I used to dump configuracion on yaml files for backup purposes but securityadmin.sh
started to fail in the audit
part I don’t know why:
root@65bfa086514b:/usr/share/elasticsearch/plugins/opendistro_security# tools/securityadmin.sh -backup /root/production_settings/ -h x.x.x.x -nhnv -icl -cacert /root/ca.cert -cert /root/admin.pem -key /root/admin.key -keypass xxxxxxxxxx
WARNING: JAVA_HOME not set, will use /usr/bin/java
Open Distro Security Admin v7
Will connect to x.x.x.x:9300 ... done
Connected as CN=xxxxxxxxxxxxx,OU=xxxxxxx Certificate Authority,O=xxxxxxxxx,DC=xxxxxxxx,DC=xxx
Elasticsearch Version: 7.9.1
Open Distro Security Version: 1.10.1.0
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: elastic-cluster
Clusterstate: GREEN
Number of nodes: 3
Number of data nodes: 3
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '_doc/config' into /root/production_settings/config.yml
SUCC: Configuration for 'config' stored in /root/production_settings/config.yml
Will retrieve '_doc/roles' into /root/production_settings/roles.yml
SUCC: Configuration for 'roles' stored in /root/production_settings/roles.yml
Will retrieve '_doc/rolesmapping' into /root/production_settings/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /root/production_settings/roles_mapping.yml
Will retrieve '_doc/internalusers' into /root/production_settings/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /root/production_settings/internal_users.yml
Will retrieve '_doc/actiongroups' into /root/production_settings/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /root/production_settings/action_groups.yml
Will retrieve '_doc/tenants' into /root/production_settings/tenants.yml
SUCC: Configuration for 'tenants' stored in /root/production_settings/tenants.yml
Will retrieve '_doc/nodesdn' into /root/production_settings/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /root/production_settings/nodes_dn.yml
Will retrieve '_doc/whitelist' into /root/production_settings/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /root/production_settings/whitelist.yml
Will retrieve '_doc/audit' into /root/production_settings/audit.yml
FAIL: Configuration for 'audit' failed because of empty source
root@65bfa086514b:/usr/share/elasticsearch/plugins/opendistro_security#
I tried to disable audit logs on elasticsearch in case it was related but keeps failing with same error. Somebody could help me?