Skip to content
Latchkey

OpenSearch "OpenSearch Security not initialized" in CI

OpenSearch returns "OpenSearch Security not initialized" (or HTTP 503) while the security plugin is still loading its config index, or rejects plain HTTP because the demo configuration enables TLS. For CI, either wait for it to initialize or disable the security plugin.

What this error means

Requests fail with "OpenSearch Security not initialized (SG11)" and a 503, or the client cannot complete a TLS handshake against the demo certificates.

Terminal
{"error":"OpenSearch Security not initialized (SG11) for OpenSearch.","status":503}

Common causes

The security config index is not yet populated

On startup the security plugin must initialize its internal index. Until that completes, requests get a 503 "not initialized".

The demo security configuration enables TLS

The default OpenSearch image enables the security plugin with demo certs, so plain HTTP clients fail and credentials are required.

How to fix it

Disable the security plugin for tests

Set DISABLE_SECURITY_PLUGIN=true so the node serves plain HTTP with no auth, which is fine for a throwaway CI instance.

.github/workflows/ci.yml
- name: Start OpenSearch (test mode)
  run: |
    docker run -d --name os -p 9200:9200 \
      -e discovery.type=single-node \
      -e DISABLE_SECURITY_PLUGIN=true \
      opensearchproject/opensearch:2.13.0

Or wait for security to initialize

If you keep security on, poll the health endpoint with the demo credentials until it stops returning 503.

Terminal
until curl -sk -u admin:admin https://localhost:9200/_cluster/health \
  | grep -q '"status"'; do
  echo "waiting for opensearch security"; sleep 3
done

How to prevent it

  • For CI, disable the security plugin on a throwaway OpenSearch node.
  • If keeping security, wait past the "not initialized" 503 before testing.
  • Match the client scheme and credentials to the demo configuration.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →