Hello,
I have created a snapshot of my Elasticsearch indices to migrate to a new cluster, but I have problems with .opendistro_security.
I created the snapshot with this call to the API:
curl -k -u admin:password -XPUT "https://localhost:9200/_snapshot/snapshot_repository/snapshot_name" -H 'Content-Type: application/json' -d'
{
"indices": "*",
"ignore_unavailable": true,
"include_global_state": false,
}
'
And I restored the indices in a new empty cluster (deleting .opendistro_security index) with
curl -k -u admin:password --cert config/admin.pem --key config/admin-key.pem -XPOST "https://localhost:9200/_snapshot/snapshot_repository/snapshot_name/_restore" -H 'Content-Type: application/json' -d'
{
"ignore_unavailable": true,
"include_global_state": false
}
'
The output is successful, and the indices are restored (I wait until all the indices are green).
My problem is when I try to access to Kibana. When I login (with JWT), I see a blank dashboard. If I go to tenants, it says that I only have access to my private tenant.
When I login to admin and see the roles for the user, I can see that everything is correctly configured (included read_access to global tenant) but in the user I cannot see the global tenant.
After that I tried to change the user permissions for the global tenant to write_access and now I am unable to access with admin user, and Kibana log says: [WARN ][c.a.o.s.a.BackendRegistry] [elastic_service] Authentication finally failed for kibanaserver from 172.21.0.5:53316
Is it possible to restore the .opendistro_index in a new cluster with snapshots? or… do I have to create a backup from the API and restore it manually?