OpenSearch/docs/reference/slm/apis/index.asciidoc

72 lines
2.3 KiB
Plaintext

[role="xpack"]
[testenv="basic"]
[[snapshot-lifecycle-management]]
== Manage the snapshot lifecycle
You can set up snapshot lifecycle policies to automate the timing, frequency, and retention of snapshots.
Snapshot policies can apply to multiple indices.
The snapshot lifecycle management (SLM) <<snapshot-lifecycle-management-api, CRUD APIs>> provide
the building blocks for the snapshot policy features that are part of the Management application in {kib}.
The Snapshot and Restore UI makes it easy to set up policies, register snapshot repositories,
view and manage snapshots, and restore indices.
You can stop and restart SLM to temporarily pause automatic backups while performing
upgrades or other maintenance.
To disable SLM entirely, set `xpack.slm.enabled` to `false` in `elasticsearch.yml`.
[float]
[[slm-and-security]]
=== Security and SLM
Two built-in cluster privileges control access to the SLM actions when
{es} {security-features} are enabled:
`manage_slm`:: Allows a user to perform all SLM actions, including creating and updating policies
and starting and stopping SLM.
`read_slm`:: Allows a user to perform all read-only SLM actions,
such as getting policies and checking the SLM status.
`cluster:admin/snapshot/*`:: Allows a user to take and delete snapshots of any
index, whether or not they have access to that index.
For example, the following request configures an `slm-admin` role that grants the privileges
necessary for administering SLM.
[source,console]
-----------------------------------
POST /_security/role/slm-admin
{
"cluster": ["manage_slm", "cluster:admin/snapshot/*"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["all"]
}
]
}
-----------------------------------
// TEST[skip:security is not enabled here]
Or, for a read-only role that can retrieve policies (but not update, execute, or
delete them), as well as only view the history index:
[source,console]
-----------------------------------
POST /_security/role/slm-read-only
{
"cluster": ["read_slm"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["read"]
}
]
}
-----------------------------------
// TEST[skip:security is not enabled here]
include::getting-started-slm.asciidoc[]
include::slm-retention.asciidoc[]