No file on .security indices shards

Dear All,

Suddenly my .security-7 index unassigned after restart and I cannot do authenticate to elasticsearch using elastic or kibana_system user.

I try to create another user with super_user role, but I cannot remove .security or .security-7 index. I cannot have the snapshot or backup file for this. Is there any ways to regained the index?

And is it possible the .security index is recreate? Or what happen if it recreated?

Thanks.

Julian

Suddenly my .security-7 index unassigned after restart

Such thing do not just happen randomly. It sounds like your restart procedure is unsafe in some way and you need to look into why you're losing data when you restart.

There are two options:

  1. You can create a new role that has permission to delete .security. Because your security index is unavailable, this will need to be a file based role.
    Something like:

    root:
      cluster: [ "ALL" ]
      indices:
       - names: [ "*" ]
         allow_restricted_indices: true
         privileges: [ "ALL" ]
    
  2. As a superuser, use the reroute API with allocate_empty_primary on the .security-7 index. Please read all the warnings on that page. (I am intentionally not providing step by step instructions because it is important that you read and understand the docs before you attempt to do this).

And is it possible the .security index is recreate? Or what happen if it recreated?

It will not be recreated unless you take steps (like those above) to do so.
When you do you will lose all security data for your cluster. Any passwords, authentication tokens, API keys or roles that you have configured will be lost.

Hi @TimV thanks for your reply. I cannot do both steps. But what I do is disable the elastic security, So I can access without any password, then remove the index from kibana, the re-enable the security access and restart. It will recreate .security index but all configuration under security is lost.

But no problem we can recreate it again.

Thanks