Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 3.4
Describe the issue:
Since I have used unsafe initial password for admin. I had to change it.
What I did so far
- Change initial password for user admin in
internal_users.yml - Run
securityadmin.shto apply the changes
Password was changed successfully.
But now the connection between Dashboards and Opensearch-Cluster do not work anymore. For sure because of opensearch.username and opensearch.password defined as “admin” in opensearch-dashboards.yml
[opensearch-node1] Authentication finally failed for admin from 172.18.0.2:59294
So I can’t believe I should put the secure admin password in clear text in opensearch-dashboards.yml I wanted first ask you guys what I’m missing here.
Configuration:
-- internal_users.yml
_meta:
type: "internalusers"
config_version: 2
admin:
# initial pw
hash: "$2y$12$..."
reserved: true
backend_roles:
- "admin"
description: "Admin user"
viewer:
# initial pw
hash: "$2y$12$..."
backend_roles:
- "viewer"
description: "Read-only user"
-- opensearch-dashboards.yml
server.name: os_dashboards
server.host: "0.0.0.0"
opensearch.username: "admin"
opensearch.password: "admin"
# Encrypt traffic between OpenSearch-Dashboards and Opensearch
opensearch.ssl.certificate: "/usr/share/opensearch-dashboards/config/certificates/os-dashboards/os-dashboards-client.pem"
opensearch.ssl.key: "/usr/share/opensearch-dashboards/config/certificates/os-dashboards/os-dashboards-client.key"
opensearch.ssl.certificateAuthorities: ["/usr/share/opensearch-dashboards/config/certificates/ca/ca.pem"]
opensearch.ssl.verificationMode: full
#
# Browser <-> Opensearch-Dashboards
# using nginx and let'sencrypt
#
server.ssl.enabled: false
# OpenSearch Dashboards 3.x new features
data_source.enabled: true
workspace.enabled: true
explore.enabled: true