Updates tar distribution to conform to changes in install demo configuration script in security plugin

[DarshitChanpura]

Description

Following up on the changes to demo configuration script in security plugin, opensearch-project/security#3669, the OS supported distributions need to adapt to changes in the behavior of demo configuration script.

What has changed?

The ./opensearch-tar-install.sh will now have these execution paths:

1. OPENSEARCH_INITIAL_ADMIN_PASSWORD value is set to a strong password: Demo configuration script execution succeeds
2. If weak password is provided in either of the cases, tar-install.sh execution will fail.
3. If no password is provided, the script will exit and installation will fail.

For detailed testing output, refer to this comment on the issue mentioned below.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (31cc1ef) 91.35% compared to head (840a220) 91.35%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4250   +/-   ##
=======================================
  Coverage   91.35%   91.35%           
=======================================
  Files         190      190           
  Lines        6175     6175           
=======================================
  Hits         5641     5641           
  Misses        534      534           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rishabh6788]

Just to be clear, the user is still admin and only the password has to be provided, right?

[DarshitChanpura]

Just to be clear, the user is still admin and only the password has to be provided, right?

Yes, correct.

[prudhvigodithi]

Adding @derek-ho, coming from the issue #4094, looks this change is having a problem to deal multi node cluster? Derek can you please add more details. Thank you

[DarshitChanpura]

Adding @derek-ho, coming from the issue #4094, looks this change is having a problem to deal multi node cluster? Derek can you please add more details. Thank you

This issue has been addressed now by skipping password generation and quitting the script if no custom password was provided.

[dblock]

Is the variable really initialAdminPassword?! All OpenSearch variables are OPENSEARCH_SOMETHING_SOMETHING, where did we deviate from this convention?

[DarshitChanpura]

@dblock Updated the info statements and the corresponding PR: opensearch-project/security#3843
has been raised in security plugin

[DarshitChanpura]

@prudhvigodithi @rishabh6788 Would you please review this?

[rishabh6788]

I am okay with approving this change but we cannot merge this until security plugin changes have been back-ported to 2.x as it will start breaking 2.12.0 tests and benchmark runs.

[DarshitChanpura]

I am okay with approving this change but we cannot merge this until security plugin changes have been back-ported to 2.x as it will start breaking 2.12.0 tests and benchmark runs.

The backport PR is currently waiting review: opensearch-project/security#3845

[DarshitChanpura]

opensearch-project/security#3845 is merged and this PR is unblocked.

[peterzhuamazon]

After talking to @prudhvigodithi we should remove the exit 1, and add set -e to the install script, as the original design removed that due to chmod 777 /dev/shm, which has been removed some time ago.

[peterzhuamazon]

More conversation with @DarshitChanpura and seems like set -e might have more impact on docker side. He will get more info on that and we will need some more discussion on it with @prudhvigodithi.

I am ok with either approach, just think it would be better if we are consistent across all distributions.

[DarshitChanpura]

set -e affects the entire file setup and analyzing that change is out of scope, IMO. @prudhvigodithi @peterzhuamazon please lmk if we should indeed use set -e. TAR is much simple to analyze and can be changed to use set -e, however, docker setup is bit more involved in terms of understanding all possible code paths. Windows however doesn't have set -e from what I understand, and hence will require some form of || exit /b 1.

So, for consistency purposes I'd vote on keeping it as is with || exit 1. This has been extensively tested on TAR, docker and Windows, and the setup works as expected with this change.

@prudhvigodithi @peterzhuamazon @rishabh6788 thoughts?

[DarshitChanpura]

@peterzhuamazon @prudhvigodithi @rishabh6788 Could I please get reviews on this?

[peterzhuamazon]

Also need @prudhvigodithi to confirm on @DarshitChanpura comment above regarding keeping the exit 1 for docker and tar, but remove for deb and rpm.

[DarshitChanpura]

Also need @prudhvigodithi to confirm on @DarshitChanpura comment above regarding keeping the exit 1 for docker and tar, but remove for deb and rpm.

This PR only addresses TAR ball, no docker/windows/rpm/deb changes are present

[DarshitChanpura]

@peterzhuamazon Could I get some re-reviews on this PR?

[prudhvigodithi]

I'm ok with exit 1, even though having set -e is better as the execution codes are directly dictated by install_demo_configuration.sh but needs proper testing on how the script would behave (using set -e) with docker etc.
@peterzhuamazon add your final thought.

[prudhvigodithi]

@DarshitChanpura can you please use as echo -e "This is a line with a new line.\nThis is the second line." to print statements in a new line. We dont need 3 echo lines.

[DarshitChanpura]

echo -e maybe slightly unstable. I've used printf instead which is more stable for combining 3 lines with \n

[DarshitChanpura]

@peterzhuamazon @prudhvigodithi @rishabh6788 Could I get some more reviews?

[peterzhuamazon]

echo -e should be used here to be consistent instead of printf.

[DarshitChanpura]

@peterzhuamazon is there anything blocking this PR still?