Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Demo configuration script requires admin password #3329

Merged
merged 112 commits into from
Sep 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
112 commits
Select commit Hold shift + click to select a range
37f5fc4
Base changes
stephen-crawford Sep 13, 2023
0e06014
Merge branch 'opensearch-project:main' into adminConfigFile
stephen-crawford Sep 13, 2023
ec8bf8c
Merge branch 'opensearch-project:main' into adminConfigFile
stephen-crawford Sep 13, 2023
66b81ef
state of the world
stephen-crawford Sep 13, 2023
4079fe8
swap to separate fie
stephen-crawford Sep 13, 2023
d0b26ed
reset sec plugin.java
stephen-crawford Sep 13, 2023
a2dd667
Reset config constants
stephen-crawford Sep 13, 2023
edb4117
Merge branch 'opensearch-project:main' into adminConfigFile
stephen-crawford Sep 19, 2023
bba2e5f
update hash function
stephen-crawford Sep 20, 2023
4c5b6f0
Merge branch 'opensearch-project:main' into adminConfigFile
stephen-crawford Sep 20, 2023
0a1403f
remove space
stephen-crawford Sep 20, 2023
18c63f0
Fix plugin install
stephen-crawford Sep 20, 2023
e1c23cc
move dir out of config
stephen-crawford Sep 20, 2023
1375996
move file
stephen-crawford Sep 20, 2023
fcabdd7
try path
stephen-crawford Sep 20, 2023
c42e2a1
try path
stephen-crawford Sep 20, 2023
96c06a6
List files
stephen-crawford Sep 20, 2023
bbb9579
View dir
stephen-crawford Sep 20, 2023
e00a64b
fix paths
stephen-crawford Sep 20, 2023
1261c3f
Print dir
stephen-crawford Sep 20, 2023
e7c23d6
Try again
stephen-crawford Sep 20, 2023
a44f073
Retry
stephen-crawford Sep 20, 2023
0a349df
print out sec dirr
stephen-crawford Sep 20, 2023
d29e805
print out sec dirr
stephen-crawford Sep 20, 2023
976c8ab
print out sec dir in config
stephen-crawford Sep 20, 2023
ca8b48b
update order
stephen-crawford Sep 20, 2023
c9f245d
update order
stephen-crawford Sep 20, 2023
e939ab6
Try head instead
stephen-crawford Sep 20, 2023
6de3f67
remove quotes
stephen-crawford Sep 20, 2023
542a66f
try env var
stephen-crawford Sep 20, 2023
5dfbf9f
try env var
stephen-crawford Sep 20, 2023
c2bbc93
cofirm correct file
stephen-crawford Sep 20, 2023
922cd06
update
stephen-crawford Sep 20, 2023
048e650
update
stephen-crawford Sep 20, 2023
54ee921
move password population
stephen-crawford Sep 21, 2023
2376623
add prints
stephen-crawford Sep 21, 2023
9d63dcd
try env var
stephen-crawford Sep 21, 2023
a8e5c2d
list dirs
stephen-crawford Sep 21, 2023
fa47990
list dirs
stephen-crawford Sep 21, 2023
c820e78
checking setting
stephen-crawford Sep 21, 2023
1f60bb1
try again
stephen-crawford Sep 21, 2023
18f5715
check
stephen-crawford Sep 21, 2023
48856d2
please work
stephen-crawford Sep 21, 2023
95e6e8f
Change if
stephen-crawford Sep 21, 2023
59b25e1
Try windows
stephen-crawford Sep 21, 2023
6cf04b2
try assignements
stephen-crawford Sep 21, 2023
e4467b8
test
stephen-crawford Sep 21, 2023
d28bceb
Try again
stephen-crawford Sep 21, 2023
1f16c5d
retry sed
stephen-crawford Sep 21, 2023
d308fb4
test with temp file
stephen-crawford Sep 22, 2023
3050899
test
stephen-crawford Sep 22, 2023
005d70a
try sed again
stephen-crawford Sep 22, 2023
b5e7d4e
try sed again
stephen-crawford Sep 22, 2023
f13dbdd
try again
stephen-crawford Sep 22, 2023
a40102c
Escape $
stephen-crawford Sep 22, 2023
011509f
Add slash
stephen-crawford Sep 22, 2023
72440cf
try awk
stephen-crawford Sep 22, 2023
a5166d9
test output
stephen-crawford Sep 22, 2023
66aa2dc
test windows
stephen-crawford Sep 22, 2023
e962632
test
stephen-crawford Sep 22, 2023
0e904e8
move back
stephen-crawford Sep 22, 2023
31b63d9
