Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds documentation for security demo configuration setup #6058

Merged
merged 32 commits into from
Feb 1, 2024
Merged

Adds documentation for security demo configuration setup #6058

Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
d7518c2
Adds documentation for security demo configuration setup
DarshitChanpura Jan 8, 2024
5a0ce73
Removes hardcoded version numbers
DarshitChanpura Jan 8, 2024
c379bd1
Updates distributions for different documentations
DarshitChanpura Jan 8, 2024
16e0c84
Renames placeholder
DarshitChanpura Jan 8, 2024
19d9b24
Resolves some vale errors
DarshitChanpura Jan 8, 2024
a1b923a
Resolves some more vale warnings
DarshitChanpura Jan 8, 2024
6195035
Updates sample docker compose wordings
DarshitChanpura Jan 8, 2024
b24550b
Improves wordings
DarshitChanpura Jan 8, 2024
56e8fb8
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 9, 2024
7802e2a
Changes the demo config page title
DarshitChanpura Jan 9, 2024
d85466e
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 9, 2024
d76474d
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 10, 2024
309de3b
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 11, 2024
e479f77
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 11, 2024
d73ad0c
Address PR comments
DarshitChanpura Jan 12, 2024
d24806e
Merge remote-tracking branch 'upstream/main' into add-demo-config-sec…
DarshitChanpura Jan 12, 2024
c234c20
Renames admin password placeholder and updates another sentence
DarshitChanpura Jan 12, 2024
84b0f61
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 13, 2024
db0009a
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 16, 2024
02c64d5
Merge branch 'main' into add-demo-config-section
Naarcha-AWS Jan 16, 2024
e7b0eb6
Apply suggestions from code review
Naarcha-AWS Jan 16, 2024
db09da3
Apply suggestions from code review
Naarcha-AWS Jan 16, 2024
fc9e1d3
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 16, 2024
22b6023
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 17, 2024
9d551b0
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 19, 2024
8dc82eb
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 22, 2024
9e7d57b
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 23, 2024
9b28f14
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 25, 2024
93fdf94
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 27, 2024
74fb9e4
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 30, 2024
5687973
Merge branch 'main' into add-demo-config-section
DarshitChanpura Jan 31, 2024
43b51f1
Merge branch 'main' into add-demo-config-section
DarshitChanpura Feb 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion _install-and-configure/install-dashboards/debian.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,5 +129,5 @@ By default, OpenSearch Dashboards, like OpenSearch, binds to `localhost` when yo
sudo systemctl restart opensearch-dashboards
```
1. From a web browser, navigate to OpenSearch Dashboards. The default port is 5601.
1. Log in with the default username `admin` and the default password `admin`.
1. Log in with the default username `admin` and the default password `admin`. (For OpenSearch 2.12 and later, the password should be the custom admin password)
Copy link
Collaborator

@Naarcha-AWS Naarcha-AWS Jan 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would user's set the custom password in OpenSearch Dashboards 2.12? The same way as described in the Install OpenSearch sections?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have described this here as part of OpenSearch setup, since this is OSD setup.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a link to that section then. I'll do that during the editorial review.

1. Visit [Getting started with OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/dashboards/index/) to learn more.
2 changes: 1 addition & 1 deletion _install-and-configure/install-dashboards/helm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Before you get started, you must first use [Helm to install OpenSearch]({{site.u
Make sure that you can send requests to your OpenSearch pod:

```json
$ curl -XGET https://localhost:9200 -u 'admin:admin' --insecure
$ curl -XGET https://localhost:9200 -u 'admin:<custom-admin-password>' --insecure
{
"name" : "opensearch-cluster-master-1",
"cluster_name" : "opensearch-cluster",
Expand Down
12 changes: 10 additions & 2 deletions _install-and-configure/install-opensearch/debian.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,15 @@
# arm64
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb
```
For OpenSearch 2.12 and greater, a custom admin password is required in order to set up a security demo configuration. To set a custom admin password, use one the following commands:

Check failure on line 48 in _install-and-configure/install-opensearch/debian.md

View workflow job for this annotation

GitHub Actions / style-job 

[vale] reported by reviewdog 🐶
[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'configuration. To'.

Raw Output:
{"message": "[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'configuration. To'.", "location": {"path": "_install-and-configure/install-opensearch/debian.md", "range": {"start": {"line": 48, "column": 108}}}, "severity": "ERROR"}
```bash
# x64
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb

# arm64
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb
```

1. After the installation succeeds, enable OpenSearch as a service.
```bash
sudo systemctl enable opensearch
Expand Down Expand Up @@ -175,7 +183,7 @@
1. Send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand All @@ -201,7 +209,7 @@
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand Down
6 changes: 5 additions & 1 deletion _install-and-configure/install-opensearch/docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,13 @@ Before continuing, you should verify that Docker is working correctly by deployi
# This command maps ports 9200 and 9600, sets the discovery type to "single-node" and requests the newest image of OpenSearch
docker run -d -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" opensearchproject/opensearch:latest
```
For OpenSearch 2.12 or greater, set a new custom admin password before installation using the following command:
```bash
docker run -d -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password>" opensearchproject/opensearch:latest
```
1. Send a request to port 9200. The default username and password are `admin`.
```bash
curl https://localhost:9200 -ku 'admin:admin'
curl https://localhost:9200 -ku 'admin:<custom-admin-password>'
```
{% include copy.html %}

Expand Down
8 changes: 8 additions & 0 deletions _install-and-configure/install-opensearch/helm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,14 @@ You can also build the `opensearch-1.0.0.tgz` file manually:
```
{% include copy.html %}

For OpenSearch 2.12 or greater, customize the admin password in `values.yaml` under `extraEnvs`, as shown in the following example:

```yaml
extraEnvs:
- name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
value: <custom-admin-password>
```

#### Sample output

```yaml
Expand Down
17 changes: 15 additions & 2 deletions _install-and-configure/install-opensearch/rpm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,19 @@
# Install the arm64 package using rpm.
sudo rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm
```
For OpenSearch 2.12 and greater, a custom admin password is required in order to set up a security demo configuration. To set a custom admin password, use one the following commands:

Check failure on line 60 in _install-and-configure/install-opensearch/rpm.md

View workflow job for this annotation

GitHub Actions / style-job 

[vale] reported by reviewdog 🐶
[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'configuration. To'.

Raw Output:
{"message": "[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'configuration. To'.", "location": {"path": "_install-and-configure/install-opensearch/rpm.md", "range": {"start": {"line": 60, "column": 105}}}, "severity": "ERROR"}
```bash
# Install the x64 package using yum.
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the x64 package using rpm.
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the arm64 package using yum.
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the arm64 package using rpm.
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password> rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm
1. After the installation succeeds, enable OpenSearch as a service.
```bash
sudo systemctl enable opensearch
Expand Down Expand Up @@ -147,7 +160,7 @@
1. Send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand All @@ -173,7 +186,7 @@
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand Down
10 changes: 8 additions & 2 deletions _install-and-configure/install-opensearch/tar.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,16 @@ An OpenSearch node configured by the demo security script is not suitable for a
```
{% include copy.html %}

For OpenSearch 2.12 or greater, set a new custom admin password before installation using the following command:
```bash
$ export OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password>
```
{% include copy.html %}

1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand All @@ -129,7 +135,7 @@ An OpenSearch node configured by the demo security script is not suitable for a
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:<custom-admin-password>' --insecure
```
{% include copy.html %}

Expand Down
9 changes: 7 additions & 2 deletions _install-and-configure/install-opensearch/windows.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,16 @@ An OpenSearch node in its default configuration (with demo certificates and user
.\opensearch-windows-install.bat
```
{% include copy.html %}
For OpenSearch 2.12 or greater, set a new custom admin password before installation using the following command:
```bat
> set OPENSEARCH_INITIAL_ADMIN_PASSWORD=<custom-admin-password>
```
{% include copy.html %}

1. Open a new command prompt and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bat
curl.exe -X GET https://localhost:9200 -u "admin:admin" --insecure
curl.exe -X GET https://localhost:9200 -u "admin:<custom-admin-password>" --insecure
```
{% include copy.html %}

