From f0447a829614f4dbfcf10d26a961cc149e6aaf57 Mon Sep 17 00:00:00 2001 From: Anthony7774 Date: Wed, 6 Mar 2024 15:29:07 +0000 Subject: [PATCH 01/45] additing security installation page #20231130 Signed-off-by: Anthony7774 --- .../configuration/security-installation.md | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 _security/configuration/security-installation.md diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md new file mode 100644 index 0000000000..0ad0bc4295 --- /dev/null +++ b/_security/configuration/security-installation.md @@ -0,0 +1,43 @@ +--- +layout: default +title: Security installation +parent: Configuration +nav_order: 50 +--- + +# Security installation + +Default version of OpenSearch comes with Security features pre-installed, however if this was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch Minimum was installed, this page goes through the steps of installing Security features. + +Full cluster restart is necessary to enable security features +{: .label .label-red } + +## Installation steps for prod cluster + +1. Disable shard allocation and stop all nodes + You need to disable in order to prevent shards moving around when the cluster is restarted. +```json + PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "none" + } +}' +``` +{% include copy-curl.html %} +2. Install plugin on all nodes +```bash +bin/opensearch-plugin install opensearch-security +``` +{% include copy.html %} +3. Add necessary configuration to opensearch.yml for TLS encryption +[Configuration]({{site.url}}{{site.baseurl}}/[security/configuration/disable/](/install-and-configure/configuring-opensearch/security-settings/)) details different settings which need to be configured +4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable +5. Restart the nodes and re-enable shard allocation +```json + PUT "http://your-elasticsearch-host:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "all" + } +}' +``` +{% include copy-curl.html %} From a576b43c962ef6cd37e2584eccd1db50b91c865f Mon Sep 17 00:00:00 2001 From: Anthony7774 Date: Wed, 6 Mar 2024 15:38:04 +0000 Subject: [PATCH 02/45] Update security-installation.md Signed-off-by: Anthony7774 --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 0ad0bc4295..515dd7ffc7 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -32,7 +32,7 @@ bin/opensearch-plugin install opensearch-security 3. Add necessary configuration to opensearch.yml for TLS encryption [Configuration]({{site.url}}{{site.baseurl}}/[security/configuration/disable/](/install-and-configure/configuring-opensearch/security-settings/)) details different settings which need to be configured 4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable -5. Restart the nodes and re-enable shard allocation +5. Restart the nodes and reenable shard allocation ```json PUT "http://your-elasticsearch-host:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { From 116e2d96c4003185882d519d385c226e1549b5cc Mon Sep 17 00:00:00 2001 From: Anthony7774 Date: Wed, 6 Mar 2024 15:42:37 +0000 Subject: [PATCH 03/45] Update security-installation.md Signed-off-by: Anthony7774 --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 515dd7ffc7..82cfd0c034 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -2,7 +2,7 @@ layout: default title: Security installation parent: Configuration -nav_order: 50 +nav_order: 60 --- # Security installation From f87895f895820b1b3162c2bbad03710b3399d3dd Mon Sep 17 00:00:00 2001 From: AnthonyEliatra Date: Wed, 6 Mar 2024 16:37:23 +0000 Subject: [PATCH 04/45] Update security-installation.md fixed a dead link Signed-off-by: AnthonyEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 82cfd0c034..6a86d8824d 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -30,7 +30,7 @@ bin/opensearch-plugin install opensearch-security ``` {% include copy.html %} 3. Add necessary configuration to opensearch.yml for TLS encryption -[Configuration]({{site.url}}{{site.baseurl}}/[security/configuration/disable/](/install-and-configure/configuring-opensearch/security-settings/)) details different settings which need to be configured +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured 4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable 5. Restart the nodes and reenable shard allocation ```json From 160427c77503cdce426b4c8c7b791db87c72a6e7 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Thu, 7 Mar 2024 10:51:42 +0000 Subject: [PATCH 05/45] Update security-installation.md Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 6a86d8824d..d22b2ac6e1 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -34,7 +34,7 @@ bin/opensearch-plugin install opensearch-security 4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable 5. Restart the nodes and reenable shard allocation ```json - PUT "http://your-elasticsearch-host:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { "cluster.routing.allocation.enable": "all" } From 7b7c3d41b84b0311c8e637c877bded79161522ef Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:23:50 +0000 Subject: [PATCH 06/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index d22b2ac6e1..52bf0f85c6 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -7,7 +7,7 @@ nav_order: 60 # Security installation -Default version of OpenSearch comes with Security features pre-installed, however if this was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch Minimum was installed, this page goes through the steps of installing Security features. +The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. Full cluster restart is necessary to enable security features {: .label .label-red } From 5225ac3fdb27b64383b083e0f5db655113bd2efa Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:24:04 +0000 Subject: [PATCH 07/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 52bf0f85c6..7f7472cee8 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -14,7 +14,7 @@ Full cluster restart is necessary to enable security features ## Installation steps for prod cluster -1. Disable shard allocation and stop all nodes +1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. You need to disable in order to prevent shards moving around when the cluster is restarted. ```json PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ From 7184980c4f53fe1ba246e9020e61db1048f55312 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:24:31 +0000 Subject: [PATCH 08/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 7f7472cee8..fe4e9e2bc6 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -9,7 +9,7 @@ nav_order: 60 The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. -Full cluster restart is necessary to enable security features +A full cluster restart is necessary to enable security features. {: .label .label-red } ## Installation steps for prod cluster From d4ac83f01b2a2113170d33b004bcabc5cacd4dbd Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:25:08 +0000 Subject: [PATCH 09/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index fe4e9e2bc6..61d1dafeee 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -15,7 +15,6 @@ A full cluster restart is necessary to enable security features. ## Installation steps for prod cluster 1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. - You need to disable in order to prevent shards moving around when the cluster is restarted. ```json PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { From 854a51d119ab9ce73cdcaa7891a53fda86dd3495 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:25:31 +0000 Subject: [PATCH 10/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 61d1dafeee..af9f793eb7 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -28,7 +28,7 @@ A full cluster restart is necessary to enable security features. bin/opensearch-plugin install opensearch-security ``` {% include copy.html %} -3. Add necessary configuration to opensearch.yml for TLS encryption +3. Add the necessary configuration to opensearch.yml for TLS encryption. [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured 4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable 5. Restart the nodes and reenable shard allocation From 5577a3a938f378fbb24741f457f799c2b7fa2b5e Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:25:49 +0000 Subject: [PATCH 11/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index af9f793eb7..c71b9bb7f2 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -30,7 +30,7 @@ bin/opensearch-plugin install opensearch-security {% include copy.html %} 3. Add the necessary configuration to opensearch.yml for TLS encryption. [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured -4. Create OPENSEARCH_INITIAL_ADMIN_PASSWORD variable +4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. 