Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove admin:admin default and update instructions for demo setup #5887

Merged
merged 28 commits into from
Feb 1, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
92e9f22
Update some admin:admin references
derek-ho Dec 15, 2023
2c05e39
Update all references except for helm
derek-ho Dec 15, 2023
d4d1551
Update helm
derek-ho Dec 15, 2023
7606020
Reverts changes made to _install-and-configure folder
DarshitChanpura Jan 8, 2024
18c4dbb
Merge branch 'main' into admin
DarshitChanpura Jan 8, 2024
e524958
Merge branch 'main' into admin
DarshitChanpura Jan 9, 2024
eceb3c3
Merge branch 'main' into admin
DarshitChanpura Jan 9, 2024
d8f9203
Merge branch 'main' into admin
DarshitChanpura Jan 11, 2024
9fe6bc8
Merge branch 'main' into admin
DarshitChanpura Jan 11, 2024
cdeb90f
Apply suggestions from code review
derek-ho Jan 12, 2024
ec6c14c
Merge branch 'main' into admin
derek-ho Jan 12, 2024
dedf9bb
Merge branch 'main' into admin
DarshitChanpura Jan 13, 2024
d227507
Merge branch 'main' into admin
DarshitChanpura Jan 16, 2024
0216d9c
Merge branch 'main' into admin
DarshitChanpura Jan 16, 2024
9af6b27
Merge branch 'main' into admin
DarshitChanpura Jan 17, 2024
56497be
Merge branch 'main' into admin
DarshitChanpura Jan 19, 2024
a6b2b9e
Merge branch 'main' into admin
DarshitChanpura Jan 22, 2024
2165d52
Update _about/quickstart.md
Naarcha-AWS Jan 23, 2024
14baf92
Merge branch 'main' into admin
DarshitChanpura Jan 23, 2024
be5762d
Apply suggestions from code review
Naarcha-AWS Jan 23, 2024
e0f1c21
Update quickstart.md
Naarcha-AWS Jan 23, 2024
5902f2e
Merge branch 'main' into admin
DarshitChanpura Jan 25, 2024
5a10f61
Merge branch 'main' into admin
DarshitChanpura Jan 27, 2024
24b46c4
Merge branch 'main' into admin
DarshitChanpura Jan 29, 2024
1acb1c1
Merge branch 'main' into admin
DarshitChanpura Jan 29, 2024
7ed50ca
Merge branch 'main' into admin
DarshitChanpura Jan 30, 2024
cc1b44f
Merge branch 'main' into admin
DarshitChanpura Jan 31, 2024
fcbc313
Merge branch 'main' into admin
DarshitChanpura Feb 1, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions _install-and-configure/install-opensearch/debian.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ This guide assumes that you are comfortable working from the Linux command line
1. From the CLI, install using `dpkg`.
```bash
# x64
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add a comment about why this password is required.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This applies to all updated distributions


# arm64
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password> dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing trailing space inside ">".

```

1. After the installation succeeds, enable OpenSearch as a service.
Expand Down Expand Up @@ -175,7 +175,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
1. Send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand All @@ -201,7 +201,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand Down
12 changes: 6 additions & 6 deletions _install-and-configure/install-opensearch/rpm.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,16 @@ This guide assumes that you are comfortable working from the Linux command line
1. From the CLI, you can install the package with `rpm` or `yum`.
```bash
# Install the x64 package using yum.
sudo yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the x64 package using rpm.
sudo rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the arm64 package using yum.
sudo yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > yum install opensearch-{{site.opensearch_version}}-linux-x64.rpm

# Install the arm64 package using rpm.
sudo rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm
sudo env OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password > rpm -ivh opensearch-{{site.opensearch_version}}-linux-x64.rpm
```
1. After the installation succeeds, enable OpenSearch as a service.
```bash
Expand Down Expand Up @@ -147,7 +147,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
1. Send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand All @@ -173,7 +173,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand Down
10 changes: 8 additions & 2 deletions _install-and-configure/install-opensearch/tar.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,12 @@ An OpenSearch node configured by the demo security script is not suitable for a
```
{% include copy.html %}

1. Set an initial admin password variable through the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` environment variable.
```bash
export OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password >
```
{% include copy.html %}

1. Run the OpenSearch startup script with the security demo configuration.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this step should be numbered as 2

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of them are 1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is correct, I believe the numbers are handled on the website side.

```bash
./opensearch-tar-install.sh
Expand All @@ -103,7 +109,7 @@ An OpenSearch node configured by the demo security script is not suitable for a
1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
curl -X GET https://localhost:9200 -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand All @@ -129,7 +135,7 @@ An OpenSearch node configured by the demo security script is not suitable for a
```
- Query the plugins endpoint:
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:< Admin password >' --insecure
```
{% include copy.html %}

Expand Down
10 changes: 8 additions & 2 deletions _install-and-configure/install-opensearch/windows.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,12 @@ An OpenSearch node in its default configuration (with demo certificates and user
```
{% include copy.html %}

