diff --git a/_about/quickstart.md b/_about/quickstart.md index 851293f575..5c7da2950e 100644 --- a/_about/quickstart.md +++ b/_about/quickstart.md @@ -52,9 +52,9 @@ You'll need a special file, called a Compose file, that Docker Compose uses to d opensearch-node1 "./opensearch-docker…" opensearch-node1 running 0.0.0.0:9200->9200/tcp, 9300/tcp, 0.0.0.0:9600->9600/tcp, 9650/tcp opensearch-node2 "./opensearch-docker…" opensearch-node2 running 9200/tcp, 9300/tcp, 9600/tcp, 9650/tcp ``` -1. Query the OpenSearch REST API to verify that the service is running. You should use `-k` (also written as `--insecure`) to disable host name checking because the default security configuration uses demo certificates. Use `-u` to pass the default username and password (`admin:admin`). +1. Query the OpenSearch REST API to verify that the service is running. You should use `-k` (also written as `--insecure`) to disable hostname checking because the default security configuration uses demo certificates. Use `-u` to pass the default username and password (`admin:`). ```bash - curl https://localhost:9200 -ku admin:admin + curl https://localhost:9200 -ku admin: ``` Sample response: ```json @@ -76,7 +76,7 @@ You'll need a special file, called a Compose file, that Docker Compose uses to d "tagline" : "The OpenSearch Project: https://opensearch.org/" } ``` -1. Explore OpenSearch Dashboards by opening `http://localhost:5601/` in a web browser on the same host that is running your OpenSearch cluster. The default username is `admin` and the default password is `admin`. +1. Explore OpenSearch Dashboards by opening `http://localhost:5601/` in a web browser on the same host that is running your OpenSearch cluster. The default username is `admin` and the default password is set in your `docker-compose.yml` file in the `OPENSEARCH_INITIAL_ADMIN_PASSWORD=` setting. ## Create an index and field mappings using sample data @@ -100,18 +100,18 @@ Create an index and define field mappings using a dataset provided by the OpenSe ``` 1. Define the field mappings with the mapping file. ```bash - curl -H "Content-Type: application/x-ndjson" -X PUT "https://localhost:9200/ecommerce" -ku admin:admin --data-binary "@ecommerce-field_mappings.json" + curl -H "Content-Type: application/x-ndjson" -X PUT "https://localhost:9200/ecommerce" -ku admin: --data-binary "@ecommerce-field_mappings.json" ``` 1. Upload the index to the bulk API. ```bash - curl -H "Content-Type: application/x-ndjson" -X PUT "https://localhost:9200/ecommerce/_bulk" -ku admin:admin --data-binary "@ecommerce.json" + curl -H "Content-Type: application/x-ndjson" -X PUT "https://localhost:9200/ecommerce/_bulk" -ku admin: --data-binary "@ecommerce.json" ``` 1. Query the data using the search API. The following command submits a query that will return documents where `customer_first_name` is `Sonya`. ```bash - curl -H 'Content-Type: application/json' -X GET "https://localhost:9200/ecommerce/_search?pretty=true" -ku admin:admin -d' {"query":{"match":{"customer_first_name":"Sonya"}}}' + curl -H 'Content-Type: application/json' -X GET "https://localhost:9200/ecommerce/_search?pretty=true" -ku admin: -d' {"query":{"match":{"customer_first_name":"Sonya"}}}' ``` Queries submitted to the OpenSearch REST API will generally return a flat JSON by default. For a human readable response body, use the query parameter `pretty=true`. For more information about `pretty` and other useful query parameters, see [Common REST parameters]({{site.url}}{{site.baseurl}}/opensearch/common-parameters/). -1. Access OpenSearch Dashboards by opening `http://localhost:5601/` in a web browser on the same host that is running your OpenSearch cluster. The default username is `admin` and the default password is `admin`. +1. Access OpenSearch Dashboards by opening `http://localhost:5601/` in a web browser on the same host that is running your OpenSearch cluster. The default username is `admin` and the password is set in your `docker-compose.yml` file in the `OPENSEARCH_INITIAL_ADMIN_PASSWORD=` setting. 1. On the top menu bar, go to **Management > Dev Tools**. 