search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
189 stars 271 forks source link

[Question] Understanding OpenSearch Remote-Backed Storage #4594

Open rookuu opened 1 month ago

rookuu commented 1 month ago

I’ve been testing out the remote-backed storage implementation as described here and want to understand the expected behaviour.

I have a cluster with remote-backed storage fully enabled, including state. If the cluster has a catastrophic failure, I would expect that it could be rebuilt from the remote state as described in the documentation.

When testing the feature, I noted that when the cluster was re-created after the failure whilst it did sync the .opendistro_security index - it remained in an uninitialized state. Are their additional steps required before the cluster is made functional?

The output suggested running the securityadmin.sh tool, but I didn’t expect this to be required, and would lose my existing security configuration.

Am I missing something here?

Supporting References

https://opensearch.org/docs/latest/tuning-your-cluster/availability-and-recovery/remote-store/migrating-to-remote/

Related component

Storage:Remote

peternied commented 1 month ago

[Triage - attendees 1 2] Moving this to the security repository that will have more specific answers to this question

stephen-crawford commented 1 month ago

[Triage] Hi @rookuu, thanks for filing this issue. This issue may be better handled by the integration owners but we can look into this briefly and see whether the security plugin is the correct home for this issue.