I’m using OpenSearch 2.13 in a docker container.
When I mount the file, the changes are not automatically applied:
/internal_users.yml:/usr/share/opensearch/config/opensearch-security/internal_users.yml
I’ve also tried making the changes through the Dashboard, but after docker compose down / up. The changes are lost.
I figured we need to run the securityadmin.sh file inside the container:
/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -icl -nhnv -cert /usr/share/opensearch/config/admin-cert.pem -cacert /usr/share/opensearch/config/root-ca.pem -key /usr/share/opensearch/config/admin-key.pem -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/
However this results in the following error:
Will connect to localhost:9200 … done
ERR: An unexpected SSLHandshakeException occured: Received fatal alert: certificate_unknown
I’m a bit at a loss as to the latest error. I’ve created an admin certificate as per the documentation
The only difference is that we use our internal CA to sign the admin certificate, and used a normal webserver template for this. I’m also not sure as to the attributes (CN, and email) to assign to this certificate.
In the OpenSearch.yml we have configured:
plugins.security.authcz.admin_dn:
- ‘EMAILADDRESS=support@company.com,CN=opensearch1.company.local,OU=IT,O=company.,L=City,ST=State,C=Country’
I’ve also tried it without the emailadres in the plugin config, but this didn’t make any difference.
Any suggestions as to what I’m doing wrong?
The process to setup OpenSearch is quite complicated, it seems like this could be done in a much easier fashion.