diff --git a/_dashboards/install/docker.md b/_dashboards/install/docker.md index ea517896..29608e63 100644 --- a/_dashboards/install/docker.md +++ b/_dashboards/install/docker.md @@ -11,7 +11,7 @@ You *can* start OpenSearch Dashboards using `docker run` after [creating a Docke 1. Run `docker pull opensearchproject/opensearch-dashboards:{{site.opensearch_version}}`. -1. Create a [`docker-compose.yml`](https://docs.docker.com/compose/compose-file/) file appropriate for your environment. A sample file that includes OpenSearch Dashboards is available on the OpenSearch [Docker installation page]({{site.url}}{{site.baseurl}}/opensearch/install/docker/#sample-docker-compose-file). +1. Create a [`docker-compose.yml`](https://docs.docker.com/compose/compose-file/) file appropriate for your environment. A sample file that includes OpenSearch Dashboards is available on the OpenSearch [Docker installation page]({{site.url}}{{site.baseurl}}/opensearch/install/docker#sample-docker-compose-file). Just like `opensearch.yml`, you can pass a custom `opensearch_dashboards.yml` to the container in the Docker Compose file. {: .tip } diff --git a/_dashboards/reporting.md b/_dashboards/reporting.md index 272cb062..1c30ec7e 100644 --- a/_dashboards/reporting.md +++ b/_dashboards/reporting.md @@ -7,7 +7,7 @@ nav_order: 20 # Reporting -You can use OpenSearch Dashboards to create PNG, PDF, and CSV reports. To create reports, you must have the correct permissions. For a summary of the predefined roles and the permissions they grant, see the [security plugin]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles/#predefined-roles). +You can use OpenSearch Dashboards to create PNG, PDF, and CSV reports. To create reports, you must have the correct permissions. For a summary of the predefined roles and the permissions they grant, see the [security plugin]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#predefined-roles). ## Create reports from Discovery, Visualize, or Dashboard diff --git a/_im-plugin/ism/policies.md b/_im-plugin/ism/policies.md index 024ce5fa..d0e11b85 100644 --- a/_im-plugin/ism/policies.md +++ b/_im-plugin/ism/policies.md @@ -159,7 +159,7 @@ Parameter | Description | Type | Required } ``` -For information about setting replicas, see [Primary and replica shards]({{site.url}}{{site.baseurl}}/opensearch/#primary-and-replica-shards). +For information about setting replicas, see [Primary and replica shards]({{site.url}}{{site.baseurl}}/opensearch#primary-and-replica-shards). ### close diff --git a/_monitoring-plugins/ad/security.md b/_monitoring-plugins/ad/security.md index 2cfb1571..0fdfa727 100644 --- a/_monitoring-plugins/ad/security.md +++ b/_monitoring-plugins/ad/security.md @@ -19,7 +19,7 @@ Security for anomaly detection works the same as [security for alerting]({{site. As an admin user, you can use the security plugin to assign specific permissions to users based on which APIs they need access to. For a list of supported APIs, see [Anomaly detection API]({{site.url}}{{site.baseurl}}/monitoring-plugins/ad/api/). -The security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles/#predefined-roles). +The security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#predefined-roles). If these roles don't meet your needs, mix and match individual anomaly detection [permissions]({{site.url}}{{site.baseurl}}/security-plugin/access-control/permissions/) to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/ad/detector/delete` permission lets you delete detectors. @@ -27,7 +27,7 @@ If these roles don't meet your needs, mix and match individual anomaly detection Use backend roles to configure fine-grained access to individual detectors based on roles. For example, users of different departments in an organization can view detectors owned by their own department. -First, make sure your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/), but if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api/#create-user). +First, make sure your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/), but if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#create-user). Next, enable the following setting: diff --git a/_monitoring-plugins/alerting/cron.md b/_monitoring-plugins/alerting/cron.md index 6cdde6ea..c482196c 100644 --- a/_monitoring-plugins/alerting/cron.md +++ b/_monitoring-plugins/alerting/cron.md @@ -64,4 +64,4 @@ Every three hours on the first day of every other month: ## API -For an example of how to use a custom cron expression in an API call, see the [create monitor API operation]({{site.url}}{{site.baseurl}}/monitoring-plugins/alerting/api/#request-1). +For an example of how to use a custom cron expression in an API call, see the [create monitor API operation]({{site.url}}{{site.baseurl}}/monitoring-plugins/alerting/api#request-1). diff --git a/_monitoring-plugins/alerting/security.md b/_monitoring-plugins/alerting/security.md index 545ce710..a4cc1868 100644 --- a/_monitoring-plugins/alerting/security.md +++ b/_monitoring-plugins/alerting/security.md @@ -13,7 +13,7 @@ If you use the security plugin alongside alerting, you might want to limit certa ## Basic permissions -The security plugin has three built-in roles that cover most alerting use cases: `alerting_read_access`, `alerting_ack_alerts`, and `alerting_full_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles/#predefined-roles). +The security plugin has three built-in roles that cover most alerting use cases: `alerting_read_access`, `alerting_ack_alerts`, and `alerting_full_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#predefined-roles). If