1. Set the initial admin password via the `OPENSEARCH_INITIAL_ADMIN_PASSWORD` environment variable.
```bat
set OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password >
```
{% include copy.html %}

1. Run the batch script.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this step should be numbered as 2

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of them are numbered as 1

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Markdown automatically will number these in sequence. So if you put "1. 1. 1.", the output will be "1. 2. 3"

```bat
.\opensearch-windows-install.bat
Expand All @@ -74,7 +80,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
1. Open a new command prompt and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bat
curl.exe -X GET https://localhost:9200 -u "admin:admin" --insecure
curl.exe -X GET https://localhost:9200 -u "admin:< Admin password >" --insecure
```
{% include copy.html %}

Expand All @@ -100,7 +106,7 @@ An OpenSearch node in its default configuration (with demo certificates and user
```
- Query the plugins endpoint:
```bat
curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:admin" --insecure
curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:< Admin password >" --insecure
```
{% include copy.html %}

Expand Down
2 changes: 1 addition & 1 deletion _monitoring-your-cluster/pa/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ curl -XPOST http://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/conf
If you encounter the `curl: (52) Empty reply from server` response, run the following command to enable RCA:

```bash
curl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:admin' -k
curl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:< Admin password >' -k
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

### Example API query and response
Expand Down
2 changes: 1 addition & 1 deletion _observing-your-data/log-ingestion.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ This should result in a single document being written to the OpenSearch cluster
Run the following command to see one of the raw documents in the OpenSearch cluster:

```bash
curl -X GET -u 'admin:admin' -k 'https://localhost:9200/apache_logs/_search?pretty&size=1'
curl -X GET -u 'admin:< Admin password >' -k 'https://localhost:9200/apache_logs/_search?pretty&size=1'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

The response should show the parsed log data:
Expand Down
2 changes: 1 addition & 1 deletion _observing-your-data/trace/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ node-0.example.com | [2020-11-19T16:29:55,267][INFO ][o.e.c.m.MetadataMappingSe
In a new terminal window, run the following command to see one of the raw documents in the OpenSearch cluster:

```bash
curl -X GET -u 'admin:admin' -k 'https://localhost:9200/otel-v1-apm-span-000001/_search?pretty&size=1'
curl -X GET -u 'admin:< Admin password >' -k 'https://localhost:9200/otel-v1-apm-span-000001/_search?pretty&size=1'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Navigate to `http://localhost:5601` in a web browser and choose **Trace Analytics**. You can see the results of your single click in the Jaeger HotROD web interface: the number of traces per API and HTTP method, latency trends, a color-coded map of the service architecture, and a list of trace IDs that you can use to drill down on individual operations.
Expand Down
2 changes: 1 addition & 1 deletion _reporting/rep-cli-env-var.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Values from the command line argument have higher priority than the environment
The following command requests a report with basic authentication in PNG format:

```
opensearch-reporting-cli --url https://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d --format png --auth basic --credentials admin:admin
opensearch-reporting-cli --url https://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d --format png --auth basic --credentials admin:< Admin password >
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Upon success, the report will download to the current directory.
Expand Down
2 changes: 1 addition & 1 deletion _search-plugins/sql/sql/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ POST _plugins/_sql
To run the preceding query in the command line, use the [curl](https://curl.haxx.se/) command:

```bash
curl -XPOST https://localhost:9200/_plugins/_sql -u 'admin:admin' -k -H 'Content-Type: application/json' -d '{"query": "SELECT * FROM my-index* LIMIT 50"}'
curl -XPOST https://localhost:9200/_plugins/_sql -u 'admin:< Admin password >' -k -H 'Content-Type: application/json' -d '{"query": "SELECT * FROM my-index* LIMIT 50"}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```
{% include copy.html %}

Expand Down
20 changes: 11 additions & 9 deletions _security/access-control/cross-cluster-search.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ services:
- discovery.type=single-node
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password >" # The initial admin password used by the demo configuration
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
ulimits:
memlock:
soft: -1
Expand All @@ -97,6 +98,7 @@ services:
- discovery.type=single-node
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=< Admin password >" # The initial admin password used by the demo configuration
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
ulimits:
memlock:
soft: -1
Expand All @@ -120,13 +122,13 @@ networks:
After the clusters start, verify the names of each:

```json
curl -XGET -u 'admin:admin' -k 'https://localhost:9200'
curl -XGET -u 'admin:< Admin password >' -k 'https://localhost:9200'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"cluster_name" : "opensearch-ccs-cluster1",
...
}

curl -XGET -u 'admin:admin' -k 'https://localhost:9250'
curl -XGET -u 'admin:< Admin password >' -k 'https://localhost:9250'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"cluster_name" : "opensearch-ccs-cluster2",
...
Expand Down Expand Up @@ -154,7 +156,7 @@ docker inspect --format='{% raw %}{{range .NetworkSettings.Networks}}{{.IPAddres
On the coordinating cluster, add the remote cluster name and the IP address (with port 9300) for each "seed node." In this case, you only have one seed node:

```json
curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9250/_cluster/settings' -d '
curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:< Admin password >' 'https://localhost:9250/_cluster/settings' -d '
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"persistent": {
"cluster.remote": {
Expand All @@ -169,13 +171,13 @@ curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:admin' 'https://loca
On the remote cluster, index a document:

```bash
curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/books/_doc/1' -d '{"Dracula": "Bram Stoker"}'
curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:< Admin password >' 'https://localhost:9200/books/_doc/1' -d '{"Dracula": "Bram Stoker"}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

At this point, cross-cluster search works. You can test it using the `admin` user:

```bash
curl -XGET -k -u 'admin:admin' 'https://localhost:9250/opensearch-ccs-cluster1:books/_search?pretty'
curl -XGET -k -u 'admin:< Admin password >' 'https://localhost:9250/opensearch-ccs-cluster1:books/_search?pretty'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
...
"hits": [{
Expand All @@ -192,8 +194,8 @@ curl -XGET -k -u 'admin:admin' 'https://localhost:9250/opensearch-ccs-cluster1:b
To continue testing, create a new user on both clusters:

```bash
curl -XPUT -k -u 'admin:admin' 'https://localhost:9200/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
curl -XPUT -k -u 'admin:admin' 'https://localhost:9250/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
curl -XPUT -k -u 'admin:< Admin password >' 'https://localhost:9200/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
curl -XPUT -k -u 'admin:< Admin password >' 'https://localhost:9250/_plugins/_security/api/internalusers/booksuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Then run the same search as before with `booksuser`:
Expand All @@ -218,8 +220,8 @@ curl -XGET -k -u booksuser:password 'https://localhost:9250/opensearch-ccs-clust
Note the permissions error. On the remote cluster, create a role with the appropriate permissions, and map `booksuser` to that role:

```bash
curl -XPUT -k -u 'admin:admin' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/roles/booksrole' -d '{"index_permissions":[{"index_patterns":["books"],"allowed_actions":["indices:admin/shards/search_shards","indices:data/read/search"]}]}'
curl -XPUT -k -u 'admin:admin' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/booksrole' -d '{"users" : ["booksuser"]}'
curl -XPUT -k -u 'admin:< Admin password >' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/roles/booksrole' -d '{"index_permissions":[{"index_patterns":["books"],"allowed_actions":["indices:admin/shards/search_shards","indices:data/read/search"]}]}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
curl -XPUT -k -u 'admin:< Admin password >' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/booksrole' -d '{"users" : ["booksuser"]}'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Both clusters must have the user, but only the remote cluster needs the role and mapping; in this case, the coordinating cluster handles authentication (i.e. "Does this request include valid user credentials?"), and the remote cluster handles authorization (i.e. "Can this user access this data?").
Expand Down
2 changes: 1 addition & 1 deletion _security/access-control/impersonation.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,5 +47,5 @@ plugins.security.authcz.impersonation_dn:
To impersonate another user, submit a request to the system with the HTTP header `opendistro_security_impersonate_as` set to the name of the user to be impersonated. A good test is to make a GET request to the `_plugins/_security/authinfo` URI:

```bash
curl -XGET -u 'admin:admin' -k -H "opendistro_security_impersonate_as: user_1" https://localhost:9200/_plugins/_security/authinfo?pretty
curl -XGET -u 'admin:< Admin password >' -k -H "opendistro_security_impersonate_as: user_1" https://localhost:9200/_plugins/_security/authinfo?pretty
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```
2 changes: 1 addition & 1 deletion _troubleshoot/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ If you run legacy Kibana OSS scripts against OpenSearch Dashboards---for example
In this case, your scripts likely include the `"kbn-xsrf: true"` header. Switch it to the `osd-xsrf: true` header:

```
curl -XPOST -u 'admin:admin' 'https://DASHBOARDS_ENDPOINT/api/saved_objects/_import' -H 'osd-xsrf:true' --form file=@export.ndjson
curl -XPOST -u 'admin:< Admin password >' 'https://DASHBOARDS_ENDPOINT/api/saved_objects/_import' -H 'osd-xsrf:true' --form file=@export.ndjson
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ curl -X POST "https://localhost:9200/_remotestore/_restore" -H 'Content-Type: ap
**Restore all shards of a given index**

```bash
curl -X POST "https://localhost:9200/_remotestore/_restore?restore_all_shards=true" -ku admin:admin -H 'Content-Type: application/json' -d'
curl -X POST "https://localhost:9200/_remotestore/_restore?restore_all_shards=true" -ku admin:< Admin password > -H 'Content-Type: application/json' -d'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"indices": ["my-index"]
}
Expand Down
2 changes: 1 addition & 1 deletion _tuning-your-cluster/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ less /var/log/opensearch/opensearch-cluster.log
Perform the following `_cat` query on any node to see all the nodes formed as a cluster:

```bash
curl -XGET https://<private-ip>:9200/_cat/nodes?v -u 'admin:admin' --insecure
curl -XGET https://<private-ip>:9200/_cat/nodes?v -u 'admin:< Admin password >' --insecure
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

```
Expand Down
10 changes: 5 additions & 5 deletions _tuning-your-cluster/replication-plugin/auto-follow.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ Replication rules are a collection of patterns that you create against a single
Create a replication rule on the follower cluster:

```bash
curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d '
curl -XPOST -k -H 'Content-Type: application/json' -u 'admin:< Admin password >' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d '
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"leader_alias" : "my-connection-alias",
"name": "my-replication-rule",
Expand All @@ -46,13 +46,13 @@ If the Security plugin is disabled, you can leave out the `use_roles` parameter.
To test the rule, create a matching index on the leader cluster:

```bash
curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9201/movies-0001?pretty'
curl -XPUT -k -H 'Content-Type: application/json' -u 'admin:< Admin password >' 'https://localhost:9201/movies-0001?pretty'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

And confirm its replica shows up on the follower cluster:

```bash
curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_cat/indices?v'
curl -XGET -u 'admin:< Admin password >' -k 'https://localhost:9200/_cat/indices?v'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

It might take several seconds for the index to appear.
Expand All @@ -67,7 +67,7 @@ yellow open movies-0001 kHOxYYHxRMeszLjTD9rvSQ 1 1 0
To retrieve a list of existing replication rules that are configured on a cluster, send the following request:

```bash
curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_plugins/_replication/autofollow_stats'
curl -XGET -u 'admin:< Admin password >' -k 'https://localhost:9200/_plugins/_replication/autofollow_stats'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved

{
"num_success_start_replication": 1,
Expand Down Expand Up @@ -96,7 +96,7 @@ curl -XGET -u 'admin:admin' -k 'https://localhost:9200/_plugins/_replication/aut
To delete a replication rule, send the following request to the follower cluster:

```bash
curl -XDELETE -k -H 'Content-Type: application/json' -u 'admin:admin' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d '
curl -XDELETE -k -H 'Content-Type: application/json' -u 'admin:< Admin password >' 'https://localhost:9200/_plugins/_replication/_autofollow?pretty' -d '
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
{
"leader_alias" : "my-conection-alias",
"name": "my-replication-rule"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ In addition, verify and add the distinguished names (DNs) of each follower clust
First, get the node's DN from each follower cluster:

```bash
curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_opendistro/_security/api/ssl/certs?pretty'
curl -XGET -k -u 'admin:< Admin password >' 'https://localhost:9200/_opendistro/_security/api/ssl/certs?pretty'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved

{
"transport_certificates_list": [
Expand Down
4 changes: 2 additions & 2 deletions _upgrade-to/upgrade-to.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ If you are migrating an Open Distro for Elasticsearch cluster, we recommend firs
# Elasticsearch OSS
curl -XGET 'localhost:9200/_nodes/_all?pretty=true'
# Open Distro for Elasticsearch with Security plugin enabled
curl -XGET 'https://localhost:9200/_nodes/_all?pretty=true' -u 'admin:admin' -k
curl -XGET 'https://localhost:9200/_nodes/_all?pretty=true' -u 'admin:< Admin password >' -k
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Specifically, check the `nodes.<node-id>.version` portion of the response. Also check `_cat/indices?v` for a green status on all indexes.
Expand Down Expand Up @@ -169,7 +169,7 @@ If you are migrating an Open Distro for Elasticsearch cluster, we recommend firs
# Security plugin disabled
curl -XGET 'localhost:9200/_nodes/_all?pretty=true'
# Security plugin enabled
curl -XGET -k -u 'admin:admin' 'https://localhost:9200/_nodes/_all?pretty=true'
curl -XGET -k -u 'admin:< Admin password >' 'https://localhost:9200/_nodes/_all?pretty=true'
derek-ho marked this conversation as resolved.
Show resolved Hide resolved
```

Specifically, check the `nodes.<node-id>.version` portion of the response. Also check `_cat/indices?v` for a green status on all indexes.
Expand Down