This commit is contained in:
aetter 2021-06-18 08:57:53 -07:00
parent 59e7b8d64a
commit 4e469c2579
8 changed files with 18 additions and 18 deletions

View File

@ -63,6 +63,6 @@ PUT /_cluster/settings
## Configuration file
You can find `opensearch.yml` in `/usr/share/opensearch/config/opensearch.yml` (Docker) or `/etc/opensearch/opensearch.yml` (RPM and DEB) on each node.
You can find `opensearch.yml` in `/usr/share/opensearch/config/opensearch.yml` (Docker) or `/etc/opensearch/opensearch.yml` (most Linux distributions) on each node.
The demo configuration includes a number of settings for the security plugin that you should modify before using OpenSearch for a production workload. To learn more, see [Security]({{site.url}}{{site.baseurl}}/security-plugin/).

View File

@ -9,7 +9,7 @@ nav_order: 60
The OpenSearch logs include valuable information for monitoring cluster operations and troubleshooting issues. The location of the logs differs based on the installation type:
- On Docker, OpenSearch writes most logs to the console and stores the remainder in `opensearch/logs/`. The tarball installation also uses `opensearch/logs/`.
- On the RPM and Debian installations, OpenSearch writes logs to `/var/log/opensearch/`.
- On most Linux installations, OpenSearch writes logs to `/var/log/opensearch/`.
Logs are available as `.log` (plain text) and `.json` files.

View File

@ -6,7 +6,7 @@ nav_order: 96
# Popular APIs
This page contains sample requests for popular OpenSearch APIs.
This page contains sample requests for popular OpenSearch operations.
---
@ -80,7 +80,7 @@ POST _bulk
## List all indices
```
GET _cat/indices?v
GET _cat/indices?v&expand_wildcards=all
```
@ -183,7 +183,7 @@ PUT _snapshot/my-repository/my-snapshot
```json
POST _snapshot/my-repository/my-snapshot/_restore
{
"indices": "-.opensearch_security",
"indices": "-.opendistro_security",
"include_global_state": false
}
```

