I’m in the same boat as @bseed over here: Securityadmin.sh uses http port 9200 and not transport port 9300 in OpenSearch 2.0.0 - #4 by pablo
I’m trying to launch a new OS 2.0.0 cluster in k8s (RKE). I’ll just repost what he said:
- When I disable install demo config and point transport and http to my certs, I get an error “Transport client authentication no longer supported”
- When I add
enabled: false
tosecurity.ssl.transport
, I get an error “plugins.security.ssl.transport.enabled must be set to ‘true’” - When i remove every
security.ssl.transport
lines, I get an error
“plugins.security.ssl.transport.keystore_filepath or plugins.security.ssl.transport.server.pemcert_filepath and plugins.security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested.”
Here’s the relevant part of my config as it stands now:
plugins:
security:
ssl:
transport:
pemcert_filepath: certs/opensearch.crt.pem
pemkey_filepath: certs/opensearch.key.pem
pemtrustedcas_filepath: certs/ca-bundle.pem
enforce_hostname_verification: false
http:
enabled: true
pemcert_filepath: certs/opensearch.crt.pem
pemkey_filepath: certs/opensearch.key.pem
pemtrustedcas_filepath: certs/ca-bundle.pem
allow_default_init_securityindex: true
authcz:
admin_dn:
- CN=[redacted]
audit.type: internal_opensearch
enable_snapshot_restore_privilege: true
check_snapshot_restore_write_privileges: true
restapi:
roles_enabled: ["all_access", "security_rest_api_access"]
opendistro_security:
audit:
config:
disabled_rest_categories: NONE
What do I need to do to get it to work?
Thanks!