Hi,
I have a policy that was applied to the .opendistro_security indices by mistake. It is now in a read only state and no updates can be done on the cluster while it is in this state. I have tried many things but to no avail. You can not use securityadmin.sh as you will get this error:
[.opendistro_security] blocked by: [FORBIDDEN/8/index write (api)]
I have also tried to update the settings of the file using curl by doing the following: curl -k -XPUT 'https://admin:xxxxxxx@localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' -H "Content-Type: application/json"
but this just gives you the error "type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},"status":403}
How do I bring this file back into a read/write state. I have been battling with this for days now and don’t want to delete and recreate the cluster as I would like to keep the data.
If anyone else gets stuck with this, I found a way to delete and recreate the indice /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -dci -icl -nhnv -cacert /usr/share/elasticsearch/config/root-ca.pem -cert /usr/share/elasticsearch/config/kirk.pem -key /usr/share/elasticsearch/config/kirk-key.pem
And then recreate it: /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig" -icl -cacert /usr/share/elasticsearch/config/root-ca.pem -cert /usr/share/elasticsearch/config/kirk.pem -key /usr/share/elasticsearch/config/kirk-key.pem -nhnv
@ggk This index can be managed only with an admin certificate. That’s why basic auth didn’t work for you.
Index recreation is the best approach to getting a clean security-plugin index.