these roles don't meet your needs, mix and match individual alerting [permissions]({{site.url}}{{site.baseurl}}/security-plugin/access-control/permissions/) to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/alerting/destination/delete` permission lets you delete destinations. @@ -36,7 +36,7 @@ After making the change, the monitor now runs with the same permissions as `psan Out of the box, the alerting plugin has no concept of ownership. For example, if you have the `cluster:admin/opensearch/alerting/monitor/write` permission, you can edit *all* monitors, regardless of whether you created them. If a small number of trusted users manage your monitors and destinations, this lack of ownership generally isn't a problem. A larger organization might need to segment access by backend role. -First, make sure that your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/). However, if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api/#create-user). +First, make sure that your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/). However, if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#create-user). Next, enable the following setting: diff --git a/_monitoring-plugins/pa/index.md b/_monitoring-plugins/pa/index.md index 24fd575d..20dda077 100644 --- a/_monitoring-plugins/pa/index.md +++ b/_monitoring-plugins/pa/index.md @@ -66,7 +66,7 @@ PerfTop has no interactivity. Start the application, monitor the dashboard, and Performance Analyzer uses `/dev/shm` for temporary storage. During heavy workloads on a cluster, Performance Analyzer can use up to 1 GB of space. -Docker, however, has a default `/dev/shm` size of 64 MB. To change this value, you can use the `docker run --shm-size 1gb` flag or [a similar setting in Docker Compose](https://docs.docker.com/compose/compose-file/#shm_size). +Docker, however, has a default `/dev/shm` size of 64 MB. To change this value, you can use the `docker run --shm-size 1gb` flag or [a similar setting in Docker Compose](https://docs.docker.com/compose/compose-file#shm_size). If you're not using Docker, check the size of `/dev/shm` using `df -h`. The default value is probably plenty, but if you need to change its size, add the following line to `/etc/fstab`: diff --git a/_opensearch/install/docker.md b/_opensearch/install/docker.md index c4edc66a..230fd98a 100644 --- a/_opensearch/install/docker.md +++ b/_opensearch/install/docker.md @@ -156,7 +156,7 @@ If you override `opensearch_dashboards.yml` settings using environment variables ## Configure OpenSearch -You can pass a custom `opensearch.yml` file to the Docker container using the [`-v` flag](https://docs.docker.com/engine/reference/commandline/run/#mount-volume--v---read-only) for `docker run`: +You can pass a custom `opensearch.yml` file to the Docker container using the [`-v` flag](https://docs.docker.com/engine/reference/commandline/run#mount-volume--v---read-only) for `docker run`: ```bash docker run \ diff --git a/_opensearch/install/important-settings.md b/_opensearch/install/important-settings.md index 2c534ed0..f39331c9 100644 --- a/_opensearch/install/important-settings.md +++ b/_opensearch/install/important-settings.md @@ -21,7 +21,7 @@ vm.max_map_count=262144 Then run `sudo sysctl -p` to reload. -The [sample docker-compose.yml]({{site.url}}{{site.baseurl}}/opensearch/install/docker/#sample-docker-compose-file) file also contains several key settings: +The [sample docker-compose.yml]({{site.url}}{{site.baseurl}}/opensearch/install/docker#sample-docker-compose-file) file also contains several key settings: - `bootstrap.memory_lock=true` diff --git a/_opensearch/install/tar.md b/_opensearch/install/tar.md index 9a8687ef..2d0f9310 100644 --- a/_opensearch/install/tar.md +++ b/_opensearch/install/tar.md @@ -142,6 +142,6 @@ In a tarball installation, Performance Analyzer collects data when it is enabled ### (Optional) Removing Performance Analyzer -See [Clean up Performance Analyzer files]({{site.url}}{{site.baseurl}}/plugins/#optional-clean-up-performance-analyzer-files). +See [Clean up Performance Analyzer files]({{site.url}}{{site.baseurl}}/plugins#optional-clean-up-performance-analyzer-files). {% endcomment %} diff --git a/_opensearch/snapshot-restore.md b/_opensearch/snapshot-restore.md index 4f1529be..ad4200cc 100644 --- a/_opensearch/snapshot-restore.md +++ b/_opensearch/snapshot-restore.md @@ -100,7 +100,7 @@ Setting | Description sudo ./bin/opensearch-plugin install repository-s3 ``` - If you're using the Docker installation, see [Customize the Docker image]({{site.url}}{{site.baseurl}}/opensearch/install/docker/#customize-the-docker-image). Your `Dockerfile` should look something like this: + If you're using the Docker installation, see [Customize the Docker image]({{site.url}}{{site.baseurl}}/opensearch/install/docker#customize-the-docker-image). Your `Dockerfile` should look something like this: ``` FROM opensearchproject/opensearch:{{site.opensearch_version}} diff --git a/_opensearch/ux.md b/_opensearch/ux.md index c66e03da..8c6b378e 100644 --- a/_opensearch/ux.md +++ b/_opensearch/ux.md @@ -39,7 +39,7 @@ These methods are described in the following sections. Prefix matching finds documents that matches the last term in the query string. For example, assume that the user types “qui” into a search UI. To autocomplete this phrase, use the `match_phrase_prefix` query to search all `text_entry` fields that begin with the prefix "qui." -To make the word order and relative positions flexible, specify a `slop` value. To learn about