I'm setting up CCR in ES. As per documentation it's necessary to setup appropriate roles in remote and local cluster, and then create a user in local cluster with the created role.
However i dont see how this role will be used by Create follower API as it doesnt have such parameter.
I was even able to perform CCR on my locally running cluster without creating any roles mentioned in the documentation (i do have xpack enabled in my ES). So it it really necessary to create a user with such roles? If yes then how this role is used by ES?
As per documentation:
"Remote cluster
On the remote cluster that contains the leader index, the cross-cluster replication role requires the read_ccr cluster privilege, and monitor and read privileges on the leader index.
Local cluster
On the local cluster that contains the follower index, the remote-replication role requires the manage_ccr cluster privilege, and monitor, read, write, and manage_follow_index privileges on the follower index"
Hi, Thanks for your reply.
Well example given does work. In the documentation, it has been mentioned that i need to create roles in both remote and local cluster. Then create a user in local cluster and assign the role.
However without creating any such roles and a user, i was able to do CCR and i do have xpack enabled in my cluster. So is it really necessary to create such role and a user, if yes then how is it used by ES? Because in Create Follower Index API, the user and roles are not used any where.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
