Curator action close fails if index.blocks.read_only for .kibana meta index is set to true

danksim · March 6, 2020, 3:41pm

I want to set the visualize and dashboards features readonly for my Kibana users. So I successfully ran the following from one of the elasticsearech data nodes (a k8s pod in this case):

>> curl -XPUT localhost:9200/.kibana/_settings -H 'Content-Type: application/json' -d '{  "index.blocks.read_only" : true }'
{"acknowledged":true}

But the Curator action close fails if index.blocks.read_only for .kibana meta index is set to true (it does not fail if set to false):

>> kubectl logs -n <my-namespace> elk-elasticsearch-curator-restore-1583507700-phf5c      
2020-03-06 15:20:08,797 INFO      Preparing Action ID: 1, "close"
2020-03-06 15:20:08,804 INFO      Trying Action ID: 1, "close": Close .kibana indices
2020-03-06 15:20:08,868 INFO      Closing 1 selected indices: ['.kibana_1']
2020-03-06 15:20:08,875 ERROR     Failed to complete action: close.  <class 'curator.exceptions.FailedExecution'>: Exception encountered.  Rerun with loglevel DEBUG and/or check Elasticsearch logs for more information. Exception: AuthorizationException(403, 'cluster_block_exception', 'blocked by: [FORBIDDEN/5/index read-only (api)];')

Is there a way to get around this without toggling index.blocks.read_only for .kibana meta index from true to false and then false back to true?

theuntergeek · March 6, 2020, 3:56pm

Unfortunately not. You can clearly see that the exception returned (cluster_block_exception) is from Elasticsearch itself. Elasticsearch does not permit you to close an index that has index.blocks.read_only: true.

danksim · March 6, 2020, 4:19pm

Thanks @theuntergeek

Guess I'll have to somehow incorporate that toggle before and after the curator actions.

system · April 3, 2020, 4:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.