1. In the left pane of the console, enter the following: ```json @@ -162,4 +162,4 @@ OpenSearch will fail to start if your host's `vm.max_map_count` is too low. Revi opensearch-node1 | ERROR: [1] bootstrap checks failed opensearch-node1 | [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] opensearch-node1 | ERROR: OpenSearch did not exit normally - check the logs at /usr/share/opensearch/logs/opensearch-cluster.log -``` \ No newline at end of file +``` diff --git a/_api-reference/tasks.md b/_api-reference/tasks.md index 19ef373806..5c3a41fd34 100644 --- a/_api-reference/tasks.md +++ b/_api-reference/tasks.md @@ -267,7 +267,7 @@ To associate requests with tasks for better tracking, you can provide a `X-Opaqu Usage: ```bash -curl -i -H "X-Opaque-Id: 111111" "https://localhost:9200/_tasks" -u 'admin:admin' --insecure +curl -i -H "X-Opaque-Id: 111111" "https://localhost:9200/_tasks" -u 'admin:' --insecure ``` {% include copy.html %} @@ -326,6 +326,6 @@ content-length: 768 This operation supports the same parameters as the `tasks` operation. The following example shows how you can associate `X-Opaque-Id` with specific tasks: ```bash -curl -i -H "X-Opaque-Id: 123456" "https://localhost:9200/_tasks?nodes=opensearch-node1" -u 'admin:admin' --insecure +curl -i -H "X-Opaque-Id: 123456" "https://localhost:9200/_tasks?nodes=opensearch-node1" -u 'admin:' --insecure ``` {% include copy.html %} diff --git a/_benchmark/quickstart.md b/_benchmark/quickstart.md index 52415cb608..0c23f74953 100644 --- a/_benchmark/quickstart.md +++ b/_benchmark/quickstart.md @@ -31,7 +31,7 @@ After installation, you can verify OpenSearch is running by going to `localhost: Use the following command to verify OpenSearch is running with SSL certificate checks disabled: ```bash -curl -k -u admin:admin https://localhost:9200 # the "-k" option skips SSL certificate checks +curl -k -u admin: https://localhost:9200 # the "-k" option skips SSL certificate checks { "name" : "147ddae31bf8.opensearch.org", diff --git a/_clients/javascript/index.md b/_clients/javascript/index.md index 2baed89722..f8bf9a9619 100644 --- a/_clients/javascript/index.md +++ b/_clients/javascript/index.md @@ -48,7 +48,7 @@ To connect to the default OpenSearch host, create a client object with the addre var host = "localhost"; var protocol = "https"; var port = 9200; -var auth = "admin:admin"; // For testing only. Don't store credentials in code. +var auth = "admin:"; // For testing only. Don't store credentials in code. var ca_certs_path = "/full/path/to/root-ca.pem"; // Optional client certificates if you don't want to use HTTP basic authentication. @@ -360,7 +360,7 @@ The following sample program creates a client, adds an index with non-default se var host = "localhost"; var protocol = "https"; var port = 9200; -var auth = "admin:admin"; // For testing only. Don't store credentials in code. +var auth = "admin:"; // For testing only. Don't store credentials in code. var ca_certs_path = "/full/path/to/root-ca.pem"; // Optional client certificates if you don't want to use HTTP basic authentication. diff --git a/_monitoring-your-cluster/pa/index.md b/_monitoring-your-cluster/pa/index.md index e88831ba4e..bb4f9c6c30 100644 --- a/_monitoring-your-cluster/pa/index.md +++ b/_monitoring-your-cluster/pa/index.md @@ -245,7 +245,7 @@ curl -XPOST http://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/conf If you encounter the `curl: (52) Empty reply from server` response, run the following command to enable RCA: ```bash -curl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:admin' -k +curl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:' -k ``` ### Example API query and response diff --git a/_observing-your-data/log-ingestion.md b/_observing-your-data/log-ingestion.md index 751f538c3c..61f427d30e 100644 --- a/_observing-your-data/log-ingestion.md +++ b/_observing-your-data/log-ingestion.md @@ -63,7 +63,7 @@ This should result in a single document being written to the OpenSearch cluster Run the following command to see one of the raw documents in the OpenSearch cluster: ```bash -curl -X GET -u 'admin:admin' -k 'https://localhost:9200/apache_logs/_search?pretty&size=1' +curl -X GET -u 'admin:' -k 'https://localhost:9200/apache_logs/_search?pretty&size=1' ``` The response should show the parsed log data: diff --git a/_observing-your-data/trace/getting-started.md b/_observing-your-data/trace/getting-started.md index b146b42a0e..d1bffb7050 100644 --- a/_observing-your-data/trace/getting-started.md +++ b/_observing-your-data/trace/getting-started.md @@ -76,7 +76,7 @@ node-0.example.com | [2020-11-19T16:29:55,267][INFO ][o.e.c.m.MetadataMappingSe In a new terminal window, run the following command to see one of the raw documents in the OpenSearch cluster: ```bash -curl -X GET -u 'admin:admin' -k 'https://localhost:9200/otel-v1-apm-span-000001/_search?pretty&size=1' +curl -X GET -u 'admin:' -k 'https://localhost:9200/otel-v1-apm-span-000001/_search?pretty&size=1' ``` Navigate to `http://localhost:5601` in a web browser and choose **Trace Analytics**. You can see the results of your single click in the Jaeger HotROD web interface: the number of traces per API and HTTP method, latency trends, a color-coded map of the service architecture, and a list of trace IDs that you can use to drill down on individual operations. diff --git a/_reporting/rep-cli-env-var.md b/_reporting/rep-cli-env-var.md index a4e079501d..0c80c81ca5 100644 --- a/_reporting/rep-cli-env-var.md +++ b/_reporting/rep-cli-env-var.md @@ -30,7 +30,7 @@ Values from the command line argument have higher priority than the environment The following command requests a report with basic authentication in PNG format: ``` -opensearch-reporting-cli --url https://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d --format png --auth basic --credentials admin:admin +opensearch-reporting-cli --url https://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d --format png --auth basic --credentials admin: ``` Upon success, the report will download to the current directory. diff --git a/_search-plugins/sql/sql/index.md b/_search-plugins/sql/sql/index.md index 9a466902ff..7035b6d664 100644 --- a/_search-plugins/sql/sql/index.md +++ b/_search-plugins/sql/sql/index.md @@ -61,7 +61,7 @@ POST _plugins/_sql To run the preceding query in the command line, use the [curl](https://curl.haxx.se/) command: ```bash -curl -XPOST https://localhost:9200/_plugins/_sql -u 'admin:admin' -k -H 'Content-Type: application/json' -d '{"query": "SELECT * FROM my-index* LIMIT 50"}' +curl -XPOST https://localhost:9200/_plugins/_sql -u 'admin:' -k -H 'Content-Type: application/json' -d '{"query": "SELECT * FROM my-index* LIMIT 50"}' ``` {% include copy.html %} diff --git a/_security/access-control/cross-cluster-search.md b/_security/access-control/cross-cluster-search.md index 182803da5d..5eb4aae99e 100644 --- a/_security/access-control/cross-cluster-search.md +++ b/_security/access-control/cross-cluster-search.md @@ -77,6 +77,7 @@ services: - discovery.type=single-node - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=" # The initial admin password used by the demo configuration ulimits: memlock: soft: -1 @@ -97,6 +98,7 @@ services: - discovery.type=single-node - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=" # The initial admin password used by the demo configuration ulimits: memlock: soft: -1 @@ -120,13 +122,13 @@ networks: After the clusters start, verify the names of each: ```json -curl -XGET -u 'admin:admin' -k 'https://localhost:9200' +curl -XGET -u 'admin:' -k 'https://localhost:9200' { "cluster_name" : "opensearch-ccs-cluster1", ... } -curl -XGET -u 'admin:admin' -k 'https://localhost:9250' +curl -XGET -u 'admin:' -k 'https://localhost:9250' { "cluster_name" : "opensearch-ccs-cluster2", ... @@ -154,7 +156,7 @@ docker inspect --format='{% raw %}{{range .NetworkSettings.Networks}}{{.IPAddres On the coordinating cluster, add the remote cluster name and the IP address (with port 9300) for each "seed node." In this case, you only have one seed node: ```json -curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9250/_cluster/settings' -d ' +curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9250/_cluster/settings' -d ' { "persistent": { "cluster.remote": { @@ -169,13 +171,13 @@ curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:admin' 'https://loca On the remote cluster, index a document: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/books/_doc/1' -d '{"Dracula": "Bram Stoker"}' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/books/_doc/1' -d '{"Dracula": "Bram Stoker"}' ``` At this point, cross-cluster search works. You can test it using the `admin` user: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9250/opensearch-ccs-cluster1:books/_search?