diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index d583cef0d5..9fc1715033 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -60,6 +60,9 @@ cp build/distributions/opensearch-security-*.zip $OPENSEARCH_SECURITY_HOME cd $OPENSEARCH_SECURITY_HOME unzip opensearch-security-*.zip rm opensearch-security-*.zip +mkdir $OPENSEARCH_HOME/config/opensearch-security +mv config/* $OPENSEARCH_HOME/config/opensearch-security/ +rm -rf config/ ``` Install the demo certificates and default configuration, answer `y` to the first two questions and `n` to the last one. The log should look like below: @@ -74,22 +77,22 @@ Cluster mode requires maybe additional setup of: - Virtual memory (vm.max_map_count) Enable cluster mode? [y/N] n -Basedir: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT +Basedir: /Users/XXXXX/Test/opensearch-* OpenSearch install type: .tar.gz on -OpenSearch config dir: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/config -OpenSearch config file: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/config/opensearch.yml -OpenSearch bin dir: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/bin -OpenSearch plugins dir: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/plugins -OpenSearch lib dir: /Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/lib -Detected OpenSearch Version: x-content-1.3.0-SNAPSHOT +OpenSearch config dir: /Users/XXXXX/Test/opensearch-*/config +OpenSearch config file: /Users/XXXXX/Test/opensearch-*/config/opensearch.yml +OpenSearch bin dir: /Users/XXXXX/Test/opensearch-*/bin +OpenSearch plugins dir: /Users/XXXXX/Test/opensearch-*/plugins +OpenSearch lib dir: /Users/XXXXX/Test/opensearch-*/lib +Detected OpenSearch Version: x-content-* Detected OpenSearch Security Version: * ### Success ### Execute this script now on all your nodes and then start all nodes ### OpenSearch Security will be automatically initialized. ### If you like to change the runtime configuration -### change the files in ../securityconfig and execute: -"/Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/plugins/opensearch-security/securityconfig" -icl -key "/Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/config/kirk-key.pem" -cert "/Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/config/kirk.pem" -cacert "/Users/XXXXX/Test/opensearch-1.3.0-SNAPSHOT/config/root-ca.pem" -nhnv +### change the files in ../config and execute: +"/Users/XXXXX/Test/opensearch-*/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/XXXXX/Test/opensearch-*/config/opensearch-security/" -icl -key "/Users/XXXXX/Test/opensearch-*/config/kirk-key.pem" -cert "/Users/XXXXX/Test/opensearch-*/config/kirk.pem" -cacert "/Users/XXXXX/Test/opensearch-*/config/root-ca.pem" -nhnv ### or run ./securityadmin_demo.sh ### To use the Security Plugin ConfigurationGUI ### To access your secured cluster open https://: and log in with admin/admin. diff --git a/build.gradle b/build.gradle index 550fc0f6bc..0a5826b73e 100644 --- a/build.gradle +++ b/build.gradle @@ -283,7 +283,7 @@ task bundle(dependsOn: jar, type: Zip) { from 'plugin-security.policy' from 'plugin-descriptor.properties' from('securityconfig') { - into 'securityconfig/' + into 'config/' } from('tools') { into 'tools/' diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index ac2ec48758..2f247b7224 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -124,7 +124,7 @@ public void run() { try { String lookupDir = System.getProperty("security.default_init.dir"); - final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).pluginsFile().toAbsolutePath().toString()+"/opensearch-security/securityconfig/"; + final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configFile().toAbsolutePath().toString()+"/opensearch-security/"; File confFile = new File(cd+"config.yml"); if(confFile.exists()) { final ThreadContext threadContext = threadPool.getThreadContext(); diff --git a/src/main/java/org/opensearch/security/tools/AuditConfigMigrater.java b/src/main/java/org/opensearch/security/tools/AuditConfigMigrater.java index 9aa2bf4486..6e21c1834f 100644 --- a/src/main/java/org/opensearch/security/tools/AuditConfigMigrater.java +++ b/src/main/java/org/opensearch/security/tools/AuditConfigMigrater.java @@ -48,7 +48,7 @@ public class AuditConfigMigrater { public static void main(String[] args) { options.addOption(Option.builder("s").argName("source").hasArg().desc("Path to opensearch.yml file to migrate. If not specified, will try to lookup env " + OPENSEARCH_PATH_CONF_ENV + " followed by lookup in current directory.").build()); - options.addOption(Option.builder("oad").argName("output-audit-dir").hasArg().desc("Output directory to store the generated " + AUDIT_YML + " file. To be uploaded in the index, the file must be present in plugins/opensearch-security/securityconfig/ or use securityadmin tool.").build()); + options.addOption(Option.builder("oad").argName("output-audit-dir").hasArg().desc("Output directory to store the generated " + AUDIT_YML + " file. To be uploaded in the index, the file must be present in config/opensearch-security/ or use securityadmin tool.").build()); options.addOption(Option.builder("oed").argName("output-opensearch-dir").hasArg().desc("Output directory to store the generated " + OPENSEARCH_AUDIT_FILTERED_YML + " file.").build()); try { diff --git a/tools/install_demo_configuration.sh b/tools/install_demo_configuration.sh index ebc909925a..cb13ef0756 100755 --- a/tools/install_demo_configuration.sh +++ b/tools/install_demo_configuration.sh @@ -417,7 +417,7 @@ echo "### Success" echo "### Execute this script now on all your nodes and then start all nodes" #Generate securityadmin_demo.sh echo "#!/bin/bash" | $SUDO_CMD tee securityadmin_demo.sh > /dev/null -echo $SUDO_CMD \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/securityadmin.sh"\" -cd \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/securityconfig"\" -icl -key \""$OPENSEARCH_CONF_DIR/kirk-key.pem"\" -cert \""$OPENSEARCH_CONF_DIR/kirk.pem"\" -cacert \""$OPENSEARCH_CONF_DIR/root-ca.pem"\" -nhnv | $SUDO_CMD tee -a securityadmin_demo.sh > /dev/null +echo $SUDO_CMD \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/securityadmin.sh"\" -cd \""$OPENSEARCH_CONF_DIR/opensearch-security"\" -icl -key \""$OPENSEARCH_CONF_DIR/kirk-key.pem"\" -cert \""$OPENSEARCH_CONF_DIR/kirk.pem"\" -cacert \""$OPENSEARCH_CONF_DIR/root-ca.pem"\" -nhnv | $SUDO_CMD tee -a securityadmin_demo.sh > /dev/null $SUDO_CMD chmod +x securityadmin_demo.sh if [ "$initsecurity" == 0 ]; then @@ -428,7 +428,7 @@ if [ "$initsecurity" == 0 ]; then else echo "### OpenSearch Security will be automatically initialized." echo "### If you like to change the runtime configuration " - echo "### change the files in ../securityconfig and execute: " + echo "### change the files in ../../../config/opensearch-security and execute: " $SUDO_CMD cat securityadmin_demo.sh | tail -1 echo "### or run ./securityadmin_demo.sh" echo "### To use the Security Plugin ConfigurationGUI"