Cannot remove all indexes

ecklf · May 7, 2019, 6:11am

On my regular ES setup I was able to delete all of my indexes with:

curl -XDELETE 'http://localhost:9200/*'

Using XGET with ODFE works fine with the --insecure flag however when executing:

curl -XDELETE 'http://localhost:9200/*' -u admin:admin --insecure

I get the following ssl error

odfe-node1 | [2019-05-07T06:06:54,635][WARN ][c.a.o.s.s.h.n.OpenDistroSecuritySSLNettyHttpServerTransport] [MqGeKRk] Someone (null) speaks http plaintext instead of ssl, will close the channel

I also tried just logging into Kibana which gives me permission errors (I am logged in on admin account)

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "no permissions for [] and User [name=admin, roles=[admin], requestedTenant=__user__]"
      }
    ],
    "type": "security_exception",
    "reason": "no permissions for [] and User [name=admin, roles=[admin], requestedTenant=__user__]"
  },
  "status": 403
}

Any suggestions?

ThibaudF · May 7, 2019, 7:19am

Hello !
I think you typed the URL wrong :

curl -XDELETE ‘http://localhost:9200/*’ -u admin:admin --insecure

Should be talking on https if you are using --insecure + -u :

curl -XDELETE 'https://localhost:9200/*' -u admin:admin --insecure

Hope it fixes your problem.
Thi

ecklf · May 7, 2019, 7:27am

Oh, you are right! However I still get the same permission error like I have when trying to delete directly from Kibana. Any ideas on that, or should I make a separate security post?

ThibaudF · May 7, 2019, 7:37am

I can’t help you further without more description about your setup.
Can you give me your configuration files, user roles and permissions?
Not sure about a role named admin.

Find it weird that “no permissions for ” is empty, normally it tells you which rights you are lacking.
And what is that tenant “__user__” ?

“no permissions for and User [name=admin, roles=[admin], requestedTenant=user]”

Thi

ecklf · May 7, 2019, 7:43am

Started today by following the docker install guide. I am using the sample docker-compose file so my setup is basically plain vanilla. When I go into kibana > tenants I only see Global, Private and admin_tenant so I don’t really know what “user” is about.

ThibaudF · May 7, 2019, 7:55am

So what is your problem now?
You can log in and you can check maybe in Dev Tools.

By the way, not sure it’s the best practice to delete indices like that

curl -XDELETE ‘https://localhost:9200/*’

What indices are you trying to delete?
I would use the Dev Tools so I know which indices I’m deleting.

Thi

ecklf · May 7, 2019, 8:07am

The kibana error I mentioned was from Dev Tools. I just want a quick way to remove all indexes during development so I don’t need to delete them one by one.

onix · May 23, 2019, 1:09pm

Hi, have you resolved this issue?

I’ve found, that individual or wildcard indexes DELETE requests works fine for all indexes from curl -X GET 'https://localhost:9201/_cat/indices?v' list except .opendistro_security one. I guess https://opendistro.github.io/for-elasticsearch-docs/docs/security/security-admin/ securityadmin.sh command with -dci flag could potentially resolve this issue. One attempt to do this from inside of docker image was unsuccessfull so I decided to cleanup docker container.

ecklf · May 31, 2019, 6:09am

I’ve decided to just use docker-compose down -v to wipe all volumes.

tbhaxor · March 9, 2020, 7:53am

When i am executing the curl request curl -XDELETE 'https://localhost:9200/*' -u admin:admin --insecure, i am getting error,

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
      }
    ],
    "type": "security_exception",
    "reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
  },
  "status": 403
}

ThibaudF · March 10, 2020, 9:10am

Hello !
I think you are trying to delete some special indices but you are using admin account so it’s weird you are getting rejected…

Are you using the default installation settings? (certs, accounts, permissions)
Maybe you can try using the certificates instead of admin authentication.
–cert /etc/elasticsearch/kirk.pem --key /etc/elasticsearch/kirk-key.pem something like that

Hope it helps.
Thi

victorekpo · December 15, 2023, 10:11pm

# bash script to delete all indices

curl --request GET \
  --url https://<domain>/_cat/indices \
  --<auth headers>
  
cat temp | awk '{print $3}' | grep <filterterm> > list

cat list | while read line; do 
 echo Removing index: $line ..;
 curl --request DELETE \
  --url https://<domain>/$line \
  --<auth headers>
done

Topic		Replies	Views
Opening/Closing Indexes by Users Security	1	421	February 18, 2021
Оpendistro-security with ELK (basic license) Open Source Elasticsearch and Kibana	2	1051	March 26, 2021
Cross cluster search with secured clusters Security	18	1681	April 16, 2021
Restore .opendistro_security index Security	2	1718	April 22, 2021
Deleting all .kibana indices for a user OpenSearch discuss	4	227	February 2, 2024

Cannot remove all indexes

Related Topics