"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
2,886 views
Skip to first unread message
Андрей Рыжков
Oct 5, 2022, 1:46:58 AM10/5/22
to Wazuh mailing list
Wazuh version -
4.3.8
Component - Manager
Install method - Packages
Platform -
Ubuntu Server 20.04
Greetings!
I'm trying to execute the following request through Dev Tools:
PUT */_settings?expand_wildcards=all
{
"index.blocks.read_only_allow_delete": null
}
The following response comes up:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status" : 403
}
If you try to edit indexes through Index Management, the following error appears:
Failed to create policy: [cluster_block_exception] index [.opendistro-ism-config] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];
What should I do in this situation? Thank you in advance.
Greetings!
I'm trying to execute the following request through Dev Tools:
PUT */_settings?expand_wildcards=all
{
"index.blocks.read_only_allow_delete": null
}
The following response comes up:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status" : 403
}
If you try to edit indexes through Index Management, the following error appears:
Failed to create policy: [cluster_block_exception] index [.opendistro-ism-config] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];
What should I do in this situation? Thank you in advance.
Federico Rodriguez
Oct 5, 2022, 9:56:21 AM10/5/22
to Wazuh mailing list
Hi Andrew, thanks for using Wazuh!
This error:
Failed to create policy: [cluster_block_exception] index [.opendistro-ism-config] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];
most likely means a node is critically short on disk space availability. Could you please check if this is the case?
In the meanwhile I will continue to dig in this matter and be back as soon as I have more information.
More info:
https://www.elastic.co/guide/en/elasticsearch/reference/master/disk-usage-exceeded.html
This error:
Failed to create policy: [cluster_block_exception] index [.opendistro-ism-config] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];
In the meanwhile I will continue to dig in this matter and be back as soon as I have more information.
More info:
https://www.elastic.co/guide/en/elasticsearch/reference/master/disk-usage-exceeded.html
Андрей Рыжков
Oct 5, 2022, 6:41:07 PM10/5/22
to Wazuh mailing list
Hi, Federico.
I performed the deletion of the old indexes. Current hard drive status: 76,7 Gb/97,1 Gb.
I'm trying to run the query below:
I performed the deletion of the old indexes. Current hard drive status: 76,7 Gb/97,1 Gb.
I'm trying to run the query below:
PUT _cluster/settings
{
"persistent": {
"cluster.routing.allocation.disk.watermark.low": "90%",
"cluster.routing.allocation.disk.watermark.low.max_headroom": "100GB",
"cluster.routing.allocation.disk.watermark.high": "95%",
"cluster.routing.allocation.disk.watermark.high.max_headroom": "20GB",
"cluster.routing.allocation.disk.watermark.flood_stage": "97%",
"cluster.routing.allocation.disk.watermark.flood_stage.max_headroom": "5GB"
}
}
{
"persistent": {
"cluster.routing.allocation.disk.watermark.low": "90%",
"cluster.routing.allocation.disk.watermark.low.max_headroom": "100GB",
"cluster.routing.allocation.disk.watermark.high": "95%",
"cluster.routing.allocation.disk.watermark.high.max_headroom": "20GB",
"cluster.routing.allocation.disk.watermark.flood_stage": "97%",
"cluster.routing.allocation.disk.watermark.flood_stage.max_headroom": "5GB"
}
}
Answer:
{
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "persistent setting [cluster.routing.allocation.disk.watermark.flood_stage.max_headroom], not recognized"
}
],
"type" : "illegal_argument_exception",
"reason" : "persistent setting [cluster.routing.allocation.disk.watermark.flood_stage.max_headroom], not recognized"
},
"status" : 400
}
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "persistent setting [cluster.routing.allocation.disk.watermark.flood_stage.max_headroom], not recognized"
}
],
"type" : "illegal_argument_exception",
"reason" : "persistent setting [cluster.routing.allocation.disk.watermark.flood_stage.max_headroom], not recognized"
},
"status" : 400
}
I'm trying to run the query below:
PUT */_settings?expand_wildcards=all
{
"index.blocks.read_only_allow_delete": null
}
{
"index.blocks.read_only_allow_delete": null
}
Answer:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status" : 403
}
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status" : 403
}
среда, 5 октября 2022 г. в 23:56:21 UTC+10, federico....@wazuh.com:
Federico Rodriguez
Oct 6, 2022, 7:35:20 AM10/6/22
to Wazuh mailing list
By targeting all the indexes you are probably applying this configuration to .opendistro_security index as well and this is triggering the security exception.
If possible try to avoid selecting all the indexes by using a more specific selector, like:
PUT wazuh*/_settings?expand_wildcards=all
{
"index.blocks.read_only_allow_delete": null
}
Hope it helps!
If possible try to avoid selecting all the indexes by using a more specific selector, like:
PUT wazuh*/_settings?expand_wildcards=all
{
"index.blocks.read_only_allow_delete": null
}
Hope it helps!
Federico Rodriguez
Oct 6, 2022, 8:23:52 AM10/6/22
to Wazuh mailing list
For further information about permissions to update settings, here's a reference.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html#indices-update-settings
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html#indices-update-settings
Андрей Рыжков
Oct 6, 2022, 7:39:07 PM10/6/22
to Wazuh mailing list
Hi! Yes, there were no problems with this request. Now I started to receive logs from hosts.
Thank you for your help!
Thank you for your help!
четверг, 6 октября 2022 г. в 21:35:20 UTC+10, federico....@wazuh.com:
Reply all
Reply to author
Forward
0 new messages