How to update service account which is used to create snapshot

How to update service account which is used to create snapshot. I created repository from Kibana to snapshot the Elastic search indices. The snapshot location is GCS bucket. However, the repository is not getting verified as the service account being used has expired and decommissioned. I want to change the service account to a different service account. Can someone please help on how the same can be done ?

You just need to add the new service account json to the keystore in the same way you added it when creating the repository.

./elasticsearch-keystore add-file gcs.client.default.credentials_file /path/service-account.json

Check the documentation for more information.

After you apply this to every master and data node, you will need to reload the secure settings according to the documentation.

Basically run POST /_nodes/reload_secure_settings on Kibana Dev Tools.

Thank you Leandro for the reply. Actually I am trying to configure a repository from Kibana . Not sure from where it is picking the service account. I have never applied json key in the beginning of configuration. Is it taken from the secrets ? I am sorry I am new to Elastic installation and setup.

Kibana is a client to Elasticsearch, all data is on Elasticsearch.

To create a repository in Kibana you need a working client configured in Elasticsearch.

The credentials to connect to GCP using your service account are stored in the elasticsearch keystore, which is in every node of your cluster, if your service account expired you will need to get the json for the new credentials and apply it to your elasticsearch nodes as explained in the previous answer.

Did you had snapshots working before?

1 Like

Got it . I was able to update the service account in the secrets . Thank you leandrojmp

Can I setup a new repository for the snapshots without having to restart the data and master nodes of Elasticsearch cluster? There is no recent snapshot available. I would like to setup a repository to take the snapshots in case of a failure. However, the pods on the environment where I want to take the snapshot cannot be restarted z nor can I take a downtime. Is there a way to take new snapshot starting from recent day ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.