5. Restart the nodes and reenable shard allocation ```json PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ From 6166746f49a841f64c0ad9f422443e02421b4d84 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:26:01 +0000 Subject: [PATCH 12/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index c71b9bb7f2..1c2423c74d 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -31,7 +31,7 @@ bin/opensearch-plugin install opensearch-security 3. Add the necessary configuration to opensearch.yml for TLS encryption. [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured 4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. -5. Restart the nodes and reenable shard allocation +5. Restart the nodes and reenable shard allocation. ```json PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { From 43249c1c9c4e32672fc54c9eac74b49f4de4ad2f Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:26:21 +0000 Subject: [PATCH 13/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index 1c2423c74d..dc1d34b8e0 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -2,7 +2,7 @@ layout: default title: Security installation parent: Configuration -nav_order: 60 +nav_order: 45 --- # Security installation From ed05ca230e24c63d8ff653253abadc0d8a968d32 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:42:09 +0000 Subject: [PATCH 14/45] Update _security/configuration/security-installation.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/security-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md index dc1d34b8e0..78e66be49d 100644 --- a/_security/configuration/security-installation.md +++ b/_security/configuration/security-installation.md @@ -23,7 +23,7 @@ A full cluster restart is necessary to enable security features. }' ``` {% include copy-curl.html %} -2. Install plugin on all nodes +2. Install the plugin on all nodes. ```bash bin/opensearch-plugin install opensearch-security ``` From 785a439389a05704e76433435ae41e179241c731 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Tue, 12 Mar 2024 09:45:01 +0000 Subject: [PATCH 15/45] renaming to enabling security Signed-off-by: AntonEliatra --- _security/configuration/enabling-security.md | 42 ++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 _security/configuration/enabling-security.md diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md new file mode 100644 index 0000000000..cd494d825e --- /dev/null +++ b/_security/configuration/enabling-security.md @@ -0,0 +1,42 @@ +--- +layout: default +title: Enabling security +parent: Configuration +nav_order: 45 +--- + +# Enabling security + +The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. + +A full cluster restart is necessary to enable security features. +{: .label .label-red } + +## Installation steps for prod cluster + +1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. +```json + PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "none" + } +}' +``` +{% include copy-curl.html %} +2. Install plugin on all nodes +```bash +bin/opensearch-plugin install opensearch-security +``` +{% include copy.html %} +3. Add the necessary configuration to opensearch.yml for TLS encryption. +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured +4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. +5. Restart the nodes and reenable shard allocation. +```json + PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "all" + } +}' +``` +{% include copy-curl.html %} From 74385c73f384b6a7ca64cf5e74e8b0ea040c63d9 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 13 Mar 2024 09:34:26 +0000 Subject: [PATCH 16/45] additing security installation page #20231130 Signed-off-by: AntonEliatra --- _security/configuration/enabling-security.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md index cd494d825e..ab1e9d1a24 100644 --- a/_security/configuration/enabling-security.md +++ b/_security/configuration/enabling-security.md @@ -10,20 +10,20 @@ nav_order: 45 The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. A full cluster restart is necessary to enable security features. -{: .label .label-red } +{: .warning} -## Installation steps for prod cluster +# To enable security 1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. ```json - PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ +curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { "cluster.routing.allocation.enable": "none" } }' ``` {% include copy-curl.html %} -2. Install plugin on all nodes +2. Install the plugin on all nodes. ```bash bin/opensearch-plugin install opensearch-security ``` @@ -33,7 +33,7 @@ bin/opensearch-plugin install opensearch-security 4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. 5. Restart the nodes and reenable shard allocation. ```json - PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ +curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { "cluster.routing.allocation.enable": "all" } From 615edffda8ed4c3501ada1d8fb94a5c24e38cb0d Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 13 Mar 2024 09:36:09 +0000 Subject: [PATCH 17/45] additing security installation page #20231130 Signed-off-by: AntonEliatra --- .../configuration/security-installation.md | 42 ------------------- 1 file changed, 42 deletions(-) delete mode 100644 _security/configuration/security-installation.md diff --git a/_security/configuration/security-installation.md b/_security/configuration/security-installation.md deleted file mode 100644 index 78e66be49d..0000000000 --- a/_security/configuration/security-installation.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -layout: default -title: Security installation -parent: Configuration -nav_order: 45 ---- - -# Security installation - -The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. - -A full cluster restart is necessary to enable security features. -{: .label .label-red } - -## Installation steps for prod cluster - -1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. -```json - PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "none" - } -}' -``` -{% include copy-curl.html %} -2. Install the plugin on all nodes. -```bash -bin/opensearch-plugin install opensearch-security -``` -{% include copy.html %} -3. Add the necessary configuration to opensearch.yml for TLS encryption. -[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured -4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. -5. Restart the nodes and reenable shard allocation. -```json - PUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "all" - } -}' -``` -{% include copy-curl.html %} From f9b8a17517045494438f34a7677e469a18536db3 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 13 Mar 2024 09:45:30 +0000 Subject: [PATCH 18/45] additing security installation page #20231130 Signed-off-by: AntonEliatra --- _security/configuration/enabling-security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md index ab1e9d1a24..4d8e564e2d 100644 --- a/_security/configuration/enabling-security.md +++ b/_security/configuration/enabling-security.md @@ -22,7 +22,7 @@ curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: applicati } }' ``` -{% include copy-curl.html %} +{% include copy.html %} 2. Install the plugin on all nodes. ```bash bin/opensearch-plugin install opensearch-security @@ -39,4 +39,4 @@ curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: applicati } }' ``` -{% include copy-curl.html %} +{% include copy.html %} From 3c8536da8bc1aff9d1f10b30496902555e4911fa Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 13 Mar 2024 09:51:39 +0000 Subject: [PATCH 19/45] additing security installation page #20231130 Signed-off-by: AntonEliatra --- _security/configuration/enabling-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md index 4d8e564e2d..12f951d2ad 100644 --- a/_security/configuration/enabling-security.md +++ b/_security/configuration/enabling-security.md @@ -12,7 +12,7 @@ The default version of OpenSearch comes with Security features pre-installed, ho A full cluster restart is necessary to enable security features. {: .warning} -# To enable security +To enable security 1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. ```json From f96f81e63431386e708966f4a49f77b5a9358f0a Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:49:58 -0500 Subject: [PATCH 20/45] Update enabling-security.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/enabling-security.md | 55 +++++++++++--------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md index 12f951d2ad..d4377f4707 100644 --- a/_security/configuration/enabling-security.md +++ b/_security/configuration/enabling-security.md @@ -12,31 +12,38 @@ The default version of OpenSearch comes with Security features pre-installed, ho A full cluster restart is necessary to enable security features. {: .warning} -To enable security +Use the following steps to enable security: 1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. -```json -curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "none" - } -}' -``` -{% include copy.html %} + + ```json + curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "none" + } + }' + ``` + {% include copy.html %} + 2. Install the plugin on all nodes. -```bash -bin/opensearch-plugin install opensearch-security -``` -{% include copy.html %} + + ```bash + bin/opensearch-plugin install opensearch-security + ``` + {% include copy.html %} + 3. Add the necessary configuration to opensearch.yml for TLS encryption. -[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured -4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. -5. Restart the nodes and reenable shard allocation. -```json -curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "all" - } -}' -``` -{% include copy.html %} +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured. + +5. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. + +7. Restart the nodes and reenable shard allocation. + + ```json + curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "all" + } + }' + ``` + {% include copy.html %} From c9d49c6679aeac501e62f4ad364dba1ab1f90098 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:56:24 -0500 Subject: [PATCH 21/45] Update enabling-security.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/enabling-security.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md index d4377f4707..e544016d99 100644 --- a/_security/configuration/enabling-security.md +++ b/_security/configuration/enabling-security.md @@ -20,10 +20,10 @@ Use the following steps to enable security: curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { "cluster.routing.allocation.enable": "none" - } - }' - ``` - {% include copy.html %} + } + }' + ``` + {% include copy.html %} 2. Install the plugin on all nodes. From abcd8e5e3e438efd8ea0823af89015c4324c9672 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 15 Mar 2024 11:39:01 +0000 Subject: [PATCH 22/45] moving security installation page #20231130 Signed-off-by: AntonEliatra --- ...{disable.md => disable-enable-security.md} | 78 +++++++++++++++++-- _security/configuration/enabling-security.md | 49 ------------ _security/configuration/index.md | 2 +- 3 files changed, 71 insertions(+), 58 deletions(-) rename _security/configuration/{disable.md => disable-enable-security.md} (64%) delete mode 100644 _security/configuration/enabling-security.md diff --git a/_security/configuration/disable.md b/_security/configuration/disable-enable-security.md similarity index 64% rename from _security/configuration/disable.md rename to _security/configuration/disable-enable-security.md index 568a79d094..8807065f05 100755 --- a/_security/configuration/disable.md +++ b/_security/configuration/disable-enable-security.md @@ -1,16 +1,23 @@ --- layout: default -title: Disabling security +title: Disabling/Enabling security parent: Configuration nav_order: 40 +has_toc: true redirect_from: - - /security-plugin/configuration/disable/ + - /security-plugin/configuration/disable-enable-security/ --- -# Disabling security +#### Table of contents +- TOC +{:toc} + +# Disabling/Enabling security You might want to temporarily disable the Security plugin to make testing or internal usage more straightforward. The Security plugin is actually two plugins: one for OpenSearch and one for OpenSearch Dashboards. You can use the OpenSearch plugin independently, but the OpenSearch Dashboards plugin requires a secured OpenSearch cluster. +## Disabling security + To disable the OpenSearch Security plugin, add the following line in `opensearch.yml`: ```yml @@ -18,7 +25,7 @@ plugins.security.disabled: true ``` -## Removing the OpenSearch plugin +### Removing the OpenSearch plugin A more permanent option is to remove the Security plugin entirely: @@ -35,13 +42,13 @@ Disabling or removing the plugin exposes the configuration index for the Securit {: .warning } -## Removing the OpenSearch Dashboards plugin +### Removing the OpenSearch Dashboards plugin If you disable the Security plugin in `opensearch.yml` (or delete the plugin entirely) and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards plugin. For more information, see [OpenSearch Dashboards remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). Refer to the following installation types to remove the OpenSearch Dashboards plugin. -### Docker +#### Docker 1. Remove all Security plugin configuration settings from `opensearch_dashboards.yml` or place the example file in the same folder as the `Dockerfile`: @@ -70,7 +77,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl 1. Change `OPENSEARCH_HOSTS` or `opensearch.hosts` to `http://` rather than `https://`. 1. Enter `docker-compose up`. -### Tarball +#### Tarball 1. Navigate to the `/bin` directory in your OpenSearch Dashboards installation folder and stop the running OpenSearch Dashboards instance by pressing `Ctrl + C`. @@ -93,7 +100,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl ./bin/opensearch-dashboards ``` -### RPM and Debian +#### RPM and Debian 1. Stop the running instance of OpenSearch Dashboards by using the following command: @@ -119,3 +126,58 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl ```bash sudo systemctl start opensearch-dashboards ``` + +## Enabling security + +The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. + +A full cluster restart is necessary to enable security features. +{: .warning} + +### Installing the OpenSearch plugin + +Use the following steps to enable security: + +1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. + + ```json + curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "none" + } + }' + ``` + {% include copy.html %} + +2. Install the plugin on all nodes. + + ```bash + bin/opensearch-plugin install opensearch-security + ``` + {% include copy.html %} + +3. Add the necessary configuration to opensearch.yml for TLS encryption. +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured. + +4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. + +5. Restart the nodes and reenable shard allocation. + + ```json + curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "all" + } + }' + ``` + {% include copy.html %} + +### Installing the OpenSearch Dashboards plugin + +1. Stop Opensearch Dashboards +2. Install the Security plugin + ```bash + ./bin/opensearch-dashboards-plugin install securityDashboards + ``` +3. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` +4. Start Opensearch Dashboards diff --git a/_security/configuration/enabling-security.md b/_security/configuration/enabling-security.md deleted file mode 100644 index e544016d99..0000000000 --- a/_security/configuration/enabling-security.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -layout: default -title: Enabling security -parent: Configuration -nav_order: 45 ---- - -# Enabling security - -The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. - -A full cluster restart is necessary to enable security features. -{: .warning} - -Use the following steps to enable security: - -1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. - - ```json - curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "none" - } - }' - ``` - {% include copy.html %} - -2. Install the plugin on all nodes. - - ```bash - bin/opensearch-plugin install opensearch-security - ``` - {% include copy.html %} - -3. Add the necessary configuration to opensearch.yml for TLS encryption. -[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured. - -5. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. - -7. Restart the nodes and reenable shard allocation. - - ```json - curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ - "transient": { - "cluster.routing.allocation.enable": "all" - } - }' - ``` - {% include copy.html %} diff --git a/_security/configuration/index.md b/_security/configuration/index.md index 05dc3696cb..c4e9145fc0 100644 --- a/_security/configuration/index.md +++ b/_security/configuration/index.md @@ -22,7 +22,7 @@ The plugin includes demo certificates so that you can get up and running quickly 1. Start OpenSearch. 1. [Add users, roles, role mappings, and tenants]({{site.url}}{{site.baseurl}}/security/access-control/index/). -If you don't want to use the plugin, see [Disable security]({{site.url}}{{site.baseurl}}/security/configuration/disable). +If you don't want to use the plugin, see [Disable security]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security). The Security plugin has several default users, roles, action groups, permissions, and settings for OpenSearch Dashboards that use kibana in their names. We will change these names in a future release. {: .note } From b409fd9e6e492dc2bd3a14e7f8074155a08d4f68 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 15 Mar 2024 16:19:50 +0000 Subject: [PATCH 23/45] moving security installation page #20231130 Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 4 ++-- _security/configuration/index.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 8807065f05..49b6a0c621 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -174,10 +174,10 @@ Use the following steps to enable security: ### Installing the OpenSearch Dashboards plugin -1. Stop Opensearch Dashboards +1. Stop OpenSearch Dashboards 2. Install the Security plugin ```bash ./bin/opensearch-dashboards-plugin install securityDashboards ``` 3. