[BUG] the securityadmin.sh returns no options in 2.1 or 2.0 like it did in Opensearch 1.3. #822
Assignees
Labels
Closed - Complete
Issue: Work is done and associated PRs closed
installation
Documentation for installing OpenSearch across various platforms
security
Comments
coffeegalaxy
added
bug
Naarcha-AWS
added
1 - Backlog
|
Hi coffeegalaxy! You've opened this issue under the documentation project but it sounds like the issue you're highlighting relates to the actual functionality of the script itself - it doesn't return the available options when you invoke it without arguments. The script is included in the repo for the security plugin here. |
|
Before we suggest moving this over to the other repo as an issue can you confirm what steps you're taking? I just ran the script without args after unpacking from a tar archive and it prints the help text out, as expect: |
|
Make sure you've defined a location for the JDK prior to running the script. I did it in-line to make it clear in my example. If you're still seeing an issue with this can you include the exact command you're running and copy-paste the full console output? |
|
Hi Jeff,
Thanks so much for getting back to me. I tried running it as you ran the
command
in your example and it worked great. I guess what I was doing was just
running the ./securityadmin.sh
and when this output would return:
Warning: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME set, will use /bin/java
it looked like it was using the literal path /bin/java and just not working
for the command would just return
nothing after that. That was the last step I needed so now I can continue
on configuring opensearch. We look
forward to using opensearch and look forward to the new and upcoming
features.
Thanks again.
Have a good weekend!
…On Fri, Aug 12, 2022 at 1:04 PM Jeff Huss ***@***.***> wrote:
Before we suggest moving this over to the other repo as an issue can you
confirm what steps you're taking? I just ran the script without args after
unpacking from a tar archive and it prints the help text out, as expect:
[--redacted--]$ OPENSEARCH_JAVA_HOME=/home/ec2-user/opensearch-2.1.0/jdk ./securityadmin.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** opensearch-project/security#1755 **
**************************************************************************
Security Admin v7
ERR: Parsing failed. Reason: Specify at least -ks or -cert
usage: securityadmin.sh [-arc] [-backup <folder>] [-cacert <file>] [-cd
<directory>] [-cert <file>] [-cn <clustername>] [-dci] [-dg] [-dra]
[-ec <cipers>] [-ep <protocols>] [-er <number of replicas>] [-era]
[-esa] [-f <file>] [-ff] [-h <host>] [-i <indexname>] [-icl] [-key
<file>] [-keypass <password>] [-ks <file>] [-ksalias <alias>]
[-kspass <password>] [-kst <type>] [-migrate <folder>] [-mo
<folder>] [-nhnv] [-p <port>] [-prompt] [-r] [-rev] [-rl] [-si]
[-sniff] [-t <file-type>] [-ts <file>] [-tspass <password>] [-tst
<type>] [-us <number of replicas>] [-vc <version>] [-w]
-arc,--accept-red-cluster Also operate on a red
cluster. If not specified
the cluster state has to
be at least yellow.
-backup <folder> Backup configuration to
folder
-cacert <file> Path to trusted cacert
(PEM format)
-cd,--configdir <directory> Directory for config files
-cert <file> Path to admin certificate
in PEM format
-cn,--clustername <clustername> Clustername (do not use
together with -icl)
-dci,--delete-config-index Delete
'.opendistro_security'
config index and exit.
-dg,--diagnose Log diagnostic trace into
a file
-dra,--disable-replica-autoexpand Disable replica auto
expand and exit
-ec,--enabled-ciphers <cipers> Comma separated list of
enabled TLS ciphers
-ep,--enabled-protocols <protocols> Comma separated list of
enabled TLS protocols
-er,--explicit-replicas <number of replicas> Set explicit number of
replicas or autoexpand
expression for
.opendistro_security index
-era,--enable-replica-autoexpand Enable replica auto expand
and exit
-esa,--enable-shard-allocation Enable all shard
allocation and exit.
-f,--file <file> file
-ff,--fail-fast fail-fast if something
goes wrong
-h,--hostname <host> OpenSearch host (default:
localhost)
-i,--index <indexname> The index OpenSearch
Security uses to store the
configuration
-icl,--ignore-clustername Ignore clustername (do not
use together with -cn)
-key <file> Path to the key of admin
certificate
-keypass <password> Password of the key of
admin certificate
(optional)
-ks,--keystore <file> Path to keystore
(JKS/PKCS12 format
-ksalias,--keystore-alias <alias> Keystore alias
-kspass,--keystore-password <password> Keystore password
-kst,--keystore-type <type> JKS or PKCS12, if not
given we use the file
extension to dectect the
type
-migrate <folder> Migrate and use folder to
store migrated files
-mo,--migrate-offline <folder> Migrate and use folder to
store migrated files
-nhnv,--disable-host-name-verification Disable hostname
verification
-p,--port <port> OpenSearch transport port
(default: 9200)
-prompt,--prompt-for-password Prompt for password if not
supplied
-r,--retrieve retrieve current config
-rev,--resolve-env-vars Resolve/Substitute env
vars in config with their
value before uploading
-rl,--reload Reload the configuration
on all nodes, flush all
Security caches and exit
-si,--show-info Show system and license
info
-sniff,--enable-sniffing Enable
client.transport.sniff
-t,--type <file-type> file-type
-ts,--truststore <file> Path to truststore
(JKS/PKCS12 format)
-tspass,--truststore-password <password> Truststore password
-tst,--truststore-type <type> JKS or PKCS12, if not
given we use the file
extension to dectect the
type
-us,--update_settings <number of replicas> Update the number of
Security index replicas,
reload configuration on
all nodes and exit
-vc,--validate-configs <version> Validate config for
version 6 or 7 (default 7)
-w,--whoami Show information about the
used admin certificate
—
Reply to this email directly, view it on GitHub
<#822 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2B2FITFI63AGBNQ4JMI3C3VYZ73PANCNFSM54D5QBEA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
|
I'm so glad to hear that!! I hope everything goes smoothly for you. Please let us know if there's more help we can offer. |
JeffHuss
added
Closed - Complete
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the bug?
A clear and concise description of the bug.
In Opensearch 1.3 the ./securityadmin.sh with no options would show available options to use via the cli.
In Opensearch 2.0 and 2.1 the ./securityadmin.sh returns no options to use.
It also states the tool will be deprecated in the next major release.
What is replacing this tool and what should be used now.
I have read the documentation extensively but the documentation still says to use the securityadmin.sh tool.
It seems like the command does not run anymore even when using the -f or -backup for example. It only returns the
words the tool will be deprecated.
Any help and guidances would be greatly appreciated.
I am a new user to Opensearch and just getting started using the software.
How can one reproduce the bug?
Steps to reproduce the behavior.
What is the expected behavior?
A clear and concise description of what you expected to happen.
What is your host/environment?
Operating system, version.
Centos 7
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.
The text was updated successfully, but these errors were encountered: