Cannot change default password for Admin OS 1.2.3

Hello there,

I am trying to change default password of admin user but no success.

After I genereate password hash via plugins/opensearch-security/tools/hash.sh

sh /path/opensearch-1.2.3/plugins/opensearch-security/tools/hash.sh -p “password”

I get some hash that I will put into:

/path/opensearch-1.2.3/plugins/opensearch-security/securityconfig/internal_users.yml

admin:
hash: “$2y$12$BI9Uw4CH5FkKvJWWe.lRuegEiyP5FMtJiOg6rT.lByQSP5n3.YbBe” - putting hash here
reserved: true
backend_roles:

• “admin”
  description: “Demo admin user”

Then I run

sh /path/opensearch-1.2.3/plugins/opensearch-security/tools/securityadmin.sh -f /path/opensearch-1.2.3/plugins/opensearch-security/securityconfig/internal_users.yml -icl -nhnv -cert /path/opensearch-1.2.3/config/kirk.pem -cacert /path/opensearch-1.2.3/config/root-ca.pem -key /path/opensearch-1.2.3/config/kirk-key.pem -t config

and I get this error

Security Admin v7
Will connect to localhost:9300 … done
Connected as CN=kirk,OU=client,O=client,L=test,C=de
OpenSearch Version: 1.2.3
OpenSearch Security Version: 1.2.3.0
Contacting opensearch cluster ‘opensearch’ and wait for YELLOW clusterstate …
Clustername: new-reference
Clusterstate: GREEN
Number of nodes: 6
Number of data nodes: 4
.opendistro_security index already exists, so we do not need to create one.
Populate config from /path/opensearch-1.2.3/plugins/opensearch-security/securityconfig
Force type: config
ERR: Seems /path/opensearch-1.2.3/plugins/opensearch-security/securityconfig/internal_users.yml is not in OpenSearch Security 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “hash” (class org.opensearch.security.securityconf.impl.v7.ConfigV7), not marked as ignorable (one known property: “dynamic”])
at [Source: (String)“{”_meta":{“type”:“internalusers”,“config_version”:2},“admin”:{“hash”:“hash”,“reserved”:true,“backend_roles”:[“admin”],“description”:“Demo admin user”},“kibanaserver”:{“hash”:“hash”,“reserved”:true,“description”:“Demo OpenSearch Dashboards user”},“kibanaro”:{“hash”:“hash”,“reserved”:false,“backend_roles”:[“kibanauser”,“readall”],“a”[truncated 648 chars]; line: 1, column: 71] (through reference chain: org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration[“admin”]->org.opensearch.security.securityconf.impl.v7.ConfigV7[“hash”])
ERR: cannot upload configuration, see errors above

I tried using original internal_users.yml as well same error. I tried using internal_users.yml from Previous version Opensearch 1.0.0. same error. So I am quite puzzled what is wrong with the format and how can I correct it ?

PS:
I did update from Opensearch 1.0.0 to 1.2.3 and Dashboard from 1.0 to 1.2.
Which BTW was pretty problematic since jdk provided with 1.2.3 version is faulty (line 77 cannot be read or something like that was reported from journalctl) and I had to use original jdk from version 1.0.0… Similar thing with Dashboard that required folder node to be used from version 1.0.0 (error line 22)

Any help is appreciated !

@KrejcarS Could you DM your internal_users.yml file?
Please remember that indents are very important in YAML files.

@KrejcarS Just tested and getting the same error. I’ve only replaced the hash for admin user and now securityadmin.sh fails to update.
I’ll have a look on that.

Hello Pablo,

thank you for looking into this please let me know if you find anything I will do so as well !

Appreciated

@KrejcarS As per documentation -t config is for config.yml file.

You can either remove -t config option or set -t internalusers. Just tested and both solutions worked in my lab.

Hello Pablo,
Thank you very much I didn’t notice that.

Option with -t internalusers worked for me.

Much appreciated !