diff --git a/_opensearch/configuration.md b/_opensearch/configuration.md index 530a7392..2addedfb 100755 --- a/_opensearch/configuration.md +++ b/_opensearch/configuration.md @@ -63,6 +63,6 @@ PUT /_cluster/settings ## Configuration file -You can find `opensearch.yml` in `/usr/share/opensearch/config/opensearch.yml` (Docker) or `/etc/opensearch/opensearch.yml` (RPM and DEB) on each node. +You can find `opensearch.yml` in `/usr/share/opensearch/config/opensearch.yml` (Docker) or `/etc/opensearch/opensearch.yml` (most Linux distributions) on each node. The demo configuration includes a number of settings for the security plugin that you should modify before using OpenSearch for a production workload. To learn more, see [Security]({{site.url}}{{site.baseurl}}/security-plugin/). diff --git a/_opensearch/logs.md b/_opensearch/logs.md index 6669a6ac..205bb0ae 100644 --- a/_opensearch/logs.md +++ b/_opensearch/logs.md @@ -9,7 +9,7 @@ nav_order: 60 The OpenSearch logs include valuable information for monitoring cluster operations and troubleshooting issues. The location of the logs differs based on the installation type: - On Docker, OpenSearch writes most logs to the console and stores the remainder in `opensearch/logs/`. The tarball installation also uses `opensearch/logs/`. -- On the RPM and Debian installations, OpenSearch writes logs to `/var/log/opensearch/`. +- On most Linux installations, OpenSearch writes logs to `/var/log/opensearch/`. Logs are available as `.log` (plain text) and `.json` files. diff --git a/_opensearch/popular-api.md b/_opensearch/popular-api.md index ab4cc465..28fdb077 100644 --- a/_opensearch/popular-api.md +++ b/_opensearch/popular-api.md @@ -6,7 +6,7 @@ nav_order: 96 # Popular APIs -This page contains sample requests for popular OpenSearch APIs. +This page contains sample requests for popular OpenSearch operations. --- @@ -80,7 +80,7 @@ POST _bulk ## List all indices ``` -GET _cat/indices?v +GET _cat/indices?v&expand_wildcards=all ``` @@ -183,7 +183,7 @@ PUT _snapshot/my-repository/my-snapshot ```json POST _snapshot/my-repository/my-snapshot/_restore { - "indices": "-.opensearch_security", + "indices": "-.opendistro_security", "include_global_state": false } ``` diff --git a/_opensearch/snapshot-restore.md b/_opensearch/snapshot-restore.md index ad4200cc..e226b7a5 100644 --- a/_opensearch/snapshot-restore.md +++ b/_opensearch/snapshot-restore.md @@ -362,19 +362,19 @@ Snapshots are only forward-compatible by one major version. If you have an old s If you're using the security plugin, snapshots have some additional restrictions: - To perform snapshot and restore operations, users must have the built-in `manage_snapshots` role. -- You can't restore snapshots that contain global state or the `.opensearch_security` index. +- You can't restore snapshots that contain global state or the `.opendistro_security` index. -If a snapshot contains global state, you must exclude it when performing the restore. If your snapshot also contains the `.opensearch_security` index, either exclude it or list all the other indices you want to include: +If a snapshot contains global state, you must exclude it when performing the restore. If your snapshot also contains the `.opendistro_security` index, either exclude it or list all the other indices you want to include: ```json POST _snapshot/my-repository/3/_restore { - "indices": "-.opensearch_security", + "indices": "-.opendistro_security", "include_global_state": false } ``` -The `.opensearch_security` index contains sensitive data, so we recommend excluding it when you take a snapshot. If you do need to restore the index from a snapshot, you must include an admin certificate in the request: +The `.opendistro_security` index contains sensitive data, so we recommend excluding it when you take a snapshot. If you do need to restore the index from a snapshot, you must include an admin certificate in the request: ```bash curl -k --cert ./kirk.pem --key ./kirk-key.pem -XPOST 'https://localhost:9200/_snapshot/my-repository/3/_restore?pretty' diff --git a/_security-plugin/access-control/users-roles.md b/_security-plugin/access-control/users-roles.md index dda60863..4808fc74 100644 --- a/_security-plugin/access-control/users-roles.md +++ b/_security-plugin/access-control/users-roles.md @@ -31,7 +31,7 @@ You can create users using OpenSearch Dashboards, `internal_users.yml`, or the R ### OpenSearch Dashboards 1. Choose **Security**, **Internal Users**, and **Create internal user**. -1. Provide a username and password. The security plugin automatically hashes the password and stores it in the `.opensearch_security` index. +1. Provide a username and password. The security plugin automatically hashes the password and stores it in the `.opendistro_security` index. 