Describe the issue:
I am running 2.3.0, single node. I am using curl to get a list of indexes. I am using https and the --insecure flag. When running 2.3.0, the username/password was the default admin:admin (as is setup in the opensearch docker image on dockerhub). In 2.18.0, I have a different password.
If a v2.3 database is present when I start v2.18, I can’t authenticate using curl. However, if I start v2.18 in a pristine environment, I can authenticate.
I have tried finding documentation on how to migrate, but my v2.3 security index to something 2.18 will like, but have not found anything useful
I am running Opensearch in a Docker container built from 2.3.0 (from Dockerhub). I am running in single node mode
I have the data folder as a Docker volume so that the data is persistent.
The security is the default demo security
From within that container (or others) I can use curl to list indices using this command - curl -XGET https://127.0.0.1:9200/_cat/indices -u ‘admin:admin’ --insecure
I built a new docker container built from Opensearch 2.18.0 (from Dockerhub). I am running in single node mode.
I have the data folder as a Docker volume so that the data is persistent.
The security is the default demo security
An entrypoint script for the container sets the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD to something other than ‘admin’ as that one is not accepted (not complex enough) and then launches the /usr/share/opensearch/opensearch-docker-entrypoint.sh script.
When I run this container image and the persistent data folder contains data from Opensearch 2.3.0, I am unable to run the curl command shown above with either the password ‘admin’ or the new password that I set in the environment variable. It indicates a failure to authenticate.
However, when I run the new container image and the persistent data folder contains no data (or data originally created by 2.18.0), the curl command using the new password works just fine.
Then I stopped the cluster (docker compose down). The OpenSearch volume remained.
Then I updated the OpenSearch version to 2.18.0 in the docker-compose.yml and started the cluster. I logged in with the old password as the data persisted and the .opendistro_security index remained, so no password update happened.
Is there a document that describes the steps necessary to upgrade?
Note - in my case, the upgrade is simply stopping the original container containing 2.3, uninstalling the container (docker image rm), installing the new container containing 2.18 and then running it.
I have found documentation related to securityadmin.sh but it is all somewhat confusing.
I don’t understand the exact steps required to do the security migration given my very specific order of operations show above. (I am just running the opensearch docker images with either no changes at all, or just setting the default admin password in case of 2.18)