Restore dashboard configurations because of modification

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:
Hi community!
Lets say I have a cluster with Dashboard configured users, roles and tenants. I want to:

  • save those configurations
  • change configurations e.g. add a reserved user in internal_users.yaml
  • execute the to apply those configurations
  • reapply the saved configurations which were overwritten by (but only the Dashboard configurations)

As I understand, it is only possible in snapshots to restore indizes and configurations.
Is there a way to backup those configurations efficiently and to restore them after the update?

Greetings and thanks! has a param -backup <folder> Backup configuration to folder

You should be able to use that to back it up.

The -backup function backs up all of the configurations though. Therefore, if I restore the backup, my changed configurations with the script will be overwritten as well.
I only want to backup users/roles etc. that will be deleted by running the script.

@zujiry What do you mean by Dashboard configurations?

@zujiry If you’d like to use snapshots and, you should try to take a snapshot of all indices except .opendistro_security. Then restore of the indices won’t overwrite the security configuration stored in .opendistro_security index.

Hi pablo, with Dashboard Configurations I mean the creation of roles / tenants etc. in the Dashboards UI. As I understand, those are not saved to the config files, therefore are overwritten if you use the
Are roles / tenants etc. saved in the opendistro_security index?

@zujiry The security configuration UI in OpenSearch Dashboards updates exactly the same security configuration as
The trick is to decide how you want to manage that configuration. If you make the changes through OpenSearch Dashboards UI, the won’t be aware of that.

Every time when you’d like to use it is a good practice, as @jasonrojas mentioned, to use the backup option to save the current running configuration. Then make changes to the config files and upload the updated configuration back to the cluster.

@pablo sorry, for the late answer. The problem is, that I want a combination of them. I want to setup the configuration via security configuration and But a customer should only access opensearch via UI and set their configuration according to their wishes.
If I want to add e.g. an LDAP connection via I overwrite all the configurations of the customer though. A backup does not solve that, as I understand, as that can only reset the configurations to a point before I added e.g. LDAP.

I need a solution for restoring the UI made configurations after I set new underlying “base” configurations via

@zujiry Actually the backup solves the problem of overwriting the security configuration. You first take a backup with, then change the config (i.e. add LDAP configuration) and upload the updated config backup to the cluster with
The only condition here is that the customer should not make any changes in security configuration at the same time as you do.

So, if I understand correctly, what you mean is:

  1. Backup via
  2. Change configurations IN the backup data
  3. Reupload the Backup

Therefore configurations changed in the UI are also backuped and reuploaded and everything is saved? That would be the solution to my problem.

My problem was that if configurations are changed in the UI by the customer, they are overwritten by running the
As the documentation states:
Applying changes to configuration files - OpenSearch documentation

  1. You initialize the .opendistro_security index.
  2. You create ten users using the REST API.
  3. You decide to create a new reserved user using internal_users.yml.
  4. You run again to load the new reserved user into the index.
  5. You lose all ten users that you created using the REST API.

Therefore, if I dont want to lose all ten users, I have to backup the users somehow but I can only reupload the backup before changing the configurations therefore the backup is only to be able to go back to a state of Opensearch before editing the configurations - which does not solve my problem.
I will try your solution. Thank you very much!! :slight_smile:

@zujiry Correct. The backup will create yaml files in the specified backup folder. If you won’t specify that folder, then /usr/share/opensearch/plugins/opensearch-security/securityconfig (version 1.x) or /usr/share/opensearch/config/secruity-config (version 2.x) will be your default folder.

Your procedure is missing a backup step between 2 and 3. That’s why uploading configuration with after making changes with REST API will overwrite all the REST API changes.

thank you very much, it works!!