From 31c66b538e8e38a493ad61245317ba664c0facc8 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Fri, 2 Feb 2024 14:23:58 -0500 Subject: [PATCH 1/2] Updates README to reflect strong password requirements for admin user Signed-off-by: Darshit Chanpura --- README.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a3d39a3..2a2cb28 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,16 @@ -- [OpenSearch Project Ansible-Playbook](#helm-charts) -- [OpenSearch Installation with Dashboards](opensearch-installation-with-dashboards) +- [OpenSearch Project Ansible-Playbook](#opensearch-project-ansible-playbook) +- [Version and Branching](#version-and-branching) +- [OpenSearch Installation with Dashboards](#opensearch-installation-with-dashboards) + - [Prerequisite](#prerequisite) + - [Configure](#configure) + - [Multi-node Installation](#multi-node-installation) + - [Single Node Installation](#single-node-installation) + - [Install](#install) + - [OpenID authentification](#openid-authentification) + - [Custom configuration files](#custom-configuration-files) + - [IaC (Infrastructure-as-Code)](#iac-infrastructure-as-code) - [Contributing](#contributing) - [Getting Help](#getting-help) - [Code of Conduct](#code-of-conduct) @@ -95,17 +104,19 @@ cluster_type: single-node # Deploy with ansible playbook - run the playbook as root - ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789 logstash_password=Test@456" + ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=myStrongPassword@123! kibanaserver_password=Test@6789 logstash_password=Test@456" You should set the reserved users(`admin`, `kibanaserver`, and `logstash`) password using `admin_password`, `kibanaserver_password`, and `logstash_password` variables. +**Note**: Starting OpenSearch 2.12, a strong password is required for `admin` user, i.e. `myStrongPassword123!`. The cluster will fail to start with a weak password, i.e. `admin` + If you define your own internal users (in addition to the reserved `admin`, `kibanaserver`, and `logstash`) in custom configuration files, then passwords to them should be set via variables on the principle of `_password` It will install and configure the opensearch. Once the deployment completed, you can access the opensearch Dashboards with user `admin` and password which you provided for variable `admin_password`. # Deploy with ansible playbook - run the playbook as non-root user which have sudo privileges, - ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789 logstash_password=Test@456" --become + ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=myStrongPassword@123! kibanaserver_password=Test@6789 logstash_password=Test@456" --become **Note**: Change the user details in `ansible_user` parameter in `inventories/opensearch/hosts` inventory file. From bfb55784c4dd0e77f4bad578563686ef9a750426 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Fri, 2 Feb 2024 14:32:01 -0500 Subject: [PATCH 2/2] Applies PR feedback Signed-off-by: Darshit Chanpura --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a2cb28..5255d72 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ cluster_type: single-node You should set the reserved users(`admin`, `kibanaserver`, and `logstash`) password using `admin_password`, `kibanaserver_password`, and `logstash_password` variables. -**Note**: Starting OpenSearch 2.12, a strong password is required for `admin` user, i.e. `myStrongPassword123!`. The cluster will fail to start with a weak password, i.e. `admin` +**Note**: Starting OpenSearch 2.12, a strong password is required for `admin` user, i.e. `myStrongPassword123!`. The cluster will fail to start with a weak password (i.e. admin) or no password. If you define your own internal users (in addition to the reserved `admin`, `kibanaserver`, and `logstash`) in custom configuration files, then passwords to them should be set via variables on the principle of `_password`