Elastic CCR using Create Follower API

Hi,

I'm setting up CCR in ES. As per documentation it's necessary to setup appropriate roles in remote and local cluster, and then create a user in local cluster with the created role.

However i dont see how this role will be used by Create follower API as it doesnt have such parameter.
I was even able to perform CCR on my locally running cluster without creating any roles mentioned in the documentation (i do have xpack enabled in my ES).
So it it really necessary to create a user with such roles? If yes then how this role is used by ES?

As per documentation:
"Remote cluster
On the remote cluster that contains the leader index, the cross-cluster replication role requires the read_ccr cluster privilege, and monitor and read privileges on the leader index.

Local cluster
On the local cluster that contains the follower index, the remote-replication role requires the manage_ccr cluster privilege, and monitor, read, write, and manage_follow_index privileges on the follower index"

Welcome to our community! :smiley:

On Tutorial: Set up cross-cluster replication | Elasticsearch Guide [8.2] | Elastic, which is what you are referring to, there's API examples directly below that show you what needs to happen.

If you copy and paste them they make the request to the relevant API endpoint. Did these not work?

Hi, Thanks for your reply.
Well example given does work. In the documentation, it has been mentioned that i need to create roles in both remote and local cluster. Then create a user in local cluster and assign the role.

However without creating any such roles and a user, i was able to do CCR and i do have xpack enabled in my cluster. So is it really necessary to create such role and a user, if yes then how is it used by ES? Because in Create Follower Index API, the user and roles are not used any where.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.