OpenSearch

The OpenSearch team aims to maintain OpenSearch and OpenSearch Dashboards packages for FreeBSD.

Team

Contact

* Email: <opensearch AT FreeBSD.org>. This is a simple alias and not a mailing-list, therefore there is no public archive available.

If you'd like to be added to the list, just ask and we'll updated the list and wiki page accordingly.

Documentation

Changing the Default Admin Password in OpenSearch

Overview

As of version 2.11.1, OpenSearch does not support changing the default admin password through the REST API or via the OpenSearch Dashboards. This limitation is documented in the OpenSearch project's security issue tracker (#1576) and is expected to be addressed in a future release. In the meantime, administrators must manually update the admin password using the securityadmin.sh script.

Steps to Manually Change the Admin Password

1. Create a Hashed Password

To update the admin password, start by generating a new hashed password. Use the hash.sh script provided with the OpenSearch Security plugin. Set the OPENSEARCH_JAVA_HOME environment variable to point to your Java installation path before running the script. 

OPENSEARCH_JAVA_HOME=/usr/local/openjdk17/ /usr/local/lib/opensearch/plugins/opensearch-security/tools/hash.sh

2. Update the internal_users.yml File

Next, edit the internal_users.yml configuration file located in the OpenSearch Security configuration directory. Replace [hashed_password] with the hash you generated in the previous step.

Edit the /usr/local/etc/opensearch/opensearch-security/internal_users.yml 

admin:
  hash: "[hashed_password]"
  reserved: true
  backend_roles:
    - "admin"
  description: "Demo admin user"

3. Apply Changes to the Cluster

Finally, apply the changes to your OpenSearch cluster. The securityadmin.sh script updates the cluster's security settings. When executing this script, especially in restricted environments such as jails, it's crucial to specify the -h hostname option if no loopback device is configured. 

OPENSEARCH_JAVA_HOME=/usr/local/openjdk17/ /usr/local/lib/opensearch/plugins/opensearch-security/tools/securityadmin.sh \
  -icl \
  -t internalusers \
  -cacert /usr/local/etc/opensearch/root-ca.pem \
  -cert /usr/local/etc/opensearch/osnode.pem \
  -key /usr/local/etc/opensearch/osnode-key.pem \
  -cd /usr/local/etc/opensearch/opensearch-security/ \
  -h node-0.example.com

CategoryTeam

OpenSearch (last edited 2024-02-13T13:48:15+0000 by SvenRuediger)