the `slop` option, see [Options]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/full-text/#options). +To make the word order and relative positions flexible, specify a `slop` value. To learn about the `slop` option, see [Options]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/full-text#options). #### Sample Request @@ -59,7 +59,7 @@ GET shakespeare/_search Prefix matching doesn’t require any special mappings. It works with your data as-is. However, it’s a fairly resource-intensive operation. A prefix of `a` could match hundreds of thousands of terms and not be useful to your user. -To limit the impact of prefix expansion, set `max_expansions` to a reasonable number. To learn about the `max_expansions` option, see [Options]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/full-text/#options). +To limit the impact of prefix expansion, set `max_expansions` to a reasonable number. To learn about the `max_expansions` option, see [Options]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/full-text#options). #### Sample Request diff --git a/_search-plugins/async/security.md b/_search-plugins/async/security.md index 1992d279..ba8e9dce 100644 --- a/_search-plugins/async/security.md +++ b/_search-plugins/async/security.md @@ -17,7 +17,7 @@ All asynchronous search indices are protected as system indices. Only a super ad As an admin user, you can use the security plugin to assign specific permissions to users based on which API operations they need access to. For a list of supported APIs operations, see [Asynchronous search]({{site.url}}{{site.baseurl}}/). -The security plugin has two built-in roles that cover most asynchronous search use cases: `asynchronous_search_full_access` and `asynchronous_search_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles/#predefined-roles). +The security plugin has two built-in roles that cover most asynchronous search use cases: `asynchronous_search_full_access` and `asynchronous_search_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#predefined-roles). If these roles don’t meet your needs, mix and match individual asynchronous search permissions to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/asynchronous_search/delete` permission lets you delete a previously submitted asynchronous search. @@ -25,7 +25,7 @@ If these roles don’t meet your needs, mix and match individual asynchronous se Use backend roles to configure fine-grained access to asynchronous searches based on roles. For example, users of different departments in an organization can view asynchronous searches owned by their own department. -First, make sure your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/). However, if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api/#create-user). +First, make sure your users have the appropriate [backend roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/). Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security-plugin/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security-plugin/configuration/saml/). However, if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#create-user). Now when users view asynchronous search resources in OpenSearch Dashboards (or make REST API calls), they only see asynchronous searches submitted by users who have a subset of the backend role. For example, consider two users: `judy` and `elon`. diff --git a/_search-plugins/knn/knn-score-script.md b/_search-plugins/knn/knn-score-script.md index 59ea743a..a22d3a0c 100644 --- a/_search-plugins/knn/knn-score-script.md +++ b/_search-plugins/knn/knn-score-script.md @@ -103,7 +103,7 @@ All parameters are required. - `query_value` is the point you want to find the nearest neighbors for. For the Euclidean and cosine similarity spaces, the value must be an array of floats that matches the dimension set in the field's mapping. For Hamming bit distance, this value can be either of type signed long or a base64-encoded string (for the long and binary field types, respectively). - `space_type` corresponds to the distance function. See the [spaces section](#spaces). -The [post filter example in the approximate approach]({{site.url}}{{site.baseurl}}/search-plugins/knn/approximate-knn/#using-approximate-k-nn-with-filters) shows a search that returns fewer than `k` results. If you want to avoid this situation, the score script method lets you essentially invert the order of events. In other words, you can filter down the set of documents over which to execute the k-nearest neighbor search. +The [post filter example in the approximate approach]({{site.url}}{{site.baseurl}}/search-plugins/knn/approximate-knn#using-approximate-k-nn-with-filters) shows a search that returns fewer than `k` results. If you want to avoid this situation, the score script method lets you essentially invert the order of events. In other words, you can filter down the set of documents over which to execute the k-nearest neighbor search. This example shows a pre-filter approach to k-NN search with the score script approach. First, create the index: diff --git a/_security-plugin/access-control/field-masking.md b/_security-plugin/access-control/field-masking.md index 091e90bb..b19a5337 100644 --- a/_security-plugin/access-control/field-masking.md +++ b/_security-plugin/access-control/field-masking.md @@ -70,7 +70,7 @@ someonerole: ### REST API -See [Create role]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api/#create-role). +See [Create role]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#create-role). ## (Advanced) Use an alternative hash algorithm