Unable to restore elasticsearch snapshot when using searchGuard

Milan · October 16, 2017, 4:05pm

Hello,
I'm having a problem when trying to restore a snapshot.
Elasticsearch communications are secured using SearchGuard plugin.
I've successfully been able to snapshot indexes to FS repository (shared samba repo).
After adding a new role to the sg_role.yml and binding it to admin user to grant appropriated permissions ( - MANAGE_SNAPSHOTS, - UNLIMITED...) and re-running the sgadmin I come through the following exception
{"error":{"root_cause":[{"type":"repository_missing_exception","reason":"[backup] missing"}],
when trying to restore a snapshot with the command below:
-XPOST "https://50.50.1.2:9201/_snapshot/my_backup/snapshot_1/_restore?wait_for_completion=true" -H 'Content-Type: application/json' -d '{"indices": "testindex", "ignore_unavailable": true, "include_global_state": false}'
The repo is defined of course since I've been able to create snapshot.
The same commands work successfully in an elasticsearch environment without using searchguard.
any idea?

nkoothrappahli · October 21, 2017, 11:07pm

See http://floragunncom.github.io/search-guard-docs/snapshots.html

Milan · October 23, 2017, 9:54am

Thanks for the reply Nanda,

I've already tried both of the two solutions but none of the two seems to
work for me.

Sol1- When launching the _restore command passing the chained cert and the
private key as parameter i face the error: Unauthorized

Sol2- When affecting appropriated roles (sg_snapshot_restore) to the admin
user I face the error below:

{
"error" : {
"root_cause" : [
{
"type" : "repository_missing_exception",
"reason" : "[backup] missing"
}
],
"type" : "repository_missing_exception",
"reason" : "[backup] missing"
},
"status" : 404
}

wheter backup repository exists and contain the following snapshots as
resulting form the query ( -XGET "
https://50.50.1.2:9201/_snapshot/backup/_all?pretty")
{
"snapshots" : [
{
"snapshot" : "snapshot_1",
"uuid" : "PK15sA8NRcSudfL87tGf2Q",
"version_id" : 5040299,
"version" : "5.4.2",
"indices" : [
"testindex",
"test"
],
"state" : "SUCCESS",
"start_time" : "2017-10-12T12:36:55.403Z",
"start_time_in_millis" : 1507811815403,
"end_time" : "2017-10-12T12:36:56.329Z",
"end_time_in_millis" : 1507811816329,
"duration_in_millis" : 926,
"failures" : [ ],
"shards" : {
"total" : 10,
"failed" : 0,
"successful" : 10
}
},
...
{
"snapshot" : "snapshot_6",
"uuid" : "WwGOuy2LRIunzSrR3Qo0vQ",
"version_id" : 5040299,
"version" : "5.4.2",
"indices" : [
"test"
],
"state" : "SUCCESS",
"start_time" : "2017-10-13T09:26:47.712Z",
"start_time_in_millis" : 1507886807712,
"end_time" : "2017-10-13T09:26:48.031Z",
"end_time_in_millis" : 1507886808031,
"duration_in_millis" : 319,
"failures" : [ ],
"shards" : {
"total" : 5,
"failed" : 0,
"successful" : 5
}
}
]
}

Any idea?

BR,

Milan

Milan · October 24, 2017, 9:00am

Thank you Nanda,
I've been finally able to make it work with Sol1.

I have updated the elasticsearch.yml to include the following.

searchguard.ssl.http.clientauth_mode: OPTIONAL

searchguard.authcz.admin_dn:

CN=sgadmin,OU=client,O=client,L=TEST,C=FR
- CN=kirk,OU=client,O=client,L=TEST,C=FR

BR,

Milan

system · November 21, 2017, 9:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.