I used to dump configuracion on yaml files for backup purposes but
securityadmin.sh started to fail in the
audit part I don’t know why:
root@65bfa086514b:/usr/share/elasticsearch/plugins/opendistro_security# tools/securityadmin.sh -backup /root/production_settings/ -h x.x.x.x -nhnv -icl -cacert /root/ca.cert -cert /root/admin.pem -key /root/admin.key -keypass xxxxxxxxxx WARNING: JAVA_HOME not set, will use /usr/bin/java Open Distro Security Admin v7 Will connect to x.x.x.x:9300 ... done Connected as CN=xxxxxxxxxxxxx,OU=xxxxxxx Certificate Authority,O=xxxxxxxxx,DC=xxxxxxxx,DC=xxx Elasticsearch Version: 7.9.1 Open Distro Security Version: 220.127.116.11 Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ... Clustername: elastic-cluster Clusterstate: GREEN Number of nodes: 3 Number of data nodes: 3 .opendistro_security index already exists, so we do not need to create one. Will retrieve '_doc/config' into /root/production_settings/config.yml SUCC: Configuration for 'config' stored in /root/production_settings/config.yml Will retrieve '_doc/roles' into /root/production_settings/roles.yml SUCC: Configuration for 'roles' stored in /root/production_settings/roles.yml Will retrieve '_doc/rolesmapping' into /root/production_settings/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /root/production_settings/roles_mapping.yml Will retrieve '_doc/internalusers' into /root/production_settings/internal_users.yml SUCC: Configuration for 'internalusers' stored in /root/production_settings/internal_users.yml Will retrieve '_doc/actiongroups' into /root/production_settings/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /root/production_settings/action_groups.yml Will retrieve '_doc/tenants' into /root/production_settings/tenants.yml SUCC: Configuration for 'tenants' stored in /root/production_settings/tenants.yml Will retrieve '_doc/nodesdn' into /root/production_settings/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /root/production_settings/nodes_dn.yml Will retrieve '_doc/whitelist' into /root/production_settings/whitelist.yml SUCC: Configuration for 'whitelist' stored in /root/production_settings/whitelist.yml Will retrieve '_doc/audit' into /root/production_settings/audit.yml FAIL: Configuration for 'audit' failed because of empty source root@65bfa086514b:/usr/share/elasticsearch/plugins/opendistro_security#
I tried to disable audit logs on elasticsearch in case it was related but keeps failing with same error. Somebody could help me?