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` -4. Start Opensearch Dashboards +4. Start OpenSearch Dashboards diff --git a/_security/configuration/index.md b/_security/configuration/index.md index c4e9145fc0..31292c320a 100644 --- a/_security/configuration/index.md +++ b/_security/configuration/index.md @@ -22,7 +22,7 @@ The plugin includes demo certificates so that you can get up and running quickly 1. Start OpenSearch. 1. [Add users, roles, role mappings, and tenants]({{site.url}}{{site.baseurl}}/security/access-control/index/). -If you don't want to use the plugin, see [Disable security]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security). +If you don't want to use the plugin, see [Disable security]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security/). The Security plugin has several default users, roles, action groups, permissions, and settings for OpenSearch Dashboards that use kibana in their names. We will change these names in a future release. {: .note } From c1af7ced685365403da188bc3cd6b4ee5b20a2e4 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:28:46 -0500 Subject: [PATCH 24/45] Update disable-enable-security.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- .../configuration/disable-enable-security.md | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 49b6a0c621..ec854fd9a9 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -1,20 +1,16 @@ --- layout: default -title: Disabling/Enabling security +title: Disabling and enabling the Security plugin parent: Configuration nav_order: 40 has_toc: true redirect_from: - - /security-plugin/configuration/disable-enable-security/ + - /security-plugin/configuration/disable/ --- -#### Table of contents -- TOC -{:toc} +# Disabling and enabling the Security plugin -# Disabling/Enabling security - -You might want to temporarily disable the Security plugin to make testing or internal usage more straightforward. The Security plugin is actually two plugins: one for OpenSearch and one for OpenSearch Dashboards. You can use the OpenSearch plugin independently, but the OpenSearch Dashboards plugin requires a secured OpenSearch cluster. +Depending on the temporarily disable the Security plugin to make testing or internal usage more straightforward. The Security plugin is actually two plugins: one for OpenSearch and one for OpenSearch Dashboards. You can use the OpenSearch plugin independently, but the OpenSearch Dashboards plugin requires a secured OpenSearch cluster. ## Disabling security @@ -24,7 +20,6 @@ To disable the OpenSearch Security plugin, add the following line in `opensearch plugins.security.disabled: true ``` - ### Removing the OpenSearch plugin A more permanent option is to remove the Security plugin entirely: @@ -149,7 +144,7 @@ Use the following steps to enable security: ``` {% include copy.html %} -2. Install the plugin on all nodes. +2. Install the Security plugin on all nodes in your cluster ```bash bin/opensearch-plugin install opensearch-security @@ -159,7 +154,7 @@ Use the following steps to enable security: 3. Add the necessary configuration to opensearch.yml for TLS encryption. [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured. -4. Create the OPENSEARCH_INITIAL_ADMIN_PASSWORD variable. +4. Create the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable. For more information, see [Setting up a custom admin password](https://opensearch.org/docs/latest/security/configuration/demo-configuration/#setting-up-a-custom-admin-password). 5. Restart the nodes and reenable shard allocation. @@ -174,10 +169,12 @@ Use the following steps to enable security: ### Installing the OpenSearch Dashboards plugin -1. Stop OpenSearch Dashboards -2. Install the Security plugin +1. Stop running your OpenSearch Dashboards cluster. +2. Install the Security plugin: + ```bash ./bin/opensearch-dashboards-plugin install securityDashboards ``` -3. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` -4. Start OpenSearch Dashboards + +4. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` +5. Start OpenSearch Dashboards. You should be prompted to enter your log in credentials. From 3ebeac9da667b6a8ffadd13995dbb731abb1fae7 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:32:37 -0500 Subject: [PATCH 25/45] Update disable-enable-security.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index ec854fd9a9..db102dd756 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -14,7 +14,7 @@ Depending on the temporarily disable the Security plugin to make testing or inte ## Disabling security -To disable the OpenSearch Security plugin, add the following line in `opensearch.yml`: +To disable the Security plugin, add the following line in `opensearch.yml`: ```yml plugins.security.disabled: true @@ -27,6 +27,7 @@ A more permanent option is to remove the Security plugin entirely: 1. Delete the `plugins/opensearch-security` folder on all nodes. 1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. 1. Uninstall the Security plugin by using the following command: + ```bash /usr/share/opensearch/opensearch-plugin remove opensearch-security ``` @@ -90,6 +91,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl server.host: "0.0.0.0" opensearch.hosts: http://localhost:9200 ``` + 1. Start OpenSearch Dashboards. ```bash ./bin/opensearch-dashboards @@ -177,4 +179,4 @@ Use the following steps to enable security: ``` 4. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` -5. Start OpenSearch Dashboards. You should be prompted to enter your log in credentials. +5. Start OpenSearch Dashboards. You should be prompted to enter your log in credentials if the plugin was successfully installed. From c4471b4848185e485112f8a8a79d6cd7c6650d31 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:50:04 -0500 Subject: [PATCH 26/45] Update disable-enable-security.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- .../configuration/disable-enable-security.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index db102dd756..1db187f8ad 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,19 +10,19 @@ redirect_from: # Disabling and enabling the Security plugin -Depending on the temporarily disable the Security plugin to make testing or internal usage more straightforward. The Security plugin is actually two plugins: one for OpenSearch and one for OpenSearch Dashboards. You can use the OpenSearch plugin independently, but the OpenSearch Dashboards plugin requires a secured OpenSearch cluster. +If you're interested in using OpenSearch without security to make testing or internal usage more straightforward, you can temporarily disable the Security plugin. OpenSearch uses two seperate security plugins, one for OpenSearch (Security plugin) and one of OpenSearch Dashboards (OpenSearch Dashboards Security plugin) You can use the OpenSearch by [disabling the security plugin](#disabling-security) or [removing the Security plugin](#removing-the-security-plugin). However by default OpenSearch Dashboards, requires a secured OpenSearch cluster, which means that the OpenSearch Dashboards Security plugin must be [uninstalled](#removing-the-opensearch-dashboards-security-plugin) from OpenSearch Dashboards in order to use Dashboards without security. ## Disabling security -To disable the Security plugin, add the following line in `opensearch.yml`: +To disable the Security plugin for OpenSearch, add the following line in `opensearch.yml`: ```yml plugins.security.disabled: true ``` -### Removing the OpenSearch plugin +## Removing the Security plugin -A more permanent option is to remove the Security plugin entirely: +If you want to remove the Security plugin in your OpenSearch instance without changing your configuration settings in `opensearch.yml`, use the following steps. 1. Delete the `plugins/opensearch-security` folder on all nodes. 1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. @@ -38,13 +38,13 @@ Disabling or removing the plugin exposes the configuration index for the Securit {: .warning } -### Removing the OpenSearch Dashboards plugin +## Removing the OpenSearch Dashboards Security plugin -If you disable the Security plugin in `opensearch.yml` (or delete the plugin entirely) and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards plugin. For more information, see [OpenSearch Dashboards remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). +If you disable the Security plugin in `opensearch.yml` and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards Security plugin. For more information, see [OpenSearch Dashboards remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). Refer to the following installation types to remove the OpenSearch Dashboards plugin. -#### Docker +### Docker 1. Remove all Security plugin configuration settings from `opensearch_dashboards.yml` or place the example file in the same folder as the `Dockerfile`: @@ -73,7 +73,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl 1. Change `OPENSEARCH_HOSTS` or `opensearch.hosts` to `http://` rather than `https://`. 