I am trying to configure security in an OpenSearch. Firstly I successfully enabling an HTTPS. This activates an admin:admin user. Now I am trying to disable such user and enable my own test_user:test_pass with admin access. I replaced internal_users.yml file with my own with only one user and execute securityadmin.sh tool, but the admin user is still activated and test_user user did not appeared. It is looks like the securityadmin.sh do nothing and didn't tell me about the problem
My steps:
- I generate a hash for
test_passpassword
sudo -u opensearch ./hash.sh -p test_pass
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /bin/java
$2y$12$gMj8fOao6M7O5FE9H0bEmea.Gtjpot4gqBbct7cq7D5eEbzeRB79S
- new content of
/usr/share/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml:
---
_meta:
type: "internalusers"
config_version: 2
test_user:
hash: "$2y$12$gMj8fOao6M7O5FE9H0bEmea.Gtjpot4gqBbct7cq7D5eEbzeRB79S"
reserved: false
hidden: false
backend_roles:
- "admin"
description: "New admin user"
- I run a securityadmin.sh script and update all security data:
sudo -u opensearch /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/ -icl -key /etc/opensearch/admin-key.pem -cert /etc/opensearch/admin.pem -cacert /etc/opensearch/root-ca.pem -nhnv
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /bin/java
- I check the
https://my-opensearch-server:9200and useadmin:adminpassword. It works, but shouldn't.
I check thehttps://my-opensearch-server:9200and usetest_user:test_passpassword. It doesn't works, but should
Please tell me, what am I doing wrong?
