Updates tar distribution to conform to changes in install demo configuration script in security plugin #4250
Conversation
…uration script in security plugin Signed-off-by: Darshit Chanpura <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4250 +/- ##
=======================================
Coverage 91.35% 91.35%
=======================================
Files 190 190
Lines 6175 6175
=======================================
Hits 5641 5641
Misses 534 534 ☔ View full report in Codecov by Sentry. |
|
Just to be clear, the user is still |
Yes, correct. |
DarshitChanpura
requested review from
dblock,
bbarani,
gaiksaya,
rishabh6788,
zelinh,
jordarlu,
prudhvigodithi,
Divyaasm and
tianleh
as code owners
Signed-off-by: Darshit Chanpura <[email protected]>
Signed-off-by: Darshit Chanpura <[email protected]>
|
Is the variable really |
|
@dblock Updated the info statements and the corresponding PR: opensearch-project/security#3843 |
|
@prudhvigodithi @rishabh6788 Would you please review this? |
Signed-off-by: Darshit Chanpura <[email protected]>
DarshitChanpura
force-pushed
the
tar-dist-update
branch
from
93cdf8c
to
d50eff1
Compare
Signed-off-by: Darshit Chanpura <[email protected]>
DarshitChanpura
force-pushed
the
tar-dist-update
branch
from
fdab519
to
433c0bc
Compare
|
I am okay with approving this change but we cannot merge this until security plugin changes have been back-ported to 2.x as it will start breaking 2.12.0 tests and benchmark runs. |
The backport PR is currently waiting review: opensearch-project/security#3845 |
|
opensearch-project/security#3845 is merged and this PR is unblocked. |
| echo "OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin introduces a change that requires an initial password for 'admin' user." | ||
| echo "Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string." | ||
| echo "If a password is not provided, the setup will quit." | ||
| bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s || exit 1 |
There was a problem hiding this comment.
After talking to @prudhvigodithi we should remove the exit 1, and add set -e to the install script, as the original design removed that due to chmod 777 /dev/shm, which has been removed some time ago.
There was a problem hiding this comment.
More conversation with @DarshitChanpura and seems like set -e might have more impact on docker side. He will get more info on that and we will need some more discussion on it with @prudhvigodithi.
I am ok with either approach, just think it would be better if we are consistent across all distributions.
There was a problem hiding this comment.
set -e affects the entire file setup and analyzing that change is out of scope, IMO. @prudhvigodithi @peterzhuamazon please lmk if we should indeed use set -e. TAR is much simple to analyze and can be changed to use set -e, however, docker setup is bit more involved in terms of understanding all possible code paths. Windows however doesn't have set -e from what I understand, and hence will require some form of || exit /b 1.
So, for consistency purposes I'd vote on keeping it as is with || exit 1. This has been extensively tested on TAR, docker and Windows, and the setup works as expected with this change.
@prudhvigodithi @peterzhuamazon @rishabh6788 thoughts?
|
@peterzhuamazon @prudhvigodithi @rishabh6788 Could I please get reviews on this? |
|
Also need @prudhvigodithi to confirm on @DarshitChanpura comment above regarding keeping the |
This PR only addresses TAR ball, no docker/windows/rpm/deb changes are present |
|
@peterzhuamazon Could I get some re-reviews on this PR? |
|
I'm ok with |
|
@DarshitChanpura can you please use as |
Signed-off-by: Darshit Chanpura <[email protected]>
|
echo -e maybe slightly unstable. I've used printf instead which is more stable for combining 3 lines with \n |
|
@peterzhuamazon @prudhvigodithi @rishabh6788 Could I get some more reviews? |
| @@ -10,7 +10,8 @@ cd $OPENSEARCH_HOME | |||
| KNN_LIB_DIR=$OPENSEARCH_HOME/plugins/opensearch-knn/lib | |||
| ##Security Plugin | |||
| if [ -d "$OPENSEARCH_HOME/plugins/opensearch-security" ]; then | |||
| bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s | |||
| printf "OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin introduces a change that requires an initial password for 'admin' user. \nPlease define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. \nIf a password is not provided, the setup will quit." | |||
There was a problem hiding this comment.
echo -e should be used here to be consistent instead of printf.
Signed-off-by: Darshit Chanpura <[email protected]>
|
@peterzhuamazon is there anything blocking this PR still? |
Description
Following up on the changes to demo configuration script in security plugin, opensearch-project/security#3669, the OS supported distributions need to adapt to changes in the behavior of demo configuration script.
What has changed?
The
./opensearch-tar-install.shwill now have these execution paths:OPENSEARCH_INITIAL_ADMIN_PASSWORDvalue is set to a strong password: Demo configuration script execution succeedstar-install.shexecution will fail.For detailed testing output, refer to this comment on the issue mentioned below.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.