Try with first back then forward slashes
stephen-crawford Sep 22, 2023
f6f4d60
try again
stephen-crawford Sep 22, 2023
c4658b9
prints
stephen-crawford Sep 22, 2023
f8b81e4
print dirs
stephen-crawford Sep 22, 2023
c8a1d88
test with env var
stephen-crawford Sep 22, 2023
1116ea0
Try set and get content
stephen-crawford Sep 22, 2023
d557de8
Try set and get content
stephen-crawford Sep 22, 2023
7e52f35
Try modifying setup
stephen-crawford Sep 22, 2023
57a6bac
Try modifying setup
stephen-crawford Sep 22, 2023
c14b65d
Fix pathes
stephen-crawford Sep 22, 2023
c8a605e
test
stephen-crawford Sep 22, 2023
8ae73e9
Try setting
stephen-crawford Sep 22, 2023
12b45f9
Fix set
stephen-crawford Sep 22, 2023
595a82b
Fix set
stephen-crawford Sep 22, 2023
0d58f65
Try again
stephen-crawford Sep 22, 2023
142cac0
escape quotes
stephen-crawford Sep 22, 2023
a849f15
remove quotes
stephen-crawford Sep 22, 2023
0081cfe
try coverted awk
stephen-crawford Sep 22, 2023
d3b2371
fix pattern
stephen-crawford Sep 22, 2023
264661e
Check for any number of spaces
stephen-crawford Sep 22, 2023
f69050a
Try 2 leading spaces looped line trimming
stephen-crawford Sep 22, 2023
b216245
try to update file different way
stephen-crawford Sep 25, 2023
294aba8
try another way
stephen-crawford Sep 25, 2023
023a580
Try setting locals
stephen-crawford Sep 25, 2023
1a6094c
remove one level of quotes
stephen-crawford Sep 25, 2023
a0012ca
try again
stephen-crawford Sep 25, 2023
79007c8
remove echos
stephen-crawford Sep 25, 2023
1eec0c6
Add deprecation warnings back to the top of hash tools
peternied Sep 26, 2023
6c093e3
Clean up changes to the linux shell script
peternied Sep 26, 2023
3839cde
Clean up some of the win batch file
peternied Sep 26, 2023
ac0a2a3
Pass admin password as a parameter in start cluster action
peternied Sep 26, 2023
a5956d1
Accept password from job input
peternied Sep 26, 2023
d6d71ec
Create the password files in the action
peternied Sep 26, 2023
016cf09
Restore original file population
peternied Sep 26, 2023
af5fd76
Make sure CURL fails if there is a 400+ error code response
peternied Sep 26, 2023
03e5f10
Debug password isn't defined well
peternied Sep 26, 2023
22b53d4
Set the RNG value to another env so it doesn't change after use
peternied Sep 26, 2023
0f8e4c9
Fiix incomplete echo prompt to set the password
peternied Sep 26, 2023
3e4e8b0
Restore to main as much as possible
peternied Sep 26, 2023
ae34718
Restore batch file as much as possible
peternied Sep 26, 2023
633c020
Shell script revert as much as possible
peternied Sep 26, 2023
3bba55a
Revert "Restore batch file as much as possible"
peternied Sep 26, 2023
6feb4c3
Fix mixed locations of the password file
peternied Sep 26, 2023
5147d23
Make sure to tail output from hasher to ignore deprecation message
peternied Sep 26, 2023
b70a2c0
Add debug log for config directory
peternied Sep 26, 2023
b94943f
Narrow in on the password file issue in windows
peternied Sep 26, 2023
91949ca
Use action to save file to the filesystem
peternied Sep 27, 2023
1581148
Use functional RNG on windows
peternied Sep 27, 2023
bef523e
Use fixed version of the password generation tool
peternied Sep 27, 2023
917d7af
Use full commit sha
peternied Sep 27, 2023
d2a6de2
Switch to published version of the name generator
peternied Sep 27, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .github/actions/start-opensearch-with-one-plugin/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ inputs:
description: 'The name of the setup script you want to run i.e. "setup" (do not include file extension). Leave empty to indicate one should not be run.'
required: false

