Restore error due to permission on searchguard index

Version Information

Searchguard: 6.4.0

Elasticsearch: 6.4.0

OS: macOS High Sierra 10.13.6

Hi guys,

I’m having permission problems when restoring all my indices because I don’t have the permission to restore with the searchguard index. I already added in the elasticsearch.yml the following config: searchguard.enable_snapshot_restore_privilege: true.

Here’s my entire elasticsearch.yml
cluster.name: “docker-cluster”

network.host: 0.0.0.0

minimum_master_nodes need to be explicitly set when bound on a public IP

set to 1 to allow single node clusters

Details: https://github.com/elastic/elasticsearch/pull/17288

discovery.zen.minimum_master_nodes: 1

######## Start Search Guard Demo Configuration ########

WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem

searchguard.ssl.transport.pemkey_filepath: esnode-key.pem

searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: esnode.pem

searchguard.ssl.http.pemkey_filepath: esnode-key.pem

searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem

searchguard.allow_unsafe_democertificates: true

searchguard.allow_default_init_sgindex: true

searchguard.authcz.admin_dn:

  • CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch

searchguard.enable_snapshot_restore_privilege: true

searchguard.check_snapshot_restore_write_privileges: true

searchguard.restapi.roles_enabled: [“sg_all_access”]

cluster.routing.allocation.disk.threshold_enabled: false

node.max_local_storage_nodes: 3

xpack.security.enabled: false

######## End Search Guard Demo Configuration ########

``

Is there any wait when creating the snapshot to exclude the searchguard index? Here’s my curl to create snapshots:

curl -XPUT -k -u $ES_ADMIN:$ES_PASSWORD -H “Content-type: application/json” -d "

"ignore_unavailable": true,

"include_global_state": false

}" “$BASE_URL/_snapshot/$GENERAL_REPO/${SNAPSHOT}?pretty&wait_for_completion=true”

``

Thanks in advance!

How do the restore command and the error message look like? Anything in the ES logs?

···

On Thursday, 15 November 2018 12:14:11 UTC+1, Ivan Sousa wrote:

Version Information

Searchguard: 6.4.0

Elasticsearch: 6.4.0

OS: macOS High Sierra 10.13.6

Hi guys,

I’m having permission problems when restoring all my indices because I don’t have the permission to restore with the searchguard index. I already added in the elasticsearch.yml the following config: searchguard.enable_snapshot_restore_privilege: true.

Here’s my entire elasticsearch.yml
cluster.name: “docker-cluster”

network.host: 0.0.0.0

minimum_master_nodes need to be explicitly set when bound on a public IP

set to 1 to allow single node clusters

Details: https://github.com/elastic/elasticsearch/pull/17288

discovery.zen.minimum_master_nodes: 1

######## Start Search Guard Demo Configuration ########

WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem

searchguard.ssl.transport.pemkey_filepath: esnode-key.pem

searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: esnode.pem

searchguard.ssl.http.pemkey_filepath: esnode-key.pem

searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem

searchguard.allow_unsafe_democertificates: true

searchguard.allow_default_init_sgindex: true

searchguard.authcz.admin_dn:

  • CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch

searchguard.enable_snapshot_restore_privilege: true

searchguard.check_snapshot_restore_write_privileges: true

searchguard.restapi.roles_enabled: [“sg_all_access”]

cluster.routing.allocation.disk.threshold_enabled: false

node.max_local_storage_nodes: 3

xpack.security.enabled: false

######## End Search Guard Demo Configuration ########

``

Is there any wait when creating the snapshot to exclude the searchguard index? Here’s my curl to create snapshots:

curl -XPUT -k -u $ES_ADMIN:$ES_PASSWORD -H “Content-type: application/json” -d "

"ignore_unavailable": true,

"include_global_state": false

}" “$BASE_URL/_snapshot/$GENERAL_REPO/${SNAPSHOT}?pretty&wait_for_completion=true”

``

Thanks in advance!