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9250/opensearch-ccs-cluster1:books/_search?pretty' { ... "hits": [{ @@ -192,8 +194,8 @@ curl -XGET -k -u 'admin:admin' 'https://localhost:9250/opensearch-ccs-cluster1:b To continue testing, create a new user on both clusters: ```bash -curl -XPUT -k -u 'admin:admin' 'https://localhost:9200/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}' -curl -XPUT -k -u 'admin:admin' 'https://localhost:9250/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}' +curl -XPUT -k -u 'admin:' 'https://localhost:9200/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}' +curl -XPUT -k -u 'admin:' 'https://localhost:9250/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}' ``` Then run the same search as before with `booksuser`: @@ -218,8 +220,8 @@ curl -XGET -k -u booksuser:password 'https://localhost:9250/opensearch-ccs-clust Note the permissions error. On the remote cluster, create a role with the appropriate permissions, and map `booksuser` to that role: ```bash -curl -XPUT -k -u 'admin:admin' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/roles/booksrole' -d '{"index_permissions":[{"index_patterns":["books"],"allowed_actions":["indices:admin/shards/search_shards","indices:data/read/search"]}]}' -curl -XPUT -k -u 'admin:admin' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/booksrole' -d '{"users" : ["booksuser"]}' +curl -XPUT -k -u 'admin:' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/roles/booksrole' -d '{"index_permissions":[{"index_patterns":["books"],"allowed_actions":["indices:admin/shards/search_shards","indices:data/read/search"]}]}' +curl -XPUT -k -u 'admin:' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/booksrole' -d '{"users" : ["booksuser"]}' ``` Both clusters must have the user, but only the remote cluster needs the role and mapping; in this case, the coordinating cluster handles authentication (i.e. "Does this request include valid user credentials?"), and the remote cluster handles authorization (i.e. "Can this user access this data?"). diff --git a/_security/access-control/impersonation.md b/_security/access-control/impersonation.md index 0033e46507..4bf7ab689d 100644 --- a/_security/access-control/impersonation.md +++ b/_security/access-control/impersonation.md @@ -47,5 +47,5 @@ plugins.security.authcz.impersonation_dn: To impersonate another user, submit a request to the system with the HTTP header `opendistro_security_impersonate_as` set to the name of the user to be impersonated. A good test is to make a GET request to the `_plugins/_security/authinfo` URI: ```bash -curl -XGET -u 'admin:admin' -k -H "opendistro_security_impersonate_as: user_1" https://localhost:9200/_plugins/_security/authinfo?pretty +curl -XGET -u 'admin:' -k -H "opendistro_security_impersonate_as: user_1" https://localhost:9200/_plugins/_security/authinfo?pretty ``` diff --git a/_troubleshoot/index.md b/_troubleshoot/index.md index c10a502073..22c7a1018f 100644 --- a/_troubleshoot/index.md +++ b/_troubleshoot/index.md @@ -30,7 +30,7 @@ If you run legacy Kibana OSS scripts against OpenSearch Dashboards---for example In this case, your scripts likely include the `"kbn-xsrf: true"` header. Switch it to the `osd-xsrf: true` header: ``` -curl -XPOST -u 'admin:admin' 'https://DASHBOARDS_ENDPOINT/api/saved_objects/_import' -H 'osd-xsrf:true' --form file=@export.ndjson +curl -XPOST -u 'admin:' 'https://DASHBOARDS_ENDPOINT/api/saved_objects/_import' -H 'osd-xsrf:true' --form file=@export.ndjson ``` diff --git a/_tuning-your-cluster/availability-and-recovery/remote-store/index.md b/_tuning-your-cluster/availability-and-recovery/remote-store/index.md index fc6643955a..5fd19f5cc2 100644 --- a/_tuning-your-cluster/availability-and-recovery/remote-store/index.md +++ b/_tuning-your-cluster/availability-and-recovery/remote-store/index.md @@ -86,7 +86,7 @@ curl -X POST "https://localhost:9200/_remotestore/_restore" -H 'Content-Type: ap **Restore all shards of a given index** ```bash -curl -X POST "https://localhost:9200/_remotestore/_restore?restore_all_shards=true" -ku admin:admin -H 'Content-Type: application/json' -d' +curl -X POST "https://localhost:9200/_remotestore/_restore?restore_all_shards=true" -ku admin: -H 'Content-Type: application/json' -d' { "indices": ["my-index"] } diff --git a/_tuning-your-cluster/index.md b/_tuning-your-cluster/index.md index 2f9da5f6be..4a2a027d2b 100644 --- a/_tuning-your-cluster/index.md +++ b/_tuning-your-cluster/index.md @@ -177,7 +177,7 @@ less /var/log/opensearch/opensearch-cluster.log Perform the following `_cat` query on any node to see all the nodes formed as a cluster: ```bash -curl -XGET https://:9200/_cat/nodes?v -u 'admin:admin' --insecure +curl -XGET https://:9200/_cat/nodes?v -u 'admin:' --insecure ``` ``` diff --git a/_tuning-your-cluster/replication-plugin/auto-follow.md b/_tuning-your-cluster/replication-plugin/auto-follow.md index fb94622727..828b835387 100644 --- a/_tuning-your-cluster/replication-plugin/auto-follow.md +++ b/_tuning-your-cluster/replication-plugin/auto-follow.md @@ -28,7 +28,7 @@ Replication rules are a collection of patterns that you create against a single Create a replication rule on the follower cluster: ```bash -curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d ' +curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d ' { "leader_alias" : "my-connection-alias", "name": "my-replication-rule", @@ -46,13 +46,13 @@ If the Security plugin is disabled, you can leave out the `use_roles` parameter. To test the rule, create a matching index on the leader cluster: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9201/movies-0001?pretty' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9201/movies-0001?pretty' ``` And confirm its replica shows up on the follower cluster: ```bash -curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_cat/indices?v' +curl -XGET -u 'admin:' -k 'https://localhost:9200/_cat/indices?v' ``` It might take several seconds for the index to appear. @@ -67,7 +67,7 @@ yellow open movies-0001 kHOxYYHxRMeszLjTD9rvSQ 1 1 0 To retrieve a list of existing replication rules that are configured on a cluster, send the following request: ```bash -curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_plugins/_replication/autofollow_stats' +curl -XGET -u 'admin:' -k 'https://localhost:9200/_plugins/_replication/autofollow_stats' { "num_success_start_replication": 1, @@ -96,7 +96,7 @@ curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_plugins/_replication/aut To delete a replication rule, send the following request to the follower cluster: ```bash -curl -XDELETE -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d ' +curl -XDELETE -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d ' { "leader_alias" : "my-conection-alias", "name": "my-replication-rule" diff --git a/_tuning-your-cluster/replication-plugin/getting-started.md b/_tuning-your-cluster/replication-plugin/getting-started.md index c8184d0646..2387c23b68 100644 --- a/_tuning-your-cluster/replication-plugin/getting-started.md +++ b/_tuning-your-cluster/replication-plugin/getting-started.md @@ -32,7 +32,7 @@ In addition, verify and add the distinguished names (DNs) of each follower clust First, get the node's DN from each follower cluster: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_opendistro/_security/api/ssl/certs?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9200/_opendistro/_security/api/ssl/certs?pretty' { "transport_certificates_list": [ @@ -110,13 +110,13 @@ networks: After the clusters start, verify the names of each: ```bash -curl -XGET -u 'admin:admin' -k 'https://localhost:9201' +curl -XGET -u 'admin:' -k 'https://localhost:9201' { "cluster_name" : "leader-cluster", ... } -curl -XGET -u 'admin:admin' -k 'https://localhost:9200' +curl -XGET -u 'admin:' -k 'https://localhost:9200' { "cluster_name" : "follower-cluster", ... @@ -148,7 +148,7 @@ Cross-cluster replication follows a "pull" model, so most changes occur on the f On the follower cluster, add the IP address (with port 9300) for each seed node. Because this is a single-node cluster, you only have one seed node. Provide a descriptive name for the connection, which you'll use in the request to start replication: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_cluster/settings?pretty' -d ' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_cluster/settings?pretty' -d ' { "persistent": { "cluster": { @@ -167,13 +167,13 @@ curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://loca To get started, create an index called `leader-01` on the leader cluster: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9201/leader-01?pretty' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9201/leader-01?pretty' ``` Then start replication from the