Graylog2 · janheise · Oct 20, 2023 · Oct 19, 2023
diff --git a/data-node/src/main/java/org/graylog/datanode/initializers/JerseyService.java b/data-node/src/main/java/org/graylog/datanode/initializers/JerseyService.java
@@ -111,18 +111,20 @@ public JerseyService(final Configuration configuration,
 
     @Subscribe
     public synchronized void handleOpensearchConfigurationChange(OpensearchConfigurationChangeEvent event) throws Exception {
-        LOG.info("Opensearch config changed, restarting jersey service to apply security changes");
+        if(apiHttpServer == null) {
+            // this is the very first start of the jersey service
+            LOG.info("Starting Data node REST API");
+        } else {
+            // jersey service has been running for some time, now we received new configuration. We'll reboot the service
+            LOG.info("Server configuration changed, restarting Data node REST API to apply security changes");
+        }
         shutDown();
         doStartup(extractSslConfiguration(event.config()));
     }
 
-    /**
-     * TODO: replace this map magic with proper types in OpensearchConfiguration
-     */
     private SSLEngineConfigurator extractSslConfiguration(OpensearchConfiguration config) throws GeneralSecurityException, IOException {
         final OpensearchSecurityConfiguration securityConfiguration = config.opensearchSecurityConfiguration();
         if (securityConfiguration != null && securityConfiguration.securityEnabled()) {
-            // caution, this path is relative to the opensearch config directory!
             return buildSslEngineConfigurator(securityConfiguration.getHttpCertificate());
         } else {
             return null;

diff --git a/data-node/src/main/java/org/graylog/datanode/management/OpensearchProcessService.java b/data-node/src/main/java/org/graylog/datanode/management/OpensearchProcessService.java
@@ -40,10 +40,7 @@ public class OpensearchProcessService extends AbstractIdleService implements Pro
     private static final int WATCHDOG_RESTART_ATTEMPTS = 3;
     private final OpensearchProcess process;
     private final Provider<OpensearchConfiguration> configurationProvider;
-    private final CustomCAX509TrustManager trustManager;
     private final EventBus eventBus;
-    private final NodeService nodeService;
-    private final Configuration configuration;
 
     @Inject
     public OpensearchProcessService(final DatanodeConfiguration datanodeConfiguration,
@@ -53,9 +50,6 @@ public OpensearchProcessService(final DatanodeConfiguration datanodeConfiguratio
                                     final NodeService nodeService,
                                     final Configuration configuration) {
         this.configurationProvider = configurationProvider;
-        this.trustManager = trustManager;
-        this.nodeService = nodeService;
-        this.configuration = configuration;
         this.eventBus = eventBus;
         this.process = createOpensearchProcess(datanodeConfiguration, trustManager, configuration, nodeService);
         eventBus.register(this);
@@ -86,7 +80,16 @@ private void startWithConfig() {
         if (config.securityConfigured()) {
             this.process.startWithConfig(config);
         } else {
-            LOG.warn("Opensearch process not started. Please provide proper security configuration, using certificate provisioning in the pre-flight mode, by manual certificate creation or by disabling security in the config.");
+
+            String noConfigMessage = """
+                \n
+                ========================================================================================================
+                It seems you are starting Data node for the first time. The current configuration is not sufficient to
+                start the indexer process because a security configuration is missing. You have to either provide http
+                and transport SSL certificates or use the Graylog preflight interface to configure this Data node remotely.
+                ========================================================================================================
+                """;
+            LOG.info(noConfigMessage);
         }
         eventBus.post(new OpensearchConfigurationChangeEvent(config));
     }