View File

@ -362,19 +362,19 @@ Snapshots are only forward-compatible by one major version. If you have an old s
If you're using the security plugin, snapshots have some additional restrictions:
- To perform snapshot and restore operations, users must have the built-in `manage_snapshots` role.
- You can't restore snapshots that contain global state or the `.opensearch_security` index.
- You can't restore snapshots that contain global state or the `.opendistro_security` index.
If a snapshot contains global state, you must exclude it when performing the restore. If your snapshot also contains the `.opensearch_security` index, either exclude it or list all the other indices you want to include:
If a snapshot contains global state, you must exclude it when performing the restore. If your snapshot also contains the `.opendistro_security` index, either exclude it or list all the other indices you want to include:
```json
POST _snapshot/my-repository/3/_restore
{
"indices": "-.opensearch_security",
"indices": "-.opendistro_security",
"include_global_state": false
}
```
The `.opensearch_security` index contains sensitive data, so we recommend excluding it when you take a snapshot. If you do need to restore the index from a snapshot, you must include an admin certificate in the request:
The `.opendistro_security` index contains sensitive data, so we recommend excluding it when you take a snapshot. If you do need to restore the index from a snapshot, you must include an admin certificate in the request:
```bash
curl -k --cert ./kirk.pem --key ./kirk-key.pem -XPOST 'https://localhost:9200/_snapshot/my-repository/3/_restore?pretty'

View File

@ -31,7 +31,7 @@ You can create users using OpenSearch Dashboards, `internal_users.yml`, or the R
### OpenSearch Dashboards
1. Choose **Security**, **Internal Users**, and **Create internal user**.
1. Provide a username and password. The security plugin automatically hashes the password and stores it in the `.opensearch_security` index.
1. Provide a username and password. The security plugin automatically hashes the password and stores it in the `.opendistro_security` index.
1. If desired, specify user attributes.
Attributes are optional user properties that you can use for variable substitution in index permissions or document-level security.

View File

@ -8,11 +8,11 @@ redirect_from: /docs/security/configuration/security-admin/
# Apply configuration changes using securityadmin.sh
The security plugin stores its configuration---including users, roles, and permissions---in an index on the OpenSearch cluster (`.opensearch_security`). Storing these settings in an index lets you change settings without restarting the cluster and eliminates the need to edit configuration files on every single node.
The security plugin stores its configuration---including users, roles, and permissions---in an index on the OpenSearch cluster (`.opendistro_security`). Storing these settings in an index lets you change settings without restarting the cluster and eliminates the need to edit configuration files on every single node.
After changing any of the configuration files in `plugins/opensearch-security/securityconfig`, however, you must run `plugins/opensearch-security/tools/securityadmin.sh` to load these new settings into the index. You must also run this script at least once to initialize the `.opensearch_security` index and configure your authentication and authorization methods.
After changing any of the configuration files in `plugins/opensearch-security/securityconfig`, however, you must run `plugins/opensearch-security/tools/securityadmin.sh` to load these new settings into the index. You must also run this script at least once to initialize the `.opendistro_security` index and configure your authentication and authorization methods.
After the `.opensearch_security` index is initialized, you can use OpenSearch Dashboards to manage your users, roles, and permissions.
After the `.opendistro_security` index is initialized, you can use OpenSearch Dashboards to manage your users, roles, and permissions.
## Configure the admin certificate
@ -228,7 +228,7 @@ Name | Description
`-esa` | Enable shard allocation and exit. This option is useful if you disabled shard allocation while performing a full cluster restart and need to recreate the security plugin index.
`-w` | Displays information about the used admin certificate.
`-rl` | By default, the security plugin caches authenticated users, along with their roles and permissions, for one hour. This option reloads the current security plugin configuration stored in your cluster, invalidating any cached users, roles, and permissions.
`-i` | The security plugin index name. Default is `.opensearch_security`.
`-i` | The security plugin index name. Default is `.opendistro_security`.
`-er` | Set explicit number of replicas or auto-expand expression for the `opensearch_security` index.
`-era` | Enable replica auto-expand.
`-dra` | Disable replica auto-expand.

View File

@ -8,9 +8,9 @@ redirect_from: /docs/security/configuration/system-indices/
# System indices
By default, OpenSearch has a protected system index, `.opensearch_security`, which you create using [securityadmin.sh]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin/). Even if your user account has read permissions for all indices, you can't directly access the data in this system index.
By default, OpenSearch has a protected system index, `.opendistro_security`, which you create using [securityadmin.sh]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin/). Even if your user account has read permissions for all indices, you can't directly access the data in this system index.
You can add additional system indices in in `opensearch.yml`. In addition to automatically creating `.opensearch_security`, the demo configuration adds several indices for the various OpenSearch plugins that integrate with the security plugin:
You can add additional system indices in in `opensearch.yml`. In addition to automatically creating `.opendistro_security`, the demo configuration adds several indices for the various OpenSearch plugins that integrate with the security plugin:
```yml
plugins.security.system_indices.enabled: true
@ -20,7 +20,7 @@ plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opend
To access these indices, you must authenticate with an [admin certificate]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls#configure-admin-certificates):
```bash
curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opensearch_security/_search'
curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search'
```
The alternative is to remove indices from the `plugins.security.system_indices.indices` list on each node and restart OpenSearch.

View File

@ -8,7 +8,7 @@ redirect_from: /docs/security/configuration/yaml/
# YAML files
Before running `securityadmin.sh` to load the settings into the `.opensearch_security` index, configure the YAML files in `plugins/opensearch-security/securityconfig`. You might want to back up these files so that you can reuse them on other clusters.
Before running `securityadmin.sh` to load the settings into the `.opendistro_security` index, configure the YAML files in `plugins/opensearch-security/securityconfig`. You might want to back up these files so that you can reuse them on other clusters.
The best use of these YAML files is to configure [reserved and hidden resources]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#reserved-and-hidden-resources), such as the `admin` and `kibanaserver` users. You might find it easier to create other users, roles, mappings, action groups, and tenants using OpenSearch Dashboards or the REST API.