1. Enter `docker-compose up`. -#### Tarball +### Tarball 1. Navigate to the `/bin` directory in your OpenSearch Dashboards installation folder and stop the running OpenSearch Dashboards instance by pressing `Ctrl + C`. @@ -97,7 +97,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl ./bin/opensearch-dashboards ``` -#### RPM and Debian +### RPM and Debian 1. Stop the running instance of OpenSearch Dashboards by using the following command: @@ -126,7 +126,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl ## Enabling security -The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security/) or OpenSearch was installed without security, for example, using the minimal distribution method, you can enable the plugin as follows. +The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security/) or OpenSearch was installed without security, such as when using the minimal distribution method, you can enable the plugin as follows. A full cluster restart is necessary to enable security features. {: .warning} From 9494cdf1371ad5c0907a5266c6c6282519b6569c Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:52:40 -0500 Subject: [PATCH 27/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 1db187f8ad..3c10f9ae4e 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,7 +10,7 @@ redirect_from: # Disabling and enabling the Security plugin -If you're interested in using OpenSearch without security to make testing or internal usage more straightforward, you can temporarily disable the Security plugin. OpenSearch uses two seperate security plugins, one for OpenSearch (Security plugin) and one of OpenSearch Dashboards (OpenSearch Dashboards Security plugin) You can use the OpenSearch by [disabling the security plugin](#disabling-security) or [removing the Security plugin](#removing-the-security-plugin). However by default OpenSearch Dashboards, requires a secured OpenSearch cluster, which means that the OpenSearch Dashboards Security plugin must be [uninstalled](#removing-the-opensearch-dashboards-security-plugin) from OpenSearch Dashboards in order to use Dashboards without security. +If you're interested in using OpenSearch without security to make testing or internal usage more straightforward, you can temporarily disable the Security plugin. OpenSearch uses two separate security plugins, one for OpenSearch (Security plugin) and one of OpenSearch Dashboards (OpenSearch Dashboards Security plugin) You can use the OpenSearch by [disabling the Security plugin](#disabling-security) or [uninstalling the plugin](#removing-the-security-plugin). However by default OpenSearch Dashboards, requires a secured OpenSearch cluster, which means that the OpenSearch Dashboards Security plugin must be [uninstalled](#removing-the-opensearch-dashboards-security-plugin) from OpenSearch Dashboards in order to use Dashboards without security. ## Disabling security From 53d98344c84227df72e59317c61779ac8e465be0 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 20 Mar 2024 14:38:32 -0500 Subject: [PATCH 28/45] Apply suggestions from code review Co-authored-by: Heather Halter Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 3c10f9ae4e..b5a176ef6c 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,7 +10,10 @@ redirect_from: # Disabling and enabling the Security plugin -If you're interested in using OpenSearch without security to make testing or internal usage more straightforward, you can temporarily disable the Security plugin. OpenSearch uses two separate security plugins, one for OpenSearch (Security plugin) and one of OpenSearch Dashboards (OpenSearch Dashboards Security plugin) You can use the OpenSearch by [disabling the Security plugin](#disabling-security) or [uninstalling the plugin](#removing-the-security-plugin). However by default OpenSearch Dashboards, requires a secured OpenSearch cluster, which means that the OpenSearch Dashboards Security plugin must be [uninstalled](#removing-the-opensearch-dashboards-security-plugin) from OpenSearch Dashboards in order to use Dashboards without security. +The Security plugin is installed by default with OpenSearch, but you can disable it temporarily if you want to make testing or internal usage more straightforward. You can then enable it once you're ready to configure security for your cluster. + +If you have your own security solution or need to remove the Security plugin for development purposes, you can uninstall the plugin completely. Note that OpenSearch Dashboards can run only against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. + ## Disabling security @@ -133,7 +136,7 @@ A full cluster restart is necessary to enable security features. ### Installing the OpenSearch plugin -Use the following steps to enable security: +Use the following steps to install the plugin if you previously uninstalled it. 1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. From b35d86bdd4c6750d7cd02001df840ca55b21883a Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 22 Mar 2024 16:23:25 +0000 Subject: [PATCH 29/45] fixes on security disable-enable page Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index b5a176ef6c..2933144dcc 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -12,7 +12,7 @@ redirect_from: The Security plugin is installed by default with OpenSearch, but you can disable it temporarily if you want to make testing or internal usage more straightforward. You can then enable it once you're ready to configure security for your cluster. -If you have your own security solution or need to remove the Security plugin for development purposes, you can uninstall the plugin completely. Note that OpenSearch Dashboards can run only against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. +If you have your own security solution or need to remove the Security plugin for development purposes, you can uninstall the plugin completely. Note that OpenSearch Dashboards can only run against a secure cluster; if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. ## Disabling security @@ -25,7 +25,7 @@ plugins.security.disabled: true ## Removing the Security plugin -If you want to remove the Security plugin in your OpenSearch instance without changing your configuration settings in `opensearch.yml`, use the following steps. +While using the Security plugin is always recommended, if you do need to completely remove the Security plugin from your OpenSearch instance, you can take the following steps: 1. Delete the `plugins/opensearch-security` folder on all nodes. 1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. From 910c7773c99b4500c014ef31b96ee935a0ed6b64 Mon Sep 17 00:00:00 2001 From: Heather Halter Date: Tue, 26 Mar 2024 18:32:34 -0700 Subject: [PATCH 30/45] Made some updates to the structure Signed-off-by: Heather Halter --- .../configuration/disable-enable-security.md | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 2933144dcc..31a6d62652 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,22 +10,27 @@ redirect_from: # Disabling and enabling the Security plugin -The Security plugin is installed by default with OpenSearch, but you can disable it temporarily if you want to make testing or internal usage more straightforward. You can then enable it once you're ready to configure security for your cluster. - -If you have your own security solution or need to remove the Security plugin for development purposes, you can uninstall the plugin completely. Note that OpenSearch Dashboards can only run against a secure cluster; if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. +The Security plugin is installed by default with OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file, and you may want to do this to streamline testing. A more substantive change is to remove the Security plugin completely. You might want to remove it if, for example, you have your own security solution or need to remove it for development purposes. +Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it. +{: .warning } -## Disabling security +## Disabling/Enabling the Security plugin -To disable the Security plugin for OpenSearch, add the following line in `opensearch.yml`: +You can disable the Security plugin by editing the `opensearch.yml` file. ```yml plugins.security.disabled: true ``` +You can then enable the plugin by removing the `plugins.security.disabled` setting. + +## Removing/Adding the Security plugin -## Removing the Security plugin +We recommend that you take advantage of the rich features of the Security plugin, but you can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. -While using the Security plugin is always recommended, if you do need to completely remove the Security plugin from your OpenSearch instance, you can take the following steps: +### Removing the Security plugin from OpenSearch + +Do the following to remove the plugin from the OpenSearch core. 1. Delete the `plugins/opensearch-security` folder on all nodes. 