admin-password:
description: 'The admin password uses for the cluster'
required: true

runs:
using: "composite"
steps:
Expand Down Expand Up @@ -67,6 +71,11 @@ runs:
'y' | .\opensearch-${{ inputs.opensearch-version }}-SNAPSHOT\bin\opensearch-plugin.bat install file:$(pwd)\${{ inputs.plugin-name }}.zip
shell: pwsh

- name: Write password to initialAdminPassword location
run:
echo ${{ inputs.admin-password }} >> ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/config/initialAdminPassword.txt
shell: bash

# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' && inputs.setup-script-name != '' }}
Expand Down Expand Up @@ -101,13 +110,13 @@ runs:
# Verify that the server is operational
- name: Check OpenSearch Running on Linux
if: ${{ runner.os != 'Windows'}}
run: curl https://localhost:9200/_cat/plugins -u 'admin:admin' -k -v
run: curl https://localhost:9200/_cat/plugins -u 'admin:${{ inputs.admin-password }}' -k -v --fail-with-body
shell: bash

- name: Check OpenSearch Running on Windows
if: ${{ runner.os == 'Windows'}}
run: |
$credentialBytes = [Text.Encoding]::ASCII.GetBytes("admin:admin")
$credentialBytes = [Text.Encoding]::ASCII.GetBytes("admin:${{ inputs.admin-password }}")
$encodedCredentials = [Convert]::ToBase64String($credentialBytes)
$baseCredentials = "Basic $encodedCredentials"
$Headers = @{ Authorization = $baseCredentials }
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/plugin_install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ jobs:
runs-on: ${{ matrix.os }}

steps:
- id: random-password
uses: peternied/random-name@v1

- name: Set up JDK
uses: actions/setup-java@v3
with:
Expand Down Expand Up @@ -57,9 +60,10 @@ jobs:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugin-name: ${{ env.PLUGIN_NAME }}
setup-script-name: setup
admin-password: ${{ steps.random-password.outputs.generated_name }}

- name: Run sanity tests
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="opensearch" -Dhttps=true -Duser=admin -Dpassword=admin
arguments: integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="opensearch" -Dhttps=true -Duser=admin -Dpassword=${{ steps.random-password.outputs.generated_name }} -i
52 changes: 52 additions & 0 deletions tools/install_demo_configuration.bat
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ cd %CUR%
echo Basedir: %BASE_DIR%

set "OPENSEARCH_CONF_FILE=%BASE_DIR%config\opensearch.yml"
set "INTERNAL_USERS_FILE"=%BASE_DIR%config\opensearch-security\internal_users.yml"
set "OPENSEARCH_CONF_DIR=%BASE_DIR%config\"
set "OPENSEARCH_BIN_DIR=%BASE_DIR%bin\"
set "OPENSEARCH_PLUGINS_DIR=%BASE_DIR%plugins\"
Expand Down Expand Up @@ -319,6 +320,57 @@ echo plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_a
echo plugins.security.system_indices.enabled: true >> "%OPENSEARCH_CONF_FILE%"
echo plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*", ".opendistro-job-scheduler-lock"] >> "%OPENSEARCH_CONF_FILE%"

setlocal enabledelayedexpansion

set "ADMIN_PASSWORD_FILE=%OPENSEARCH_CONF_DIR%initialAdminPassword.txt"
set "INTERNAL_USERS_FILE=%OPENSEARCH_CONF_DIR%opensearch-security\internal_users.yml"

echo "what is in the config directory"
dir %OPENSEARCH_CONF_DIR%

echo "what is in the password file"
type "%ADMIN_PASSWORD_FILE%"


if "%initialAdminPassword%" NEQ "" (
set "ADMIN_PASSWORD=!initialAdminPassword!"
) else (
for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a"
)

if not defined ADMIN_PASSWORD (
echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password.
exit /b 1
)

echo " ***************************************************"
echo " *** ADMIN PASSWORD SET TO: %ADMIN_PASSWORD% ***"
echo " ***************************************************"

set "HASH_SCRIPT=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\hash.bat"