1. If desired, specify user attributes. Attributes are optional user properties that you can use for variable substitution in index permissions or document-level security. diff --git a/_security-plugin/configuration/security-admin.md b/_security-plugin/configuration/security-admin.md index 0d9cd934..6b23bfbc 100755 --- a/_security-plugin/configuration/security-admin.md +++ b/_security-plugin/configuration/security-admin.md @@ -8,11 +8,11 @@ redirect_from: /docs/security/configuration/security-admin/ # Apply configuration changes using securityadmin.sh -The security plugin stores its configuration---including users, roles, and permissions---in an index on the OpenSearch cluster (`.opensearch_security`). Storing these settings in an index lets you change settings without restarting the cluster and eliminates the need to edit configuration files on every single node. +The security plugin stores its configuration---including users, roles, and permissions---in an index on the OpenSearch cluster (`.opendistro_security`). Storing these settings in an index lets you change settings without restarting the cluster and eliminates the need to edit configuration files on every single node. -After changing any of the configuration files in `plugins/opensearch-security/securityconfig`, however, you must run `plugins/opensearch-security/tools/securityadmin.sh` to load these new settings into the index. You must also run this script at least once to initialize the `.opensearch_security` index and configure your authentication and authorization methods. +After changing any of the configuration files in `plugins/opensearch-security/securityconfig`, however, you must run `plugins/opensearch-security/tools/securityadmin.sh` to load these new settings into the index. You must also run this script at least once to initialize the `.opendistro_security` index and configure your authentication and authorization methods. -After the `.opensearch_security` index is initialized, you can use OpenSearch Dashboards to manage your users, roles, and permissions. +After the `.opendistro_security` index is initialized, you can use OpenSearch Dashboards to manage your users, roles, and permissions. ## Configure the admin certificate @@ -228,7 +228,7 @@ Name | Description `-esa` | Enable shard allocation and exit. This option is useful if you disabled shard allocation while performing a full cluster restart and need to recreate the security plugin index. `-w` | Displays information about the used admin certificate. `-rl` | By default, the security plugin caches authenticated users, along with their roles and permissions, for one hour. This option reloads the current security plugin configuration stored in your cluster, invalidating any cached users, roles, and permissions. -`-i` | The security plugin index name. Default is `.opensearch_security`. +`-i` | The security plugin index name. Default is `.opendistro_security`. `-er` | Set explicit number of replicas or auto-expand expression for the `opensearch_security` index. `-era` | Enable replica auto-expand. `-dra` | Disable replica auto-expand. diff --git a/_security-plugin/configuration/system-indices.md b/_security-plugin/configuration/system-indices.md index 0c8fb20e..cf57b965 100644 --- a/_security-plugin/configuration/system-indices.md +++ b/_security-plugin/configuration/system-indices.md @@ -8,9 +8,9 @@ redirect_from: /docs/security/configuration/system-indices/ # System indices -By default, OpenSearch has a protected system index, `.opensearch_security`, which you create using [securityadmin.sh]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin/). Even if your user account has read permissions for all indices, you can't directly access the data in this system index. +By default, OpenSearch has a protected system index, `.opendistro_security`, which you create using [securityadmin.sh]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin/). Even if your user account has read permissions for all indices, you can't directly access the data in this system index. -You can add additional system indices in in `opensearch.yml`. In addition to automatically creating `.opensearch_security`, the demo configuration adds several indices for the various OpenSearch plugins that integrate with the security plugin: +You can add additional system indices in in `opensearch.yml`. In addition to automatically creating `.opendistro_security`, the demo configuration adds several indices for the various OpenSearch plugins that integrate with the security plugin: ```yml plugins.security.system_indices.enabled: true @@ -20,7 +20,7 @@ plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opend To access these indices, you must authenticate with an [admin certificate]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls#configure-admin-certificates): ```bash -curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opensearch_security/_search' +curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search' ``` The alternative is to remove indices from the `plugins.security.system_indices.indices` list on each node and restart OpenSearch. diff --git a/_security-plugin/configuration/yaml.md b/_security-plugin/configuration/yaml.md index cacae07b..b84520ff 100644 --- a/_security-plugin/configuration/yaml.md +++ b/_security-plugin/configuration/yaml.md @@ -8,7 +8,7 @@ redirect_from: /docs/security/configuration/yaml/ # YAML files -Before running `securityadmin.sh` to load the settings into the `.opensearch_security` index, configure the YAML files in `plugins/opensearch-security/securityconfig`. You might want to back up these files so that you can reuse them on other clusters. +Before running `securityadmin.sh` to load the settings into the `.opendistro_security` index, configure the YAML files in `plugins/opensearch-security/securityconfig`. You might want to back up these files so that you can reuse them on other clusters. The best use of these YAML files is to configure [reserved and hidden resources]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#reserved-and-hidden-resources), such as the `admin` and `kibanaserver` users. You might find it easier to create other users, roles, mappings, action groups, and tenants using OpenSearch Dashboards or the REST API.