follower cluster. In the request body, provide the connection name and leader index that you want to replicate, along with the security roles you want to use: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_start?pretty' -d ' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_start?pretty' -d ' { "leader_alias": "my-connection-alias", "leader_index": "leader-01", @@ -194,7 +194,7 @@ This command creates an identical read-only index named `follower-01` on the fol After replication starts, get the status: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' { "status" : "SYNCING", @@ -217,13 +217,13 @@ The leader and follower checkpoint values begin as negative numbers and reflect To confirm that replication is actually happening, add a document to the leader index: ```bash -curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9201/leader-01/_doc/1?pretty' -d '{"The Shining": "Stephen King"}' +curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9201/leader-01/_doc/1?pretty' -d '{"The Shining": "Stephen King"}' ``` Then validate the replicated content on the follower index: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9200/follower-01/_search?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9200/follower-01/_search?pretty' { ... @@ -251,13 +251,13 @@ After the first replication API trigger, the `.replication-metadata-store` index You can temporarily pause replication of an index if you need to remediate issues or reduce load on the leader cluster: ```bash -curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_pause?pretty' -d '{}' +curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_pause?pretty' -d '{}' ``` To confirm that replication is paused, get the status: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' { "status" : "PAUSED", @@ -271,7 +271,7 @@ curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/fol When you're done making changes, resume replication: ```bash -curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_resume?pretty' -d '{}' +curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_resume?pretty' -d '{}' ``` When replication resumes, the follower index picks up any changes that were made to the leader index while replication was paused. @@ -283,7 +283,7 @@ Note that you can't resume replication after it's been paused for more than 12 h When you no longer need to replicate an index, terminate replication from the follower cluster: ```bash -curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_stop?pretty' -d '{}' +curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_stop?pretty' -d '{}' ``` When you stop replication, the follower index un-follows the leader and becomes a standard index that you can write to. You can't restart replication after stopping it. @@ -291,7 +291,7 @@ When you stop replication, the follower index un-follows the leader and becomes Get the status to confirm that the index is no longer being replicated: ```bash -curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' +curl -XGET -k -u 'admin:' 'https://localhost:9200/_plugins/_replication/follower-01/_status?pretty' { "status" : "REPLICATION NOT IN PROGRESS" diff --git a/_upgrade-to/upgrade-to.md b/_upgrade-to/upgrade-to.md index 3316072a07..340055b214 100644 --- a/_upgrade-to/upgrade-to.md +++ b/_upgrade-to/upgrade-to.md @@ -87,7 +87,7 @@ If you are migrating an Open Distro for Elasticsearch cluster, we recommend firs # Elasticsearch OSS curl -XGET 'localhost:9200/_nodes/_all?pretty=true' # Open Distro for Elasticsearch with Security plugin enabled - curl -XGET 'https://localhost:9200/_nodes/_all?pretty=true' -u 'admin:admin' -k + curl -XGET 'https://localhost:9200/_nodes/_all?pretty=true' -u 'admin:' -k ``` Specifically, check the `nodes..version` portion of the response. Also check `_cat/indices?v` for a green status on all indexes. @@ -169,7 +169,7 @@ If you are migrating an Open Distro for Elasticsearch cluster, we recommend firs # Security plugin disabled curl -XGET 'localhost:9200/_nodes/_all?pretty=true' # Security plugin enabled - curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_nodes/_all?pretty=true' + curl -XGET -k -u 'admin:' 'https://localhost:9200/_nodes/_all?pretty=true' ``` Specifically, check the `nodes..version` portion of the response. Also check `_cat/indices?v` for a green status on all indexes.