6.5 XPack cross cluster documentation has lots of errors

ES is a great product and effort overall I like it.

But it's not the first time I waste my time following the documentation example to finally figuring out it has lots of errors.

When trying to understand security over X cluster search, the documentation lacks testing it feels like:

On cluster one, this role does not need any special privileges:
It does need special privileges though. A new user with an empty role will get this:

{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/security/token/create] is unauthorized for user [tony]"}],"

So on cluster one the full role must be defined.

On cluster two, this role allows the user to query local indices called logs- from a remote cluster:

The logs-* is not enough as the same error will show up:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/security/token/create] is unauthorized for user [tony]"}],"

Putting `indices.names :["*"] fixed it.

`With all of the above setup, the user alice is able to search indices in cluster two as follows:

GET two:logs-2017.04/_search
"query": {
"match_all": {}

The query endpoint is wrong, it should be:
GET cluster_two:...

I finally got it to work by defining my own superuser role and I could not get it to just cross cluster search an index on a remote cluster from a local one with "read" and "read_cross_cluster" it just did not work.

I hope this will help to fix the doc or to tell me I did something wrong, open to either :slight_smile:


The cluster_two / two: issue is indeed a docs error, but everything else works fine for me.

I don't understand where this error is coming from. What are you trying to do that needs to create a token?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.