Index lifecycle error, security_exception: Adding an alias is not allowed when the alias has more permissions than any of the indices

Elastic Stack Elasticsearch
1

Hi here

We have elastic cloud deployment and configured ILM for the APM indexes
The policy fails on shrink action, failed step - aliases

Its not clear why that happens and what can we do with that?

ILM policy

  "apm-rollover-30-days": {
    "version": 11,
    "modified_date": "2020-12-01T08:27:55.131Z",
    "policy": {
      "phases": {
        "hot": {
          "min_age": "0ms",
          "actions": {
            "rollover": {
              "max_size": "50gb",
              "max_age": "1d"
            },
            "set_priority": {
              "priority": 100
            }
          }
        },
        "delete": {
          "min_age": "24d",
          "actions": {
            "delete": {
              "delete_searchable_snapshot": true
            }
          }
        },
        "warm": {
          "min_age": "4d",
          "actions": {
            "allocate": {
              "number_of_replicas": 0,
              "include": {},
              "exclude": {},
              "require": {
                "data": "warm"
              }
            },
            "readonly": {},
            "set_priority": {
              "priority": 50
            },
            "shrink": {
              "number_of_shards": 1
            }
          }
        }
      }
    }
  }
}

Error:

image
image948×713 53.5 KB

2

The issue was solved. It was related somehow to the permission of user that managed/changed ILM policy in kibana (there was less privileged custom user used)

We edited policy with elastic user, and triggered ILM step retry with elastic user for problematic indexes - that helped, no more errors after

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.