Curator action close fails if index.blocks.read_only for .kibana meta index is set to true

I want to set the visualize and dashboards features readonly for my Kibana users. So I successfully ran the following from one of the elasticsearech data nodes (a k8s pod in this case):

>> curl -XPUT localhost:9200/.kibana/_settings -H 'Content-Type: application/json' -d '{  "index.blocks.read_only" : true }'
{"acknowledged":true}

But the Curator action close fails if index.blocks.read_only for .kibana meta index is set to true (it does not fail if set to false):

>> kubectl logs -n <my-namespace> elk-elasticsearch-curator-restore-1583507700-phf5c      
2020-03-06 15:20:08,797 INFO      Preparing Action ID: 1, "close"
2020-03-06 15:20:08,804 INFO      Trying Action ID: 1, "close": Close .kibana indices
2020-03-06 15:20:08,868 INFO      Closing 1 selected indices: ['.kibana_1']
2020-03-06 15:20:08,875 ERROR     Failed to complete action: close.  <class 'curator.exceptions.FailedExecution'>: Exception encountered.  Rerun with loglevel DEBUG and/or check Elasticsearch logs for more information. Exception: AuthorizationException(403, 'cluster_block_exception', 'blocked by: [FORBIDDEN/5/index read-only (api)];')

Is there a way to get around this without toggling index.blocks.read_only for .kibana meta index from true to false and then false back to true?

Unfortunately not. You can clearly see that the exception returned (cluster_block_exception) is from Elasticsearch itself. Elasticsearch does not permit you to close an index that has index.blocks.read_only: true.

Thanks @theuntergeek

Guess I'll have to somehow incorporate that toggle before and after the curator actions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.