1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. @@ -36,18 +41,15 @@ While using the Security plugin is always recommended, if you do need to complet ``` To perform these steps on the Docker image, see [Working with plugins]({{site.url}}{{site.baseurl}}/opensearch/install/docker#working-with-plugins). +{: .note } -Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it. -{: .warning } - - -## Removing the OpenSearch Dashboards Security plugin +### Removing the Security plugin from OpenSearch Dashboards If you disable the Security plugin in `opensearch.yml` and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards Security plugin. For more information, see [OpenSearch Dashboards remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). Refer to the following installation types to remove the OpenSearch Dashboards plugin. -### Docker +#### Docker 1. Remove all Security plugin configuration settings from `opensearch_dashboards.yml` or place the example file in the same folder as the `Dockerfile`: @@ -76,7 +78,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl 1. Change `OPENSEARCH_HOSTS` or `opensearch.hosts` to `http://` rather than `https://`. 1. Enter `docker-compose up`. -### Tarball +#### Tarball 1. Navigate to the `/bin` directory in your OpenSearch Dashboards installation folder and stop the running OpenSearch Dashboards instance by pressing `Ctrl + C`. @@ -100,21 +102,21 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl ./bin/opensearch-dashboards ``` -### RPM and Debian +#### RPM and Debian -1. Stop the running instance of OpenSearch Dashboards by using the following command: +1. Stop the running instance of OpenSearch Dashboards by using the following command. ```bash sudo systemctl stop opensearch-dashboards ``` -1. Navigate to the OpenSearch Dashboards folder `/usr/share/opensearch-dashboards` and run the following command to uninstall the Security plugin: +1. Navigate to the OpenSearch Dashboards folder `/usr/share/opensearch-dashboards` and run the following command to uninstall the Security plugin. ```bash ./bin/opensearch-dashboards-plugin remove securityDashboards ``` -1. Remove all Security plugin configuration settings from the `opensearch_dashboards.yml` file or place the example file in the `/etc/opensearch_dashboards` folder: +1. Remove all Security plugin configuration settings from the `opensearch_dashboards.yml` file or place the example file in the `/etc/opensearch_dashboards` folder. ```yml --- @@ -122,23 +124,19 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl server.host: "0.0.0.0" opensearch.hosts: http://localhost:9200 ``` -1. Start OpenSearch Dashboards: +1. Start OpenSearch Dashboards. ```bash sudo systemctl start opensearch-dashboards ``` -## Enabling security +### Installing the Security plugin -The default version of OpenSearch comes with Security features pre-installed, however if the Security plugin was [disabled]({{site.url}}{{site.baseurl}}/security/configuration/disable-enable-security/) or OpenSearch was installed without security, such as when using the minimal distribution method, you can enable the plugin as follows. +Use the following steps to reinstall the plugin. -A full cluster restart is necessary to enable security features. +After installing the Security plugin, a full cluster restart is necessary to enable security features. {: .warning} -### Installing the OpenSearch plugin - -Use the following steps to install the plugin if you previously uninstalled it. - -1. Disable shard allocation and stop all nodes in order to prevent shards from moving around when the cluster is restarted. +1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. ```json curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ @@ -149,15 +147,15 @@ Use the following steps to install the plugin if you previously uninstalled it. ``` {% include copy.html %} -2. Install the Security plugin on all nodes in your cluster +2. Install the Security plugin on all nodes in your cluster. ```bash bin/opensearch-plugin install opensearch-security ``` {% include copy.html %} -3. Add the necessary configuration to opensearch.yml for TLS encryption. -[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) details different settings which need to be configured. +3. Add the necessary configuration to opensearch.yml for TLS encryption. See +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) for details on the settings that need to be configured. 4. Create the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable. For more information, see [Setting up a custom admin password](https://opensearch.org/docs/latest/security/configuration/demo-configuration/#setting-up-a-custom-admin-password). @@ -172,7 +170,9 @@ Use the following steps to install the plugin if you previously uninstalled it. ``` {% include copy.html %} -### Installing the OpenSearch Dashboards plugin +### Installing the Security plugin on OpenSearch Dashboards + +Use the following steps to reinstall the plugin on OpenSearch Dashboards. 1. Stop running your OpenSearch Dashboards cluster. 2. Install the Security plugin: @@ -181,5 +181,5 @@ Use the following steps to install the plugin if you previously uninstalled it. ./bin/opensearch-dashboards-plugin install securityDashboards ``` -4. Add necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` -5. Start OpenSearch Dashboards. You should be prompted to enter your log in credentials if the plugin was successfully installed. +4. Add the necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` file. +5. Start OpenSearch Dashboards. If the plugin was successfully installed, you'll be prompted to enter your log in credentials. From 2f2946a97ed1626fdb2ce4eb1d99dfc7ba4ac7f0 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:06:18 -0500 Subject: [PATCH 31/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 31a6d62652..2488b1ef97 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,7 +10,7 @@ redirect_from: # Disabling and enabling the Security plugin -The Security plugin is installed by default with OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file, and you may want to do this to streamline testing. A more substantive change is to remove the Security plugin completely. You might want to remove it if, for example, you have your own security solution or need to remove it for development purposes. +The Security plugin is installed by default when using OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file, and you may want to do this to streamline testing. A more substantive change is to remove the Security plugin completely. You might want to remove it if, for example, you have your own security solution or need to remove it for development purposes. Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it. {: .warning } From be77d13e4d053cb6f61967f96a31758e9bd1bb69 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:07:36 -0500 Subject: [PATCH 32/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 2488b1ef97..ea586b5df5 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -26,7 +26,7 @@ You can then enable the plugin by removing the `plugins.security.disabled` setti ## Removing/Adding the Security plugin -We recommend that you take advantage of the rich features of the Security plugin, but you can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Dashboard plugin. +You can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Security Dashboard plugin. ### Removing the Security plugin from OpenSearch From 1189abdd168b1919c5eb38f0d8129c9c7d2a5785 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:07:44 -0500 Subject: [PATCH 33/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index ea586b5df5..a8a67ed351 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -30,7 +30,7 @@ You can completely remove the Security plugin from your OpenSearch instance. Not ### Removing the Security plugin from OpenSearch -Do the following to remove the plugin from the OpenSearch core. +Do the following to remove the plugin from the OpenSearch. 1. Delete the `plugins/opensearch-security` folder on all nodes. 1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. From d22c12b9dd4c0f5c8c0293c96e75e133c9d025ad Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 27 Mar 2024 19:49:22 +0000 Subject: [PATCH 34/45] fixes on security disable-enable page Signed-off-by: AntonEliatra --- .../configuration/disable-enable-security.md | 37 ++++++++++++++----- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index a8a67ed351..31ed709cc8 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -15,6 +15,9 @@ The Security plugin is installed by default when using OpenSearch, but you can t Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it. {: .warning } +Disabling/removing or installing the Security plugin, requires a full cluster restart to enable security features. +{: .warning} + ## Disabling/Enabling the Security plugin You can disable the Security plugin by editing the `opensearch.yml` file. @@ -32,13 +35,30 @@ You can completely remove the Security plugin from your OpenSearch instance. Not Do the following to remove the plugin from the OpenSearch. -1. Delete the `plugins/opensearch-security` folder on all nodes. -1. