndexVersionThenExecute(
                listener::onFailure;

 

 [ratemypost]