Restore .opendistro_security index


I have created a snapshot of my Elasticsearch indices to migrate to a new cluster, but I have problems with .opendistro_security.

I created the snapshot with this call to the API:

curl -k -u admin:password -XPUT "https://localhost:9200/_snapshot/snapshot_repository/snapshot_name" -H 'Content-Type: application/json' -d'
  "indices": "*",
  "ignore_unavailable": true,
  "include_global_state": false,

And I restored the indices in a new empty cluster (deleting .opendistro_security index) with

curl -k -u admin:password --cert config/admin.pem --key config/admin-key.pem -XPOST "https://localhost:9200/_snapshot/snapshot_repository/snapshot_name/_restore" -H 'Content-Type: application/json' -d'
	  "ignore_unavailable": true,
	  "include_global_state": false

The output is successful, and the indices are restored (I wait until all the indices are green).

My problem is when I try to access to Kibana. When I login (with JWT), I see a blank dashboard. If I go to tenants, it says that I only have access to my private tenant.
When I login to admin and see the roles for the user, I can see that everything is correctly configured (included read_access to global tenant) but in the user I cannot see the global tenant.

After that I tried to change the user permissions for the global tenant to write_access and now I am unable to access with admin user, and Kibana log says: [WARN ][c.a.o.s.a.BackendRegistry] [elastic_service] Authentication finally failed for kibanaserver from

Is it possible to restore the .opendistro_index in a new cluster with snapshots? or… do I have to create a backup from the API and restore it manually?

Hello @jjmerchante

Have you found a solution for this? Please check the below link and check “Security plugin considerations” section.

1 Like

Hello @pablo

Yes I guess I found a solution (sorry for answering now).

My problem was with the JWT token, I was using a new pair public-private keys and that doesn’t work. I had to use the old JWT keys. It seems that something is stored in the .opendistro_security index that makes conflict if you try to change them.