Describe the issue: I am using OpenSearch 2.0.1 version and installed it in my on-prem K8s servers.
I have disabled HTTPS access for OpenSearch as it’s inside the private cluster and for HTTPS I have my NGINX as front-ending LB.
If I am making any config changes inside OpenSearch, we need to run securityAdmin.sh script to make it reflect for OpenSearch.
Is there any way to run this script or any other way by which opensearch cluster will come to know the config changes without https because as of today I have to run this script (securityAdmin.sh) and for the same first I enable HTTPS access in opensearch and than run this script and than again disable the same using below configuration of opensearch.yml file
I don’t think you need to run securityAdmin.sh to make OpenSearch configuration changes. If possible, I would configure OpenSearch either via the API (e.g. cluster settings) or via environment variables, for example:
cluster.name=opensearch-cluster
node.name=opensearch-node1
etc.
Thanks for your suggestion
Can you please suggest what API you are referring to update the configuration present inside opensearch.yml file
As if I will update that configuration file, it is not taking effect untill I will run the securityAdmin.sh script
@vgoel@radu.gheorghe Just to be clear, the securityadmin.sh script doesn’t manage cluster/node configuration. It is used to configure security plugin.
To apply any changes with securityadmin.sh script you must use admin certificates which are defined in opensearch.yml file. Since securityadmin.sh requires certificate authentication end OpenSearch API endpoint must have SSL enabled.