Restore snapshot from S3(different cluster’s snapshot)

i am having the issue with permission as the image below, that is going to restore snapshot from different cluster’s snapshot in S3.

Anyone has any idea ?

Can you show the log for missing privileges after executing the command?

1 Like

i just see this here when execute the command:
because it’s a docker container so …(this is from OpenDashBoard Node)

and this is from the Node:

i also see this one:

The security error you are seeing relates to one index “.opendistro_security”.

The restore of this index is not allowed even by an admin user.

To verify this, you can snapshot any other index on its own and restore. The privileges error should be gone.

Can you confirm if that is the case?

Do you still get the AWS access error?

Well, i think it work.

I want to restore the indice: “cisco_asa-2021.07.08-000369”

Right, so “.opendistro_security” is the only issue I would think.
Do you need to restore this index? There is a reason this security feature is there as this index contains all the security configuration for the cluster. It’s recommended to exclude it from snapshot in the first place.

But if you do need to restore the security index, you would need to do so with a curl command that includes the admin cert as per below:

curl -XPOST "https://localhost:9200/_snapshot/my_repo/snapshot_1/_restore" --key "/usr/share/elasticsearch/config/kirk-key.pem" --cert "/usr/share/elasticsearch/config/kirk.pem" --cacert "/usr/share/elasticsearch/config/root-ca.pem"

Additionally, if you have a name collision, you can specify remaining with -d parameter:

curl -XPOST "https://localhost:9200/_snapshot/my_repository_new/snapshot_10/_restore" --key "/usr/share/elasticsearch/config/kirk-key.pem" --cert "/usr/share/elasticsearch/config/kirk.pem" --cacert "/usr/share/elasticsearch/config/root-ca.pem" -H 'Content-Type: application/json' -d'{ "indices": "_all", "rename_pattern": "(.+)", "rename_replacement": "restored_index_$1"}'

Hope this helps


Cool! thanks for your help!
I will check and let you know the result later!

i run the snapshot restore and got the error that make container crashed:

“Caused by: java.lang.OutOfMemoryError: Java heap space”

and after it crashed, i restart it and got the following issue that can’t login anymore with “Invalid Username or Password” (and i am sure i dont touch username or password modification)

Do you know how to fix it ?

@AvianDo It looks like you are running out of heap space, have you tried increasing it in elasticsearch/config/jvm.options file, like so:


Make sure the size is maximum half the size of the overall ram available on the node.

1 Like

Do you have any idea about configuring the OpenSearch with Auth0 ?
i am going to do it but currently dont have any docs for it yet. Please help!

@AvianDo Can you open a separate thread for this please

1 Like