GCP GCS storage using old service account key

bhuvaneshdct · October 28, 2020, 10:16am

I have an existing repository for GCS storage that using a JSON key.

export PATH=/usr/share/elasticsearch/bin/:$PATH
elasticsearch-keystore add-file gcs.client.default.credentials_file /opt/esadmin/gcs-key.json
elasticsearch-plugin install repository-gcs

Then I created the repo it was working fine. Then I need change the JSON key. So what I did, I removed the repository and deleted the Keystore.

curl -X DELETE https://10.10.10.11:9200/_snapshot/gcs
elasticsearch-keystore remove gcs.client.default.credentials_file

Then replaced the JSON file with new service account json file(its from a different GCP project) and add it to key store. Then I tried to create the repo with a different bucket, it is saying, its not able find the bucket.

Error:

"storage_exception: old-project-es-gcs-repository@old-project.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket."

old-project-es-gcs-repository@old-project.iam.gserviceaccount.com --> this is the old service account, the new account is not taken.

I tried to uninstall and the GCS plugin, but still the same issue.

bhuvaneshdct · October 29, 2020, 11:22am

I solved by removing the plugin on all the nodes and install it again

system · November 26, 2020, 11:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Saving ElasticSearch Backups into Google Cloud Storage Elasticsearch	13	1393	September 20, 2019
Backup and restore a elasticsearch cluster Elasticsearch snapshot-and-restore	3	744	January 22, 2022
Error to setup Google Cloud Storage service auth Elasticsearch	2	1277	August 31, 2018
GCS Keystore Elasticsearch	4	455	July 22, 2021
Error when loading Google Cloud Storage credentials file Elasticsearch	14	4123	November 4, 2022

GCP GCS storage using old service account key

Related Topics