Securityadmin.sh uses http port 9200 and not transport port 9300 in OpenSearch 2.0.0

asfoorial · May 31, 2022, 5:50am

Good day everyone,

First of all I would like to thank the OpenSearch community for the amazing work done in this project and for the clearly hard work done to get OpenSearch 2.0.0 release.

I have noticed that the Documentation the below:

The securityadmin.sh tool can be run from any machine that has access to the transport port of your OpenSearch cluster (the default port is 9300). Apply changes with securityadmin.sh - OpenSearch documentation

However, when I tried the below it used port 9200.

./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \
  -cacert ../../../config/root-ca.pem \
  -cert ../../../config/kirk.pem \
  -key ../../../config/kirk-key.pem

Is the above (securityadmin.sh using 9200 by default) is an intended behaviour or it is just the documentation needs to be updated? I have scripts that run the above code and set the port using “-p 9300” and it used to work on 1.3.2 but failed on 2.0.0.

I highly appreciate your feedback on this.

Regards

pablo · May 31, 2022, 7:31pm

@asfoorial As per the release notes of version 2.0 the TransportClient authentication/authorisation have been removed.
That has affected the way the securityadmin.sh communicates with the cluster. Now securityadmin.sh requires HTTP connection - port 9200.
The documentation still refers to the old configuration. It will be reported to the dev team.

github.com

opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.0.0.md

# OpenSearch and Dashboards 2.0.0 Release Notes

## Release Highlights

* Document level alerting allows users to create monitors that can generate alerts per document
* Lucene 9 is now used in OpenSearch
* The Geo Map Tiles in OpenSearch Dashboards are updated and now have a pipeline to update them more frequently
* Document level security now supports term lookup queries

### OpenSearch Notifications
* OpenSearch 2.0.0 is the first official release with OpenSearch Notifications
* Notifications consist of three plugins, `notifications-core` and `notifications` backend plugins for OpenSearch, and a `notificationsDashboards` frontend plugin for OpenSearch Dashboards


## Release Details

OpenSearch and OpenSearch Dashboards 2.0.0 includes the following features, enhancements, bug fixes, infrastructure, documentation, maintenance, and refactoring updates:

OpenSearch [Release Notes](https://github.com/opensearch-project/OpenSearch/blob/2.0/release-notes/opensearch.release-notes-2.0.0.md)

This file has been truncated. show original

https://github.com/opensearch-project/security/pull/1701

bseed · June 15, 2022, 8:23am

Hello everyone, I’m stuck, if someone can help me that would be great !

When I disable install demo config and point transport and http to my certs, I get an error “Transport client authentication no longer supported”
When I add enabled: falseto security.ssl.transport, I get an error “plugins.security.ssl.transport.enabled must be set to ‘true’”
When i remove every security.ssl.transport lines, I get an error
“plugins.security.ssl.transport.keystore_filepath or plugins.security.ssl.transport.server.pemcert_filepath and plugins.security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested.”

What am I mssing ?

pablo · June 17, 2022, 9:53am

@bseed Would you mind opening a new thread?
Please share configs and the current version of OpenSearch.

Topic		Replies	Views
Using the security API instead of securityadmin.sh in OpenSearch 2.0.0 Security	1	331	June 23, 2022
Security transport config for 2.0.0 Security troubleshoot , install	13	1901	December 12, 2022
Error on Apply changes using securityadmin.sh Security configure , install	2	723	May 23, 2023
Opensearch security not initialized; Securityadmin.sh not running Security troubleshoot , configure	10	4696	June 20, 2022
Opensearch Security: No results from securityadmin.sh (at all)? Security troubleshoot	4	22	December 9, 2024

Securityadmin.sh uses http port 9200 and not transport port 9300 in OpenSearch 2.0.0

Related topics