Remove admin:admin default and update instructions for demo setup #5887
Conversation
Signed-off-by: Derek Ho <dxho@amazon.com>
derek-ho
requested review from
hdhalter,
kolchfa-aws,
Naarcha-AWS,
vagimeli,
ananzh,
AMoo-Miki and
natebower
as code owners
|
@prudhvigodithi / @rishabh6788 / @DarshitChanpura adding you folks as tech reviewers, especially on the install files to double check that this is feasible/makes sense |
derek-ho
requested review from
rishabh6788,
prudhvigodithi and
DarshitChanpura
| @@ -40,10 +40,10 @@ This guide assumes that you are comfortable working from the Linux command line | |||
| 1. From the CLI, install using `dpkg`. | |||
| ```bash | |||
| # x64 | |||
| sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb | |||
| sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb | |||
There was a problem hiding this comment.
we should add a comment about why this password is required.
There was a problem hiding this comment.
This applies to all updated distributions
| export OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > | ||
| ``` | ||
| {% include copy.html %} | ||
|
|
||
| 1. Run the OpenSearch startup script with the security demo configuration. |
There was a problem hiding this comment.
this step should be numbered as 2
There was a problem hiding this comment.
This is correct, I believe the numbers are handled on the website side.
| set OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > | ||
| ``` | ||
| {% include copy.html %} | ||
|
|
||
| 1. Run the batch script. |
There was a problem hiding this comment.
this step should be numbered as 2
There was a problem hiding this comment.
All of them are numbered as 1
There was a problem hiding this comment.
Markdown automatically will number these in sequence. So if you put "1. 1. 1.", the output will be "1. 2. 3"
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
|
|
||
| # arm64 | ||
| sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb | ||
| sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password> dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb |
There was a problem hiding this comment.
Missing trailing space inside ">".
_api-reference/tasks.md
Outdated
| @@ -267,7 +267,7 @@ To associate requests with tasks for better tracking, you can provide a `X-Opaqu | |||
| Usage: | |||
|
|
|||
| ```bash | |||
| curl -i -H "X-Opaque-Id: 111111" "https://localhost:9200/_tasks" -u 'admin:admin' --insecure | |||
| curl -i -H "X-Opaque-Id: 111111" "https://localhost:9200/_tasks" -u 'admin:< Admin password >' --insecure | |||
There was a problem hiding this comment.
You will want to ask @kolchfa-aws etc. about the style guidelines for these placeholders. I am not sure whether leading/trailing spaces should be trimmed or whether underscores should be used instead of spaces in between the terms.
There was a problem hiding this comment.
Sorry for the late reply, just saw this. Generally we don't use spaces within angular brackets and separate the words with a hyphen or underscore so <custom-admin-password> looks good to me.
|
|
||
| ```yml | ||
| - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD | ||
| # value: < Admin password > |
There was a problem hiding this comment.
Is this meant to be commented out?
| export OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > | ||
| ``` | ||
| {% include copy.html %} | ||
|
|
||
| 1. Run the OpenSearch startup script with the security demo configuration. |
There was a problem hiding this comment.
This is correct, I believe the numbers are handled on the website side.
|
@derek-ho , @scrawfor99 - I'll add the 2.12 label for now because you said "and likely to be backported to 2.12 release". We'll check in with you to confirm before 2.12 is released. Thanks! |
|
@hdhalter yes this is planned for 2.12.0 release. Can we get a tech/doc review for these changes to ensure that we have supporting documentation released in the 2.12.0 release? Thanks! |
Thanks, @derek-ho. @Naarcha-AWS is assigned to do the doc review. |
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
There was a problem hiding this comment.
@Naarcha-AWS Please see my comments and changes and tag me when complete. I'd like to reread line 114 in the first file before approving. Thanks!
Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
added
6 - Done but waiting to merge
|
@DarshitChanpura - Do we need to modify step 6? It says to enter admin/admin: https://opensearch.org/docs/latest/security/authentication-backends/saml/#docker-example. |
Ahh..great catch. We can modify this, but then we will also need to modify the steps above to point to 2.12 instead of 2.8. if we plan to leave it as 2.8 we should leave it as admin. |
Let's update. We can add a variable for the version, and "<admin user name/password>" will still apply to all versions. @Naarcha-AWS - can you update this? Thanks. |
Made this change in a separate PR: #6279 |
hdhalter
added
the
release-notes
hdhalter
added
3 - Done
Description
Starting with the 2.12 release, admin will no longer be set as the default password when running the install demo configuration script. Instead, it will require user input (via an environment variable) to set the initial admin password, otherwise the script will fail. This PR updates the documentation to remove references of admin:admin, as well as updates some instructions on how to set this variable for the different distributions.
Issues Resolved
List any issues this PR will resolve, e.g. Closes [...].
Related to #5946
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.