Continuing the discussion from curator - no permissions for cluster:admin/snapshot/restore : “User curator with ssl client authentication and run it with an admin certificate (like sgadmin) but we had seen problems with this approach: https://github.com/floragunncom/search-guard/issues/196 ” We can’…

Thats a good idea and we will consider it. Meanwhile you can use the ES snapshot/restore api together with an admin certificate to make it work for the REST layer at least: curl -XPOST --cert /usr/share/elasticsearch/config/admin.pem --key /usr/share/elasticsearch/config/admin.key --cacert /usr/sha…

Many thanks to @hsaly for the handy advice, tip and tricks. Yeah, I’m aware of all kinds of “curl” quirkiness, especially in a refrained container environment. However, in our setup, the TLS session terminates on NGINX, and we kept 9200 port HTTP/unencrypted. So “curl” is not really going to work …

[Feature Request] Add support for restoring global state in sgadmin tool

Search Guard

Topic		Replies	Views
Make permission for cluster:admin/snapshot/restore configurable Search Guard	7	1503	June 19, 2017
Error : cluster:admin/snapshot/restore is not allowed for a regular user Search Guard	8	1163	January 10, 2017
Restoring a Snaphot is Failing with no permissions for cluster:admin/snapshot/restore Search Guard	5	1772	June 20, 2017
curator - no permissions for cluster:admin/snapshot/restore Search Guard	15	3365	July 3, 2017
searchguard index restore to another cluster Search Guard	3	400	July 22, 2018

[Feature Request] Add support for restoring global state in sgadmin tool

Related topics