Restore snapshot from S3(different cluster’s snapshot)

Security
1

i am having the issue with permission as the image below, that is going to restore snapshot from different cluster’s snapshot in S3.

image
image1343×368 53.8 KB

Anyone has any idea ?

2

Can you show the log for missing privileges after executing the command?

1 Like
3

i just see this here when execute the command:
because it’s a docker container so …(this is from OpenDashBoard Node)

image
image1081×98 9.13 KB

and this is from the Node:

image
image1210×312 10.9 KB

i also see this one:

image
image1225×102 8.62 KB

4

@AvianDo
The security error you are seeing relates to one index “.opendistro_security”.

The restore of this index is not allowed even by an admin user.

To verify this, you can snapshot any other index on its own and restore. The privileges error should be gone.

Can you confirm if that is the case?

Do you still get the AWS access error?

5

Well, i think it work.

image
image1355×601 40.1 KB

I want to restore the indice: “cisco_asa-2021.07.08-000369”

image
image1354×549 24 KB

6

Right, so “.opendistro_security” is the only issue I would think.
Do you need to restore this index? There is a reason this security feature is there as this index contains all the security configuration for the cluster. It’s recommended to exclude it from snapshot in the first place.

But if you do need to restore the security index, you would need to do so with a curl command that includes the admin cert as per below:

curl -XPOST "https://localhost:9200/_snapshot/my_repo/snapshot_1/_restore" --key "/usr/share/elasticsearch/config/kirk-key.pem" --cert "/usr/share/elasticsearch/config/kirk.pem" --cacert "/usr/share/elasticsearch/config/root-ca.pem"

Additionally, if you have a name collision, you can specify remaining with -d parameter:

curl -XPOST "https://localhost:9200/_snapshot/my_repository_new/snapshot_10/_restore" --key "/usr/share/elasticsearch/config/kirk-key.pem" --cert "/usr/share/elasticsearch/config/kirk.pem" --cacert "/usr/share/elasticsearch/config/root-ca.pem" -H 'Content-Type: application/json' -d'{ "indices": "_all", "rename_pattern": "(.+)", "rename_replacement": "restored_index_$1"}'

Hope this helps

2 Likes
7

Cool! thanks for your help!
I will check and let you know the result later!

8

i run the snapshot restore and got the error that make container crashed:

“Caused by: java.lang.OutOfMemoryError: Java heap space”

image
image1053×225 11 KB

and after it crashed, i restart it and got the following issue that can’t login anymore with “Invalid Username or Password” (and i am sure i dont touch username or password modification)

image
image1270×179 16.1 KB

Do you know how to fix it ?

9

@AvianDo It looks like you are running out of heap space, have you tried increasing it in elasticsearch/config/jvm.options file, like so:

-Xms8g
-Xmx8g

Make sure the size is maximum half the size of the overall ram available on the node.

1 Like
10

@Anthony
Do you have any idea about configuring the OpenSearch with Auth0 ?
i am going to do it but currently dont have any docs for it yet. Please help!

11

@AvianDo Can you open a separate thread for this please

1 Like