Help Center/ MapReduce Service/ Component Operation Guide (LTS) (Ankara Region)/ Using Elasticsearch/ Common Issues About Elasticsearch/ What Can I Do If the Authentication Failed When Accessing the Index Data?
Updated on 2024-11-29 GMT+08:00
View PDF
Share

What Can I Do If the Authentication Failed When Accessing the Index Data?

Symptom

In ACL authentication mode, the following error is reported when a client accesses the data:

{
    "status": 403,
    "error": {
        "reason": "permission information for user [aaa] is exception, index [bbb] ,this index owner in ZK is [NA], your group is [xxx]"
    }
}

Cause Analysis

  • Index authentication information fails to be written to ZooKeeper due to an exception.
  • During the startup of an Elasticsearch instance, the authentication information fails to be read from ZooKeeper. As a result, the index authentication information is not loaded to the process cache.

Solution

  1. Log in to the node where the client is located and run the following command to perform authentication:

    kinit elasticsearch

    • Perform authentication as an Elasticsearch user because other users do not have the permission to access the authentication information.
    • For passwords of Elasticsearch users, contact the cluster administrator.

  2. Connect to the ZooKeeper. For details, see Using a ZooKeeper Client.
  3. Run the following command to check whether authentication information about an abnormal index exists in the ZooKeeper:

    get /elasticsearch/indexes/index_name

    • If yes, go to 4.
    • If no, go to 5.

    index_name: indicates the name of an abnormal index.

  4. Grant the read and write permissions on the abnormal index to the role to which the user belongs by referring to Authentication Based on Users and Roles.
  5. Use a tool to supplement the missing authentication information in the abnormal index by referring to Synchronizing Index Owner Group.