REM Run the command and capture its output
for /f %%a in ('%HASH_SCRIPT% -p !ADMIN_PASSWORD!') do (
set "HASHED_ADMIN_PASSWORD=%%a"
)

if errorlevel 1 (
echo Failed to hash the admin password
exit /b 1
)

set "default_line= hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG""
set "search=%default_line%"
set "replace= hash: "%HASHED_ADMIN_PASSWORD%""

setlocal enableextensions
for /f "delims=" %%i in ('type "%INTERNAL_USERS_FILE%" ^& break ^> "%INTERNAL_USERS_FILE%" ') do (
set "line=%%i"
setlocal enabledelayedexpansion
>>"%INTERNAL_USERS_FILE%" echo(!line:%search%=%replace%!
endlocal
)

:: network.host
>nul findstr /b /c:"network.host" "%OPENSEARCH_CONF_FILE%" && (
echo network.host already present
Expand Down
38 changes: 38 additions & 0 deletions tools/install_demo_configuration.sh
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ if [ -d "$BASE_DIR" ]; then
else
echo "DEBUG: basedir does not exist"
fi

OPENSEARCH_CONF_FILE="$BASE_DIR/config/opensearch.yml"
OPENSEARCH_BIN_DIR="$BASE_DIR/bin"
OPENSEARCH_PLUGINS_DIR="$BASE_DIR/plugins"
Expand Down Expand Up @@ -387,6 +388,43 @@ echo 'plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_
echo 'plugins.security.system_indices.enabled: true' | $SUDO_CMD tee -a "$OPENSEARCH_CONF_FILE" > /dev/null
echo 'plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*", ".opendistro-job-scheduler-lock"]' | $SUDO_CMD tee -a "$OPENSEARCH_CONF_FILE" > /dev/null

## Read the admin password from the file or use the initialAdminPassword if set
ADMIN_PASSWORD_FILE="$OPENSEARCH_CONF_DIR/initialAdminPassword.txt"
INTERNAL_USERS_FILE="$OPENSEARCH_CONF_DIR/opensearch-security/internal_users.yml"

if [[ -n "$initialAdminPassword" ]]; then
ADMIN_PASSWORD="$initialAdminPassword"
elif [[ -f "$ADMIN_PASSWORD_FILE" && -s "$ADMIN_PASSWORD_FILE" ]]; then
ADMIN_PASSWORD=$(head -n 1 "$ADMIN_PASSWORD_FILE")
else
echo "Unable to find the admin password for the cluster. Please run 'export initialAdminPassword=<your_password>' or create a file $ADMIN_PASSWORD_FILE with a single line that contains the password."
exit 1
fi

echo " ***************************************************"
echo " *** ADMIN PASSWORD SET TO: $ADMIN_PASSWORD ***"
echo " ***************************************************"

$SUDO_CMD chmod +x "$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/hash.sh"

# Use the Hasher script to hash the admin password
HASHED_ADMIN_PASSWORD=$($OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/hash.sh -p "$ADMIN_PASSWORD" | tail -n 1)

if [ $? -ne 0 ]; then
echo "Hash the admin password failure, see console for details"
exit 1
fi

# Find the line number containing 'admin:' in the internal_users.yml file
ADMIN_HASH_LINE=$(grep -n 'admin:' "$INTERNAL_USERS_FILE" | cut -f1 -d:)

awk -v hashed_admin_password="$HASHED_ADMIN_PASSWORD" '
/^ *hash: *"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR\/YFJcgHp0UGns5JDymv..TOG"/ {
sub(/"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR\/YFJcgHp0UGns5JDymv..TOG"/, "\"" hashed_admin_password "\"");
}
{ print }
' "$INTERNAL_USERS_FILE" > temp_file && mv temp_file "$INTERNAL_USERS_FILE"

#network.host
if $SUDO_CMD grep --quiet -i "^network.host" "$OPENSEARCH_CONF_FILE"; then
: #already present
Expand Down