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. -1. Uninstall the Security plugin by using the following command: +1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. -```bash -/usr/share/opensearch/opensearch-plugin remove opensearch-security -``` + ```json + curl -XPUT "https://localhost:9200/_cluster/settings" -u "admin:" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "none" + } + }' + ``` + {% include copy.html %} +2. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. +3. Uninstall the Security plugin by using the following command: + + ```bash + ./bin/opensearch-plugin remove opensearch-security + ``` +4. Restart the nodes and enable shard allocation + ```json + curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + "transient": { + "cluster.routing.allocation.enable": "all" + } + }' + ``` To perform these steps on the Docker image, see [Working with plugins]({{site.url}}{{site.baseurl}}/opensearch/install/docker#working-with-plugins). {: .note } @@ -133,9 +153,6 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl Use the following steps to reinstall the plugin. -After installing the Security plugin, a full cluster restart is necessary to enable security features. -{: .warning} - 1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. ```json @@ -162,7 +179,7 @@ After installing the Security plugin, a full cluster restart is necessary to ena 5. Restart the nodes and reenable shard allocation. ```json - curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ + curl -XPUT "https://localhost:9200/_cluster/settings" -u "admin:" -H 'Content-Type: application/json' -d '{ "transient": { "cluster.routing.allocation.enable": "all" } From 233d6baa4fc3d13da6526895766ba0d12f225673 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 27 Mar 2024 20:01:17 +0000 Subject: [PATCH 35/45] adding link for installation method on security installation page Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 31ed709cc8..d11233690b 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -164,7 +164,7 @@ Use the following steps to reinstall the plugin. ``` {% include copy.html %} -2. Install the Security plugin on all nodes in your cluster. +2. Install the Security plugin on all nodes in your cluster using one of the [installation methods]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/#install) ```bash bin/opensearch-plugin install opensearch-security From c2900e2629c32a2719712953732eb6f224afbc2e Mon Sep 17 00:00:00 2001 From: Heather Halter Date: Thu, 28 Mar 2024 13:45:07 -0700 Subject: [PATCH 36/45] Update disable-enable-security.md Signed-off-by: Heather Halter --- _security/configuration/disable-enable-security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index d11233690b..8c205543d8 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -12,10 +12,10 @@ redirect_from: The Security plugin is installed by default when using OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file, and you may want to do this to streamline testing. A more substantive change is to remove the Security plugin completely. You might want to remove it if, for example, you have your own security solution or need to remove it for development purposes. -Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it. +Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, make sure to protect it through some other means. If you no longer need the index, delete it. {: .warning } -Disabling/removing or installing the Security plugin, requires a full cluster restart to enable security features. +Disabling, removing, or installing the Security plugin requires a full cluster restart to enable security features. {: .warning} ## Disabling/Enabling the Security plugin From c7e15624f990c7190bb7d745eab8176385d62fdd Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 29 Mar 2024 12:52:53 +0000 Subject: [PATCH 37/45] Update _security/configuration/disable-enable-security.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 8c205543d8..f1fc524380 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -33,7 +33,7 @@ You can completely remove the Security plugin from your OpenSearch instance. Not ### Removing the Security plugin from OpenSearch -Do the following to remove the plugin from the OpenSearch. +Do the following to remove the plugin from OpenSearch. 1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. From 39b77007493f99d6c608600d9d66b6a88b66167d Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 29 Mar 2024 12:52:59 +0000 Subject: [PATCH 38/45] Update _security/configuration/disable-enable-security.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index f1fc524380..f33dc5a67f 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -51,7 +51,7 @@ Do the following to remove the plugin from OpenSearch. ```bash ./bin/opensearch-plugin remove opensearch-security ``` -4. Restart the nodes and enable shard allocation +4. Restart the nodes and enable shard allocation. ```json curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { From ff00e957dbeb9a90375b768beda55915324f9b95 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 29 Mar 2024 12:53:06 +0000 Subject: [PATCH 39/45] Update _security/configuration/disable-enable-security.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index f33dc5a67f..2055a73ef0 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -164,7 +164,7 @@ Use the following steps to reinstall the plugin. ``` {% include copy.html %} -2. Install the Security plugin on all nodes in your cluster using one of the [installation methods]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/#install) +2. Install the Security plugin on all nodes in your cluster using one of the [installation methods]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/#install). ```bash bin/opensearch-plugin install opensearch-security From ac2585cb54a8950516cc7a948a8906480d64485b Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 29 Mar 2024 12:53:15 +0000 Subject: [PATCH 40/45] Update _security/configuration/disable-enable-security.md Co-authored-by: Heather Halter Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 2055a73ef0..5cdb18a825 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -46,7 +46,7 @@ Do the following to remove the plugin from OpenSearch. ``` {% include copy.html %} 2. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. -3. Uninstall the Security plugin by using the following command: +3. Uninstall the Security plugin by using the following command. ```bash ./bin/opensearch-plugin remove opensearch-security From ace820212051391c3b4ef29fe7fbdfb1fe8ca232 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Fri, 29 Mar 2024 13:04:25 +0000 Subject: [PATCH 41/45] Update disable-enable-security.md Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 5cdb18a825..ecabf77d81 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -15,7 +15,7 @@ The Security plugin is installed by default when using OpenSearch, but you can t Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, make sure to protect it through some other means. If you no longer need the index, delete it. {: .warning } -Disabling, removing, or installing the Security plugin requires a full cluster restart to enable security features. +Disabling, removing, or installing the Security plugin requires a full cluster restart, as during this process the individual nodes are not able to communicate with each other. {: .warning} ## Disabling/Enabling the Security plugin From 7044593f1acc6244aadc9233916fc495f1664c9a Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Fri, 29 Mar 2024 16:38:43 -0500 Subject: [PATCH 42/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index ecabf77d81..2f27e6d5aa 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -27,7 +27,7 @@ plugins.security.disabled: true ``` You can then enable the plugin by removing the `plugins.security.disabled` setting. -## Removing/Adding the Security plugin +## Removing and adding the Security plugin You can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Security Dashboard plugin. From f045f81a0a1b24374f667a9e901486072225bad4 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Thu, 4 Apr 2024 15:45:23 +0100 Subject: [PATCH 43/45] Update disable-enable-security.md Signed-off-by: AntonEliatra --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 2f27e6d5aa..f2fb3dbeb7 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -65,7 +65,7 @@ To perform these steps on the Docker image, see [Working with plugins]({{site.ur ### Removing the Security plugin from OpenSearch Dashboards -If you disable the Security plugin in `opensearch.yml` and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards Security plugin. For more information, see [OpenSearch Dashboards remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). +If you disable the Security plugin in `opensearch.yml` and still want to use OpenSearch Dashboards, you must remove the corresponding OpenSearch Dashboards Security plugin. For more information, see [Remove plugins]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/plugins/#remove-plugins). Refer to the following installation types to remove the OpenSearch Dashboards plugin. From cfdaef502e41154c1fe379ef73a392b58523a9f0 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Thu, 4 Apr 2024 15:49:49 +0100 Subject: [PATCH 44/45] Apply suggestions from code review Co-authored-by: Nathan Bower Signed-off-by: AntonEliatra --- .../configuration/disable-enable-security.