Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: bd4439be24
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
operator-privileges
/
operator-only-snapshot-and-restore.asciidoc

operator-only-snapshot-and-restore.asciidoc 1.9 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041 
  1. [role="xpack"]
    2. 

  2. [testenv="enterprise"]
    3. 

  3. [[operator-only-snapshot-and-restore]]
    4. 

  4. === Operator privileges for snapshot and restore
    5. 

  5. 

  6. NOTE: {cloud-only}
    7. 

  7. 

  8. Invoking <<operator-only-apis,operator-only APIs>> or updating
    9. 

  9. <<operator-only-dynamic-cluster-settings,operator-only dynamic cluster settings>>
    10. 

  10. typically results in changes in the cluster state. The cluster state can be
    11. 

  11. included in a cluster <<snapshot-restore,snapshot>>. Snapshots are a great way
    12. 

  12. to preserve the data of a cluster, which can later be restored to bootstrap a
    13. 

  13. new cluster, perform migration, or disaster recovery, for example. In a
    14. 

  14. traditional self-managed environment, the intention is for the restore process
    15. 

  15. to copy the entire cluster state over when requested. However, in a more
    16. 

  16. managed environment, such as {ess-trial}[{ess}], data that is associated with
    17. 

  17. <<operator-only-functionality,operator-only functionality>> is explicitly
    18. 

  18. managed by the infrastructure code.
    19. 

  19. 

  20. Restoring snapshot data associated with
    21. 

  21. operator-only functionality could be problematic
    22. 

  22. because:
    23. 

  23. 

  24. 1. A snapshot could contain incorrect values for operator-only functionalities.
    25. 

  25. For example, the snapshot could have been taken in a different cluster where 
    26. 

  26. requirements are different or the operator privileges feature is not enabled. 
    27. 

  27. Restoring data associated with operator-only functionality breaks the guarantee
    28. 

  28. of operator privileges.
    29. 

  29. 2. Even when the infrastructure code can correct the values immediately after
    30. 

  30. a restore, there will always be a short period of time when the cluster could be
    31. 

  31. in an inconsistent state.
    32. 

  32. 3. The infrastructure code prefers to configure operator-only functionality from
    33. 

  33. a single place, that is to say, through API calls.
    34. 

  34. 

  35. Therefore,
    36. 

  36. <<configure-operator-privileges,*when the operator privileges feature is enabled*>>,
    37. 

  37. snapshot data that is associated with any operator-only functionality is *not* 
    38. 

  38. restored.
    39. 

  39. 

  40. NOTE: That information is still included when taking a snapshot so that all data
    41. 

  41. is always preserved.
    42.