From 2ea4d2f303500b511d368415f5d71c247496ea9c Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Wed, 13 Dec 2023 17:44:55 -0500 Subject: [PATCH 1/5] Updates the developer guide to reflect changes in the demo configuration script Signed-off-by: Darshit Chanpura --- DEVELOPER_GUIDE.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 5e797c98d1..6553fd8ce3 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -162,6 +162,21 @@ extension_hw_greet: - "hw-user" ``` +### Setting up password for demo admin user + +This step is a pre-requisite to installing demo configuration. There are two ways password can be set for demo `admin` user: +1. **Setting via environment variable:** Password be passed by exporting `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable with a password. +```shell +export OPENSEARCH_INITIAL_ADMIN_PASSWORD= +``` + +2. **Setting via a text file:** Password can also be supplied by creating a single line text file `opensearch_initial_admin_password.txt` file with `` under `$OPENSEARCH_HOME/config/` folder. + +**_Note:_** If no password is supplied the installation will fail. The passwords supplied need to be strong as there is a password validation check in place. There is an option to skip password validation by passing `-t` option to installation script. However, this should only be used for test environments. + + +### Executing the demo installation script + To install the demo certificates and default configuration, answer `y` to the first two questions and `n` to the last one. The log should look like below: ```bash @@ -192,7 +207,7 @@ Detected OpenSearch Security Version: * "/Users/XXXXX/Test/opensearch-*/plugins/opensearch-security/tools/securityadmin.sh" -cd "/Users/XXXXX/Test/opensearch-*/config/opensearch-security/" -icl -key "/Users/XXXXX/Test/opensearch-*/config/kirk-key.pem" -cert "/Users/XXXXX/Test/opensearch-*/config/kirk.pem" -cacert "/Users/XXXXX/Test/opensearch-*/config/root-ca.pem" -nhnv ### or run ./securityadmin_demo.sh ### To use the Security Plugin ConfigurationGUI -### To access your secured cluster open https://: and log in with admin/admin. +### To access your secured cluster open https://: and log in with admin/. ### (Ignore the SSL certificate warning because we installed self-signed demo certificates) ``` From 4d5af9ffd979081b3cdb4bd1826926702e948f96 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Wed, 13 Dec 2023 17:47:29 -0500 Subject: [PATCH 2/5] Deletes integtest.sh as the script is never called https://github.com/opensearch-project/opensearch-build/issues/497 Signed-off-by: Darshit Chanpura --- README.md | 4 -- scripts/integtest.sh | 105 ------------------------------------------- 2 files changed, 109 deletions(-) delete mode 100755 scripts/integtest.sh diff --git a/README.md b/README.md index 1aed7a5a0b..fe698a12d9 100644 --- a/README.md +++ b/README.md @@ -83,10 +83,6 @@ Run tests against local cluster: ```bash ./gradlew integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin -Dcommon_utils.version="2.2.0.0" ``` -OR -```bash -./scripts/integtest.sh -``` Note: To run against a remote cluster replace cluster-name and `localhost:9200` with the IPAddress:Port of that cluster. Build artifacts (zip, deb, rpm): diff --git a/scripts/integtest.sh b/scripts/integtest.sh deleted file mode 100755 index 98ee40fbd6..0000000000 --- a/scripts/integtest.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash - -set -e - -function usage() { - echo "" - echo "This script is used to run integration tests for plugin installed on a remote OpenSearch/Dashboards cluster." - echo "--------------------------------------------------------------------------" - echo "Usage: $0 [args]" - echo "" - echo "Required arguments:" - echo "None" - echo "" - echo "Optional arguments:" - echo -e "-b BIND_ADDRESS\t, defaults to localhost | 127.0.0.1, can be changed to any IP or domain name for the cluster location." - echo -e "-p BIND_PORT\t, defaults to 9200, can be changed to any port for the cluster location." - echo -e "-s SECURITY_ENABLED\t(true | false), defaults to true. Specify the OpenSearch/Dashboards have security enabled or not." - echo -e "-c CREDENTIAL\t(usename:password), no defaults, effective when SECURITY_ENABLED=true." - echo -e "-h\tPrint this message." - echo -e "-v OPENSEARCH_VERSION\t, no defaults" - echo -e "-n SNAPSHOT\t, defaults to false" - echo -e "-m CLUSTER_NAME\t, defaults to docker-cluster" - echo "--------------------------------------------------------------------------" -} - -while getopts ":h:b:p:s:c:v:n:t:m:u:" arg; do - case $arg in - h) - usage - exit 1 - ;; - b) - BIND_ADDRESS=$OPTARG - ;; - p) - BIND_PORT=$OPTARG - ;; - t) - TRANSPORT_PORT=$OPTARG - ;; - s) - SECURITY_ENABLED=$OPTARG - ;; - c) - CREDENTIAL=$OPTARG - ;; - m) - CLUSTER_NAME=$OPTARG - ;; - v) - # Do nothing as we're not consuming this param. - ;; - n) - # Do nothing as we're not consuming this param. - ;; - u) - COMMON_UTILS_VERSION=$OPTARG - ;; - :) - echo "-${OPTARG} requires an argument" - usage - exit 1 - ;; - ?) - echo "Invalid option: -${OPTARG}" - exit 1 - ;; - esac -done - - -if [ -z "$BIND_ADDRESS" ] -then - BIND_ADDRESS="localhost" -fi - -if [ -z "$BIND_PORT" ] -then - BIND_PORT="9200" -fi - -if [ -z "$SECURITY_ENABLED" ] -then - SECURITY_ENABLED="true" -fi - -if [ -z "$CREDENTIAL" ] -then - CREDENTIAL="admin:admin" -fi - -if [ -z "$CREDENTIAL" ] -then - CREDENTIAL="admin:admin" -fi - -if [ -z "$CLUSTER_NAME" ] -then - CLUSTER_NAME="docker-cluster" -fi - -USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'` -PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'` - -./gradlew integTestRemote -Dtests.rest.cluster="$BIND_ADDRESS:$BIND_PORT" -Dtests.cluster="$BIND_ADDRESS:$BIND_PORT" -Dsecurity_enabled=$SECURITY_ENABLED -Dtests.clustername=$CLUSTER_NAME -Dhttps=true -Duser=$USERNAME -Dpassword=$PASSWORD From a790bd35cd61886951ccf89ffa739cb90b3b1add Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Thu, 14 Dec 2023 09:51:49 -0500 Subject: [PATCH 3/5] Refactors references to admin:admin Signed-off-by: Darshit Chanpura --- DEVELOPER_GUIDE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 6553fd8ce3..f02094f03f 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -212,12 +212,12 @@ Detected OpenSearch Security Version: * ``` Now if we start our server again and try the original `curl localhost:9200`, it will fail. -Try this command instead: `curl -XGET https://localhost:9200 -u 'admin:admin' --insecure`. It should succeed. +Try this command instead: `curl -XGET https://localhost:9200 -u 'admin:' --insecure`. It should succeed. You can also make this call to return the authenticated user details: ```bash -curl -XGET https://localhost:9200/_plugins/_security/authinfo -u 'admin:admin' --insecure +curl -XGET https://localhost:9200/_plugins/_security/authinfo -u 'admin:' --insecure { "user": "User [name=admin, backend_roles=[admin], requestedTenant=null]", From 26e5d37200026015ca793ac82c55864befbaf2c5 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Thu, 14 Dec 2023 13:56:20 -0500 Subject: [PATCH 4/5] Addresses PR feedback around wording Signed-off-by: Darshit Chanpura --- DEVELOPER_GUIDE.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index f02094f03f..a533b75ad7 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -164,15 +164,15 @@ extension_hw_greet: ### Setting up password for demo admin user -This step is a pre-requisite to installing demo configuration. There are two ways password can be set for demo `admin` user: -1. **Setting via environment variable:** Password be passed by exporting `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable with a password. +This step is a pre-requisite to installing demo configuration. There are two ways the demo `admin` user password can be set: +1. **Setting via environment variable:** The default password can be passed by exporting `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable with a password. ```shell export OPENSEARCH_INITIAL_ADMIN_PASSWORD= ``` -2. **Setting via a text file:** Password can also be supplied by creating a single line text file `opensearch_initial_admin_password.txt` file with `` under `$OPENSEARCH_HOME/config/` folder. +2. **Setting via a text file:** The password can also be supplied by creating a single line text file `opensearch_initial_admin_password.txt` file with `` under `$OPENSEARCH_HOME/config/` folder. -**_Note:_** If no password is supplied the installation will fail. The passwords supplied need to be strong as there is a password validation check in place. There is an option to skip password validation by passing `-t` option to installation script. However, this should only be used for test environments. +**_Note:_** If no password is supplied, the installation will fail. The password supplied will also be tested for its strength and will be blocked if it is too simple. There is an option to skip this password validation by passing the `-t` option to the installation script. However, this should only be used for test environments. ### Executing the demo installation script From 8ac7110c654e4b457968709bd2d67630d6bda5fd Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Thu, 14 Dec 2023 14:41:44 -0500 Subject: [PATCH 5/5] Removes support for txt files Signed-off-by: Darshit Chanpura --- DEVELOPER_GUIDE.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index a533b75ad7..7b405df1db 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -164,14 +164,11 @@ extension_hw_greet: ### Setting up password for demo admin user -This step is a pre-requisite to installing demo configuration. There are two ways the demo `admin` user password can be set: -1. **Setting via environment variable:** The default password can be passed by exporting `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable with a password. +This step is a pre-requisite to installing demo configuration. You can pass the demo `admin` user password by exporting `OPENSEARCH_INITIAL_ADMIN_PASSWORD` variable with a password. ```shell export OPENSEARCH_INITIAL_ADMIN_PASSWORD= ``` -2. **Setting via a text file:** The password can also be supplied by creating a single line text file `opensearch_initial_admin_password.txt` file with `` under `$OPENSEARCH_HOME/config/` folder. - **_Note:_** If no password is supplied, the installation will fail. The password supplied will also be tested for its strength and will be blocked if it is too simple. There is an option to skip this password validation by passing the `-t` option to the installation script. However, this should only be used for test environments.