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index f2fb3dbeb7..653b6f3b49 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -10,17 +10,17 @@ redirect_from: # Disabling and enabling the Security plugin -The Security plugin is installed by default when using OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file, and you may want to do this to streamline testing. A more substantive change is to remove the Security plugin completely. You might want to remove it if, for example, you have your own security solution or need to remove it for development purposes. +The Security plugin is installed by default with OpenSearch, but you can temporarily disable it or remove it altogether. Disabling the plugin involves a change to the `opensearch.yml` file; you may want to do this to streamline testing. A more substantive change is required to remove the Security plugin completely. You might want to remove it if, for example, you are using your own security solution or need to remove it for development purposes. Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, make sure to protect it through some other means. If you no longer need the index, delete it. {: .warning } -Disabling, removing, or installing the Security plugin requires a full cluster restart, as during this process the individual nodes are not able to communicate with each other. +Disabling, removing, or installing the Security plugin requires a full cluster restart because during this process, the individual nodes are not able to communicate with each other. {: .warning} -## Disabling/Enabling the Security plugin +## Disabling/enabling the Security plugin -You can disable the Security plugin by editing the `opensearch.yml` file. +You can disable the Security plugin by editing the `opensearch.yml` file: ```yml plugins.security.disabled: true @@ -29,13 +29,13 @@ You can then enable the plugin by removing the `plugins.security.disabled` setti ## Removing and adding the Security plugin -You can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the OpenSearch Security plugin, you'll have to also uninstall the Security Dashboard plugin. +You can completely remove the Security plugin from your OpenSearch instance. Note that OpenSearch Dashboards can only run against a secure cluster, so if you uninstall the Security plugin, you'll also need to uninstall the OpenSearch Dashboards plugin. ### Removing the Security plugin from OpenSearch Do the following to remove the plugin from OpenSearch. -1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. +1. Disable shard allocation and stop all nodes so that shards don't move when the cluster is restarted: ```json curl -XPUT "https://localhost:9200/_cluster/settings" -u "admin:" -H 'Content-Type: application/json' -d '{ @@ -46,12 +46,12 @@ Do the following to remove the plugin from OpenSearch. ``` {% include copy.html %} 2. Delete all `plugins.security.*` configuration entries from `opensearch.yml`. -3. Uninstall the Security plugin by using the following command. +3. Uninstall the Security plugin by using the following command: ```bash ./bin/opensearch-plugin remove opensearch-security ``` -4. Restart the nodes and enable shard allocation. +4. Restart the nodes and enable shard allocation: ```json curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ "transient": { @@ -117,26 +117,26 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl opensearch.hosts: http://localhost:9200 ``` -1. Start OpenSearch Dashboards. +1. Start OpenSearch Dashboards: ```bash ./bin/opensearch-dashboards ``` #### RPM and Debian -1. Stop the running instance of OpenSearch Dashboards by using the following command. +1. Stop the running instance of OpenSearch Dashboards by using the following command: ```bash sudo systemctl stop opensearch-dashboards ``` -1. Navigate to the OpenSearch Dashboards folder `/usr/share/opensearch-dashboards` and run the following command to uninstall the Security plugin. +1. Navigate to the OpenSearch Dashboards folder `/usr/share/opensearch-dashboards` and run the following command to uninstall the Security plugin: ```bash ./bin/opensearch-dashboards-plugin remove securityDashboards ``` -1. Remove all Security plugin configuration settings from the `opensearch_dashboards.yml` file or place the example file in the `/etc/opensearch_dashboards` folder. +1. Remove all Security plugin configuration settings from the `opensearch_dashboards.yml` file or place the example file in the `/etc/opensearch_dashboards` folder: ```yml --- @@ -144,16 +144,16 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl server.host: "0.0.0.0" opensearch.hosts: http://localhost:9200 ``` -1. Start OpenSearch Dashboards. +1. Start OpenSearch Dashboards: ```bash sudo systemctl start opensearch-dashboards ``` ### Installing the Security plugin -Use the following steps to reinstall the plugin. +Use the following steps to reinstall the plugin: -1. Disable shard allocation and stop all nodes so that you prevent shards from moving when the cluster is restarted. +1. Disable shard allocation and stop all nodes so that shards don't move when the cluster is restarted: ```json curl -XPUT "http://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{ @@ -164,19 +164,19 @@ Use the following steps to reinstall the plugin. ``` {% include copy.html %} -2. Install the Security plugin on all nodes in your cluster using one of the [installation methods]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/#install). +2. Install the Security plugin on all nodes in your cluster using one of the [installation methods]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/#install): ```bash bin/opensearch-plugin install opensearch-security ``` {% include copy.html %} -3. Add the necessary configuration to opensearch.yml for TLS encryption. See -[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) for details on the settings that need to be configured. +3. Add the necessary configuration to `opensearch.yml` for TLS encryption. See +[Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/configuring-opensearch/security-settings/) for information about the settings that need to be configured. 4. Create the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable. For more information, see [Setting up a custom admin password](https://opensearch.org/docs/latest/security/configuration/demo-configuration/#setting-up-a-custom-admin-password). -5. Restart the nodes and reenable shard allocation. +5. Restart the nodes and reenable shard allocation: ```json curl -XPUT "https://localhost:9200/_cluster/settings" -u "admin:" -H 'Content-Type: application/json' -d '{ @@ -189,7 +189,7 @@ Use the following steps to reinstall the plugin. ### Installing the Security plugin on OpenSearch Dashboards -Use the following steps to reinstall the plugin on OpenSearch Dashboards. +Use the following steps to reinstall the plugin on OpenSearch Dashboards: 1. Stop running your OpenSearch Dashboards cluster. 2. Install the Security plugin: @@ -198,5 +198,5 @@ Use the following steps to reinstall the plugin on OpenSearch Dashboards. ./bin/opensearch-dashboards-plugin install securityDashboards ``` -4. Add the necessary [Configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` file. -5. Start OpenSearch Dashboards. If the plugin was successfully installed, you'll be prompted to enter your log in credentials. +4. Add the necessary [configuration]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/) settings in the `opensearch_dashboards.yml` file. +5. Start OpenSearch Dashboards. If the plugin was successfully installed, you'll be prompted to enter your login credentials. From f0bd14122c91aec0430a57f18b63fbe74b5f8f5f Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:38:29 -0500 Subject: [PATCH 45/45] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/disable-enable-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/disable-enable-security.md b/_security/configuration/disable-enable-security.md index 653b6f3b49..811fd2a69f 100755 --- a/_security/configuration/disable-enable-security.md +++ b/_security/configuration/disable-enable-security.md @@ -71,7 +71,7 @@ Refer to the following installation types to remove the OpenSearch Dashboards pl #### Docker -1. Remove all Security plugin configuration settings from `opensearch_dashboards.yml` or place the example file in the same folder as the `Dockerfile`: +1. Remove all Security plugin configuration settings from `opensearch_dashboards.yml` or move the example file to the same folder as the `Dockerfile`: ```yml ---