Yes , i have enabled snapshot and restore for regular users but no luck
Please find the elasticsearch.yml below
cluster.name: essreport123
node.name: “XXX.XX-essr1”
network.host: “XXX.XX-essr1”
transport.tcp.port: 9741
http.port: 9641
discovery.zen.ping.unicast.hosts: [“XXX.XX-essr1”]
path.data: /data/elasticsearch
path.logs: /logs/elasticsearch
path.repo: /data/elasticsearch-backup
#index.mapper.dynamic: false
index.refresh_interval: 180s
transport.netty.worker_count: 3
action.destructive_requires_name: true
index.query.bool.max_clause_count: 8192
searchguard.ssl.transport.keystore_filepath: node123-keystore.jks
searchguard.ssl.transport.keystore_password: xxxxx
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: xxxxxxx
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.enabled: true
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node123-keystore.jks
searchguard.ssl.http.keystore_password: xxxxxx
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: changeit
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.authcz.admin_dn:
- cn=admin,ou=Test,ou=ou,dc=company,dc=com
Thanks
Ashok
···
On Thursday, February 8, 2018 at 2:37:08 PM UTC+5:30, Jochen Kressin wrote:
You have not enabled snapshot and restore for regular users, that is exactly what the error message says. Please enable this in elasticsearch.yml or post your elasticsearch.yml here.
On Thursday, February 8, 2018 at 10:04:01 AM UTC+1, priyadarshi bal wrote:
Yes , i am using both the doc but no luck
error in elastic search log
cluster:admin/snapshot/restore is not allowed for a regular user
Thanks
Ashok
On Thursday, February 8, 2018 at 2:30:41 PM UTC+5:30, Jochen Kressin wrote:
Please refer to the documentation for snapshot/restore:
http://docs.search-guard.com/latest/snapshot-restore
There is also a pre-defined role int the demo configuration:
http://docs.search-guard.com/latest/demo-users-roles
On Thursday, February 8, 2018 at 9:58:31 AM UTC+1, priyadarshi bal wrote:
I am using below curl
curl -XPOST -u admin:xxxxx --insecure ‘https://HOSTNAME:9641/_snapshot/demotest/snapshot_1/_restore’ -d’
{
“indices”: “demotest-*”,
“include_global_state”: false
}’
Result
====
{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for cluster:admin/snapshot/restore”}],“type”:“security_exception”,“reason”:“no permissions for cluster:admin/snapshot/restore”}
Can you please check , is this correct way for restore ?
Thanks
Ashok
On Thursday, February 8, 2018 at 2:12:59 PM UTC+5:30, JozsefB wrote:
Hi Ashok,
I have the same configuration and I managed to restore a snapshot.
But my user also has the sg_all_access role. Now I become uncertain which roles permit me to do the restore?
I am going to check it now and will come back.
Best Regards
Jozsef
On Thursday, February 8, 2018 at 8:03:47 AM UTC+1, priyadarshi bal wrote:
Hi ,
Can you please help me on below error
security_exception",“reason”:"no permissions for cluster:admin/snapshot/restore
Please find my setting
in sg_action_groups.yml
MANAGE_SNAPSHOTS:
permissions:
- “cluster:admin/snapshot/*”
- “cluster:admin/repository/*”
in sg_roles.yml
sg_manage_restore:
cluster:
indices:
‘*’:
‘*’:
- “indices:data/write/index”
in sg_roles_mapping.yml
sg_manage_restore:
users:
backendroles:
Thanks
Ashok
On Monday, January 22, 2018 at 1:33:35 PM UTC+5:30, JozsefB wrote:
Hi,
5.6.2
Whenever I get a security exception in SearchGuard protected ES, the exception missing a roles for the user:
“type”: “security_exception”,
“reason”: “no permissions for [cluster:admin/snapshot/restore] and User [name=joe, roles=]”
According to my sg_roles_mapping.yml joe has a role of sg_restore which has a cluster wide action MANAGE_SNAPSHOTS
I manage to push the configuration with sgadmin.sh (done with success) into the ES
What is wrong?
Best Regads
Jozsef