Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2122da31cd
Branches Tags
elasticsearch
/
docs
/
reference
/
security
/
operator-privileges
/
operator-only-snapshot-and-restore.asciidoc

operator-only-snapshot-and-restore.asciidoc 1.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. [role="xpack"]
    2. 

  2. [[operator-only-snapshot-and-restore]]
    3. 

  3. === Operator privileges for snapshot and restore
    4. 

  4. 

  5. NOTE: {cloud-only}
    6. 

  6. 

  7. Invoking <<operator-only-apis,operator-only APIs>> or updating
    8. 

  8. <<operator-only-dynamic-cluster-settings,operator-only dynamic cluster settings>>
    9. 

  9. typically results in changes in the cluster state. The cluster state can be
    10. 

  10. included in a cluster <<snapshot-restore,snapshot>>. Snapshots are a great way
    11. 

  11. to preserve the data of a cluster, which can later be restored to bootstrap a
    12. 

  12. new cluster, perform migration, or disaster recovery, for example. In a
    13. 

  13. traditional self-managed environment, the intention is for the restore process
    14. 

  14. to copy the entire cluster state over when requested. However, in a more
    15. 

  15. managed environment, such as {ess-trial}[{ess}], data that is associated with
    16. 

  16. <<operator-only-functionality,operator-only functionality>> is explicitly
    17. 

  17. managed by the infrastructure code.
    18. 

  18. 

  19. Restoring snapshot data associated with
    20. 

  20. operator-only functionality could be problematic
    21. 

  21. because:
    22. 

  22. 

  23. 1. A snapshot could contain incorrect values for operator-only functionalities.
    24. 

  24. For example, the snapshot could have been taken in a different cluster where 
    25. 

  25. requirements are different or the operator privileges feature is not enabled. 
    26. 

  26. Restoring data associated with operator-only functionality breaks the guarantee
    27. 

  27. of operator privileges.
    28. 

  28. 2. Even when the infrastructure code can correct the values immediately after
    29. 

  29. a restore, there will always be a short period of time when the cluster could be
    30. 

  30. in an inconsistent state.
    31. 

  31. 3. The infrastructure code prefers to configure operator-only functionality from
    32. 

  32. a single place, that is to say, through API calls.
    33. 

  33. 

  34. Therefore,
    35. 

  35. <<configure-operator-privileges,*when the operator privileges feature is enabled*>>,
    36. 

  36. snapshot data that is associated with any operator-only functionality is *not* 
    37. 

  37. restored.
    38. 

  38. 

  39. NOTE: That information is still included when taking a snapshot so that all data
    40. 

  40. is always preserved.
    41.