Expand All @@ -100,7 +105,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
```
- Query the plugins endpoint:
```bat
curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:admin" --insecure
curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:<custom-admin-password>" --insecure
```
{% include copy.html %}

Expand Down
34 changes: 17 additions & 17 deletions _install-and-configure/upgrade-opensearch/appendix/rolling-upgrade-lab.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
1. Press `Ctrl+C` to stop following container logs and return to the command prompt.
1. Use cURL to query the OpenSearch REST API. In the following command, `os-node-01` is queried by sending the request to host port `9201`, which is mapped to port `9200` on the container:
```bash
curl -s "https://localhost:9201" -ku admin:admin
curl -s "https://localhost:9201" -ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -177,7 +177,7 @@
curl -H "Content-Type: application/x-ndjson" \
-X PUT "https://localhost:9201/ecommerce?pretty" \
--data-binary "@ecommerce-field_mappings.json" \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand All @@ -193,7 +193,7 @@
curl -H "Content-Type: application/x-ndjson" \
-X PUT "https://localhost:9201/ecommerce/_bulk?pretty" \
--data-binary "@ecommerce.json" \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response (truncated)</p>
Expand Down Expand Up @@ -226,7 +226,7 @@
curl -H 'Content-Type: application/json' \
-X GET "https://localhost:9201/ecommerce/_search?pretty=true&filter_path=hits.total" \
-d'{"query":{"match":{"customer_first_name":"Sonya"}}}' \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label" id="query-validation">Example response</p>
Expand Down Expand Up @@ -271,7 +271,7 @@
curl -H 'Content-Type: application/json' \
-X PUT "https://localhost:9201/_snapshot/snapshot-repo?pretty" \
-d '{"type":"fs","settings":{"location":"/usr/share/opensearch/snapshots"}}' \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand All @@ -284,7 +284,7 @@
```bash
curl -H 'Content-Type: application/json' \
-X POST "https://localhost:9201/_snapshot/snapshot-repo/_verify?timeout=0s&master_timeout=50s&pretty" \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -315,7 +315,7 @@
```bash
curl -H 'Content-Type: application/json' \
-X PUT "https://localhost:9201/_snapshot/snapshot-repo/cluster-snapshot-v137?wait_for_completion=true&pretty" \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -448,7 +448,7 @@
curl -H 'Content-type: application/json' \
-X PUT "https://localhost:9201/_cluster/settings?pretty" \
-d'{"persistent":{"cluster.routing.allocation.enable":"primaries"}}' \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand All @@ -469,7 +469,7 @@
```
1. Perform a flush operation on the cluster to commit transaction log entries to the Lucene index:
```bash
curl -X POST "https://localhost:9201/_flush?pretty" -ku admin:admin
curl -X POST "https://localhost:9201/_flush?pretty" -ku admin:<custom-admin-password>

Check failure on line 472 in _install-and-configure/upgrade-opensearch/appendix/rolling-upgrade-lab.md

View workflow job for this annotation

GitHub Actions / style-job 

[vale] reported by reviewdog 🐶
[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'flush?pretty'.

Raw Output:
{"message": "[OpenSearch.SpacingPunctuation] There should be no space before and one space after the punctuation mark in 'flush?pretty'.", "location": {"path": "_install-and-configure/upgrade-opensearch/appendix/rolling-upgrade-lab.md", "range": {"start": {"line": 472, "column": 42}}}, "severity": "ERROR"}
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -514,7 +514,7 @@
1. **Optional**: Query the cluster to determine which node is acting as the cluster manager. You can run this command at any time during the process to see when a new cluster manager is elected:
```bash
curl -s "https://localhost:9201/_cat/nodes?v&h=name,version,node.role,master" \
-ku admin:admin | column -t
-ku admin:<custom-admin-password> | column -t
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand All @@ -528,7 +528,7 @@
1. **Optional**: Query the cluster to see how shard allocation changes as nodes are removed and replaced. You can run this command at any time during the process to see how shard statuses change:
```bash
curl -s "https://localhost:9201/_cat/shards" \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -644,7 +644,7 @@
1. Confirm that your cluster is running the new version:
```bash
curl -s "https://localhost:9201/_cat/nodes?v&h=name,version,node.role,master" \
-ku admin:admin | column -t
-ku admin:<custom-admin-password> | column -t
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -700,7 +700,7 @@
curl -H 'Content-type: application/json' \
-X PUT "https://localhost:9201/_cluster/settings?pretty" \
-d'{"persistent":{"cluster.routing.allocation.enable":"all"}}' \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -735,7 +735,7 @@
1. Verify the current running version of your OpenSearch nodes:
```bash
curl -s "https://localhost:9201/_cat/nodes?v&h=name,version,node.role,master" \
-ku admin:admin | column -t
-ku admin:<custom-admin-password> | column -t
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -781,7 +781,7 @@

1. Query the [Cluster health]({{site.url}}{{site.baseurl}}/api-reference/cluster-api/cluster-health/) API endpoint to see information about the health of your cluster. You should see a status of `green`, which indicates that all primary and replica shards are allocated:
```bash
curl -s "https://localhost:9201/_cluster/health?pretty" -ku admin:admin
curl -s "https://localhost:9201/_cluster/health?pretty" -ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand All @@ -808,7 +808,7 @@
```
1. Query the [CAT shards]({{site.url}}{{site.baseurl}}/api-reference/cat/cat-shards/) API endpoint to see how shards are allocated after the cluster is upgrade:
```bash
curl -s "https://localhost:9201/_cat/shards" -ku admin:admin
curl -s "https://localhost:9201/_cat/shards" -ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down Expand Up @@ -860,7 +860,7 @@
curl -H 'Content-Type: application/json' \
-X GET "https://localhost:9201/ecommerce/_search?pretty=true&filter_path=hits.total" \
-d'{"query":{"match":{"customer_first_name":"Sonya"}}}' \
-ku admin:admin
-ku admin:<custom-admin-password>
```
{% include copy.html %}
<p class="codeblock-label">Example response</p>
Expand Down
Loading