Security replication in disaster recovery scheme

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch: 2.4.1

Describe the issue:
Cross-Cluster Replication doesn’t replicate system indices now (including .opendistro_security index). In disaster recovery scheme it can be crucial to have the same security configuration because of forced switching between cluster sides.
Are there any known ways to solve the problem? Or maybe there are some plans to handle that?


Relevant Logs or Screenshots:

You’re correct. Security index can’t be copied with CCR as of now. The primary issue is reusing same security index across leader and follower(in read only mode) cluster.
Unfortunately we don’t have a way to sync the security configuration right now. What we’ve seen is that, customers typically do the same change manually on both sides as a workaround.

I agree that this is definitely good to have and we did explore whether its feasible to have follower cluster operate on leader’s security configuration by default. But it might not be straightforward to enable and currently not in plan for near future.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.