How to restore .security index from snapshot

what is the recommended approach to restore .security index from snapshot?
the index needs to be closed to be restored, but once it is closed, users cannot login anymore.
and the whole database stuck since it cannot login to reopen the index.
seems like chicken and egg problem.

I do not know the restore part but i deleted once accidentally .security index in kibana and all the usernames and paswords were gone. What i did was to generate built-in user passwords using elasticsearch password reset. And I generated one by one starting from users elastic, kibana_system. Then I restarted every service (logstash, elasticsearch, kibana etc.) Then it worked for me. Luckily it was test stage.

The recommendation is to use a file realm user.

If you run Elasticsearch on your own hardware, create a superuser in the file realm to ensure you’ll still be able to access your cluster.

thanks for reply
does it mean:

  • I need to create a "restore user" in file realm. and this user will not get affected with whatever going on in .security index?
  • use this "restore user" throughout the restore process?

since my ES is deployed in docker, which file/folder is should I volume-map so it survive restarts?

Yes, to both points.

That sounds like an unrelated question about running ES in docker? Is there a connection to the .security index?

my question above is related to the file realm authentication. I assume that this information (username, password, roles, etc.) is stored in filesystem somewhere, hence I would need to volume-map that file/folder.

more straight forward question would be "where does file realm authentication stores its data?"

Thanks for the clarification.

The file realm stores its data in the config directory.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.