Added opensearch.yml and password regex rules
This commit is contained in:
parent
62491a2a98
commit
d7ce813388
|
@ -89,6 +89,39 @@ snapshotrestore:
|
||||||
description: "Demo snapshotrestore user"
|
description: "Demo snapshotrestore user"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## opensearch.yml
|
||||||
|
|
||||||
|
This file contains relative file paths to TLS certificates and their attributes, such as distinguished names and trusted certificate authorities.
|
||||||
|
|
||||||
|
```yml
|
||||||
|
plugins.security.ssl.transport.pemcert_filepath: esnode.pem
|
||||||
|
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
|
||||||
|
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
|
||||||
|
plugins.security.ssl.transport.enforce_hostname_verification: false
|
||||||
|
plugins.security.ssl.http.enabled: true
|
||||||
|
plugins.security.ssl.http.pemcert_filepath: esnode.pem
|
||||||
|
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
|
||||||
|
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
|
||||||
|
plugins.security.allow_unsafe_democertificates: true
|
||||||
|
plugins.security.allow_default_init_securityindex: true
|
||||||
|
plugins.security.authcz.admin_dn:
|
||||||
|
- CN=kirk,OU=client,O=client,L=test, C=de
|
||||||
|
|
||||||
|
plugins.security.audit.type: internal_opensearch
|
||||||
|
plugins.security.enable_snapshot_restore_privilege: true
|
||||||
|
plugins.security.check_snapshot_restore_write_privileges: true
|
||||||
|
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
|
||||||
|
plugins.security.system_indices.enabled: true
|
||||||
|
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]
|
||||||
|
node.max_local_storage_nodes: 3
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want to run your users' passwords against some validation, you can specify the necessary regex in this file. You can also include an error message that loads if any passwords don't pass validation. The following example demonstrates how to include a regex so OpenSearch requires new passwords to be a minimum of eight characters with at least one uppercase, one lowercase, one digit, and one special character. Note that OpenSearch validates only users and passwords created through OpenSearch Dashboards or the REST API.
|
||||||
|
|
||||||
|
```yml
|
||||||
|
plugins.restapi.password_validation_regex: '(?=.*[A-Z])(?=.*[^a-zA-Z\d])(?=.*[0-9])(?=.*[a-z]).{8,}'
|
||||||
|
plugins.restapi.password_validation_error_message: "Password must be minimum 8 characters long and must contain minimum one uppercase letter, one lowercase letter, one digit, and one special character."
|
||||||
|
```
|
||||||
|
|
||||||
## roles.yml
|
## roles.yml
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue