Change Opensearch Admin password

It cannot be modified in the dashboard, and must be modified only with a script.

  1. Terminal connection to master node

  2. Create a password (using the provided tool script).

cd /usr/share/opensearch/plugins/opensearch-security/tools

./hash.sh -p <new_password>

# example - output
sh-5.2$ ./hash.sh -p dhvmstjcl!
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
$2y$12$8CL1a9FLy1JwNe5q6yudZuTtzs/9.hkxvk1WnInwOV16JV3P3RoC6
  1. Load current settings

// Some code./securityadmin.sh -backup my-backup-directory \
  -icl \
  -nhnv \
  -cacert ../../../config/admin/ca.crt \
  -cert ../../../config/admin/tls.crt \
  -key ../../../config/admin/tls.key
  1. Change settings and run reflection script

# Search for line target to replace
# Find the hash value line of the admin item
cat -n my-backup-directory/internal_users.yml

    23	  config_version: 2
    24	admin:
    25	  hash: "$2a$12$W5jcOBWSN6/q9bOKhFbTE.m/pK.POlHkLFCcR7W79M479kq3FiOIO"
    26	  reserved: true
    27	  hidden: false
    28	  backend_roles:

# Add content (add content after removing line)
sed -i 'Line number d' file name
sed -i 'Line number i\Content' file name
# sed -i '25d' my-backup-directory/internal_users.yml
# sed -i '25 i\  hash: "$2y$12$8CL1a9FLy1JwNe5q6yudZuTtzs/9.hkxvk1WnInwOV16JV3P3RoC6"' my-backup-directory/internal_users.yml

# reflection
./securityadmin.sh -f my-backup-directory/internal_users.yml \
  -t internalusers \
  -icl \
  -nhnv \
  -cacert ../../../config/admin/ca.crt \
  -cert ../../../config/admin/tls.crt \
  -key ../../../config/admin/tls.key

Last updated

ⓒ2023. Acornsoft Corp. All rights reserved.