Hi,
whenever I change users and roles in Kibana everything works fine and is written to .opendistro security index.
However, when I run .securityadmin.sh all users are reset and all roles I have set are also gone.
securityadmin.sh -h hostname.local -cd …/securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/admin.pem -key /etc/elasticsearch/admin-key.pem
Is there a way to reload via securityadmin.sh but keep the changes i made via kibana?
you are reloading the entire /securityconfig/ directory which contains the default roles.yml …etc… use the -f flag and specify config.yml instead of the entire dir
So i will lose configuration from kibana when i use securityadmin.sh?
I use ldap for authenticate my user in OD. do i need to setup every role and mapping again after running the script?
Can i export the settings i did to the .yml files?
So i will lose configuration from kibana when i use securityadmin.sh?
No, if you only load the config.yml instead of the entire /securityconfig/ dir you will retain your configured Kibana roles
do i need to setup every role and mapping again after running the script?
No
Can i export the settings i did to the .yml files?
You can back up the User and Roles files https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/security-admin/#backup-restore-and-migrate
Here is the script I use when I reboot my cluster that does not erase any of the users and roles
./securityadmin.sh -h YOUR-HOST -cn YOUR-CLUSTER-NAME -f ../securityconfig/config.yml -nhnv -cacert ../../../config/root-ca.pem -cert ../../../config/admin.pem -key ../../../config/admin-key.pem
Thank you for an awesome solution, gonna check this. Lucky I found this xD