Would be possible to configure authentication with login/password only for Dashboards GUI and not for Opensearch itself ?
We trying to avoid a lot of reconfiguring ( meaning add login, password and trusted cert) all apps which are sending logs, metrics and traces to our Opensearch cluster, but it seems like it’s not possible because internal users are under control of security_admin.sh and/or security plugin which requires https and auth enabled on Opensearch. Is there some way how to do it ?
Our OpenSearch stack is behind corporate proxy and is not accessible from outside.
We are using OpenSearch and Dashboards both in version 2.1.0.
Well, simply , we want to achieve that not all user or people in company can see all data/dashboards/logs in Opensearch.
All external apps are already connected to OpenSearch cluster on port 9200. We use different external apps such as: Otell collector + Data Prepepr, Logstash, Fluentbit and Fluentd because there are lot of things in our environment which need to store logs.
Thats why we want to avoid configure all of them to and avoid to set authentication to Opensearch on port 9200.
The error is caused by disabling SSL in HTTP 9200. Starting from version 2.0, the securityadmin.sh connects to OpenSearch through port 9200 (it was 9300 in versions 1.x). securityadmin.sh requires certificate authentication, which forces SSL on the API endpoint 9200.