Solution after becoming "read_only_allow_delete" : "true"

03/09/2019

Thank you for your cooperation.
I have the same problem.

The following command written by @jkressin didn’t work either.
Of course, the index is deleted to free up space.

curl -k \
  --cert "/path/to/admin-cert.pem" \
  --key "/path/to/admin-key.pem"  \
  -XPUT "https://sgssl-0.example.com:9200/_all/_settings" \
  -H 'Content-Type: application/json' \
  -d '{ "index.blocks.read_only_allow_delete": null }'

↓Execution result↓

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, roles=[admin, admintest], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, roles=[admin, admintest], requestedTenant=null]"},"status":403}

Why can’t I use the following commands after installing SerachGuard?
Please tell me the solution.

PUT myindex / _settings
{
“Index.blocks.read_only_allow_delete”: null
}

curl -XPUT -H "Content-Type: application/json" http://example:9200/<index_name>/_settings -d '{"index.blocks.read_only_allow_delete": null}'

This command will succeed if <index_name> is specified other than “_all” and “searchguard”.
So, if you can unblock “searchguard”, this problem will be solved.

If this command cannot be executed,
Your log will not be able to be written, and Kibana will display an error.

BestRegards.

This error that you posted cannot be produced by the curl statement you posted:

This curl command uses the SG admin certificate instead of a user account to bypass all SG security restrictions. The error message displays the admin user account, which is not used in the curl.

Are you sure you are using the correct paths to your admin certficate when using the curl call?

--cert "/path/to/admin-cert.pem" \
  --key "/path/to/admin-key.pem"  \

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.