Securityadmin.sh uses http port 9200 and not transport port 9300 in OpenSearch 2.0.0

Good day everyone,

First of all I would like to thank the OpenSearch community for the amazing work done in this project and for the clearly hard work done to get OpenSearch 2.0.0 release.

I have noticed that the Documentation the below:

The securityadmin.sh tool can be run from any machine that has access to the transport port of your OpenSearch cluster (the default port is 9300). Apply changes with securityadmin.sh - OpenSearch documentation

However, when I tried the below it used port 9200.

./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv \
  -cacert ../../../config/root-ca.pem \
  -cert ../../../config/kirk.pem \
  -key ../../../config/kirk-key.pem

Is the above (securityadmin.sh using 9200 by default) is an intended behaviour or it is just the documentation needs to be updated? I have scripts that run the above code and set the port using “-p 9300” and it used to work on 1.3.2 but failed on 2.0.0.

I highly appreciate your feedback on this.

Regards

1 Like

@asfoorial As per the release notes of version 2.0 the TransportClient authentication/authorisation have been removed.
That has affected the way the securityadmin.sh communicates with the cluster. Now securityadmin.sh requires HTTP connection - port 9200.
The documentation still refers to the old configuration. It will be reported to the dev team.

https://github.com/opensearch-project/security/pull/1701

1 Like

Hello everyone, I’m stuck, if someone can help me that would be great !

  • When I disable install demo config and point transport and http to my certs, I get an error “Transport client authentication no longer supported”

  • When I add enabled: falseto security.ssl.transport, I get an error “plugins.security.ssl.transport.enabled must be set to ‘true’”

  • When i remove every security.ssl.transport lines, I get an error
    “plugins.security.ssl.transport.keystore_filepath or plugins.security.ssl.transport.server.pemcert_filepath and plugins.security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested.”

What am I mssing ?

1 Like

@bseed Would you mind opening a new thread?
Please share configs and the current version of OpenSearch.