Better instructions on removing Security plugin on Docker

Author: aetter

docs/elasticsearch/snapshot-restore.md

@@ -98,7 +98,7 @@ readonly | Whether the repository is read-only. Useful when migrating from one c
    sudo ./bin/elasticsearch-plugin install repository-s3
    ```
 
-   If you're using the Docker installation, see [Run with custom plugins](../../install/docker/#run-with-custom-plugins). Your `Dockerfile` should look something like this:
+   If you're using the Docker installation, see [Customize the Docker image](../../install/docker/#customize-the-docker-image). Your `Dockerfile` should look something like this:
 
    ```
    FROM amazon/opendistro-for-elasticsearch:1.3.0

docs/install/docker.md

@@ -215,7 +215,7 @@ Then run `sudo sysctl -p` to reload.
 The `docker-compose.yml` file above also contains several key settings: `bootstrap.memory_lock=true`, `ES_JAVA_OPTS=-Xms512m -Xmx512m`, `nofile 65536` and `port 9600`. Respectively, these settings disable memory swapping (along with `memlock`), set the size of the Java heap (we recommend half of system RAM), set a limit of 65536 open files for the Elasticsearch user, and allow you to access Performance Analyzer on port 9600.
 
 
-## Run with custom plugins
+## Customize the Docker image
 
 To run the image with a custom plugin, first create a [`Dockerfile`](https://docs.docker.com/engine/reference/builder/):
 
@@ -240,3 +240,18 @@ COPY --chown=elasticsearch:elasticsearch my-key-file.pem /usr/share/elasticsearc
 COPY --chown=elasticsearch:elasticsearch my-certificate-chain.pem /usr/share/elasticsearch/config/
 COPY --chown=elasticsearch:elasticsearch my-root-cas.pem /usr/share/elasticsearch/config/
 ```
+
+Alternately, you might want to remove a plugin. This `Dockerfile` removes the Security plugin:
+
+```
+FROM amazon/opendistro-for-elasticsearch:1.3.0
+RUN /usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro_security
+COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
+```
+
+In this case, `elasticsearch.yml` is a "vanilla" version of the file with no Open Distro for Elasticsearch entries. It might look like this:
+
+```yml
+cluster.name: "docker-cluster"
+network.host: 0.0.0.0
+```

docs/security-configuration/disable.md

@@ -15,6 +15,8 @@ opendistro_security.disabled: true
 
 A more permanent option is to remove the Security plugin entirely. Delete the `plugins/opendistro_security` folder on all nodes, and delete the `opendistro_security` configuration entries from `elasticsearch.yml`.
 
+To perform these steps on the Docker image, see [Customize the Docker image](../../install/docker/#customize-the-docker-image).
+
 Disabling or removing the plugin exposes the configuration index for the Security plugin. If the index contains sensitive information, be sure to protect it through some other means. If you no longer need the index, delete it.
 {: .warning }
 
@@ -41,8 +43,19 @@ If you disable the Security plugin in `elasticsearch.yml` (or delete the plugin
    ```
    FROM amazon/opendistro-for-elasticsearch-kibana:1.3.0
    RUN /usr/share/kibana/bin/kibana-plugin remove opendistro_security
+   COPY --chown=kibana:kibana kibana.yml /usr/share/kibana/config/
+   ```
+
+   In this case, `kibana.yml` is a "vanilla" version of the file with no Open Distro for Elasticsearch entries. It might look like this:
+
+   ```yml
+   ---
+   server.name: kibana
+   server.host: "0"
+   elasticsearch.hosts: http://localhost:9200
    ```
 
+
 1. To build the new Docker image, run the following command:
 
    ```bash
@@ -52,5 +65,4 @@ If you disable the Security plugin in `elasticsearch.yml` (or delete the plugin
 1. In `docker-compose.yml`, change `amazon/opendistro-for-elasticsearch-kibana:1.3.0` to `kibana-no-security`.
 1. Change `ELASTICSEARCH_URL` (`docker-compose.yml`) or `elasticsearch.url` (your custom `kibana.yml`) to `http://` rather than `https://`.
 1. Change `ELASTICSEARCH_HOSTS` or `elasticsearch.hosts` to `http://` rather than `https://`.
-1. Remove all `opendistro_security` lines from `kibana.yml`.
 1. Enter `docker-compose up`.