diff --git a/_security-plugin/configuration/client-auth.md b/_security-plugin/configuration/client-auth.md index d33f0c98..97c0b01c 100644 --- a/_security-plugin/configuration/client-auth.md +++ b/_security-plugin/configuration/client-auth.md @@ -43,7 +43,7 @@ clientcert_auth_domain: You can now assign your certificate's common name (CN) to a role. For this step, you must know your certificate's CN and the role you want to assign to. To get a list of all predefined roles in OpenSearch, refer to our [list of predefined roles]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#predefined-roles). If you want to first create a role, refer to [how to create a role]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#create-users), and then map your certificate's CN to that role. -After deciding which role you want to map your certificate's CN to, you can use [OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#map-users-to-roles), [`roles_mapping.yml`]({{site.url}}{{site.baseurl}}/security-plugin/configuration/yaml/#roles_mappingyml), or the [REST API]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api/#create-role-mapping) to map your certificate's CN to the role. The following example uses the `REST API` to map the common name `CLIENT1` to the role `readall`. +After deciding which role you want to map your certificate's CN to, you can use [OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/security-plugin/access-control/users-roles#map-users-to-roles), [`roles_mapping.yml`]({{site.url}}{{site.baseurl}}/security-plugin/configuration/yaml#roles_mappingyml), or the [REST API]({{site.url}}{{site.baseurl}}/security-plugin/access-control/api#create-role-mapping) to map your certificate's CN to the role. The following example uses the `REST API` to map the common name `CLIENT1` to the role `readall`. **Sample request** diff --git a/_security-plugin/configuration/generate-certificates.md b/_security-plugin/configuration/generate-certificates.md index fcd044c4..1ffe35a0 100755 --- a/_security-plugin/configuration/generate-certificates.md +++ b/_security-plugin/configuration/generate-certificates.md @@ -89,7 +89,7 @@ Just like the root certificate, use the `-days` option to specify an expiration Follow the steps in [Generate an admin certificate](#generate-an-admin-certificate) with new file names to generate a new certificate for each node and as many client certificates as you need. Each certificate should use its own private key. -If you generate node certificates and have `plugins.security.ssl.transport.enforce_hostname_verification` set to `true` (default), be sure to specify a common name (CN) for the certificate that matches the hostname of the intended node. If you want to use the same node certificate on all nodes (not recommended), set hostname verification to `false`. For more information, see [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls/#advanced-hostname-verification-and-dns-lookup). +If you generate node certificates and have `plugins.security.ssl.transport.enforce_hostname_verification` set to `true` (default), be sure to specify a common name (CN) for the certificate that matches the hostname of the intended node. If you want to use the same node certificate on all nodes (not recommended), set hostname verification to `false`. For more information, see [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls#advanced-hostname-verification-and-dns-lookup). ### Sample script @@ -184,7 +184,7 @@ After configuring your certificates and starting OpenSearch, run `securityadmin. For more information about what this command does, see [Apply configuration changes]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin/). {: .tip } -If you use Docker, see [Bash access to containers]({{site.url}}{{site.baseurl}}/opensearch/install/docker/#bash-access-to-containers). +If you use Docker, see [Bash access to containers]({{site.url}}{{site.baseurl}}/opensearch/install/docker#bash-access-to-containers). ## OpenSearch Dashboards diff --git a/_security-plugin/configuration/system-indices.md b/_security-plugin/configuration/system-indices.md index 1ebdf8bb..0c8fb20e 100644 --- a/_security-plugin/configuration/system-indices.md +++ b/_security-plugin/configuration/system-indices.md @@ -17,7 +17,7 @@ plugins.security.system_indices.enabled: true plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"] ``` -To access these indices, you must authenticate with an [admin certificate]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls/#configure-admin-certificates): +To access these indices, you must authenticate with an [admin certificate]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls#configure-admin-certificates): ```bash curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opensearch_security/_search' diff --git a/_troubleshoot/security-admin.md b/_troubleshoot/security-admin.md index e0bb6bad..d7755611 100644 --- a/_troubleshoot/security-admin.md +++ b/_troubleshoot/security-admin.md @@ -92,7 +92,7 @@ Connected as CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE ERR: CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE is not an admin user ``` -You must use an admin certificate when executing the script. To learn more, see [Configure admin certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls/#configure-admin-certificates). +You must use an admin certificate when executing the script. To learn more, see [Configure admin certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls#configure-admin-certificates). ## Use the diagnose option