Hi,
I have a new cluster in ECE and I migrated data there from an old cluster using a snapshot. However, restoring the snapshot went wrong and I had to do it again, therefore I wanted to delete all restored indices in the ECE cluster, bud I failed to delete an index called ".security-6". Other indices were deleted successfully.
{
"error":{
"root_cause":[
{
"type":"security_exception",
"reason":"action [indices:admin/delete] is unauthorized for user [elastic]"
}
],
"type":"security_exception",
"reason":"action [indices:admin/delete] is unauthorized for user [elastic]"
},
"status":403
}
Is there a way to delete the index? The problem with it is that I can't re-run the snapshot restore as long as the index exists. Renaming pattern might help, but I would expect that "elastic" user has permissions to perform any cluster actions, including deletion of these "system" indices.
Well, there's no other user available, "elastic" user is generated by ECE when a cluster is created, thus I'd expect it to be superuser. Maybe I'm wrong.
If I remember correctly you have the elastic user for kibana but a root user for the ECE Cloud UI. Maybe that user could do more? I can't try it because I no longer have my ECE Instance.
Well, maybe it is also interesting to know what the .security-6 Index is used for and what happens if it is deleted. Look through the sourcecode of elasticsearch here on GitHUB:
It looks to me like user authentication data is written and read from here. Maybe it can not be deleted because otherwise no further access to the cluster might be possible?!?!
Earlier versions did not grant the superuser role to elastic, but newer versions do. You can check by looking in the "Cluster Data" section of the Advanced Cluster editor - internal users' roles are listed (and can be changed) there.
The other workaround is simply to create a new user via Kibana (or the ES API) and grant that user superuser roles
Thanks, Alex - superuser role was indeed missing in the advanced config for the elastic user and adding it fixed my issue. I didn't realize I can edit such things in the advanced config. Thanks for pointing me in the right direction.
I've been currently using ECE 2.0.0, but I will upgrade to 2.1 soon.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.