Skip to content

Remove references to default admin creds #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Remove references to default admin creds #430

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
553325e
Remove references to default admin creds
derek-ho Dec 28, 2023
f78b064
Add comment and copy changes to j2
derek-ho Dec 28, 2023
992ac3f
add conditional check
derek-ho Jan 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/api/execute-test.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Execute the `http_logs` workload against an existing OpenSearch cluster but only
*Example 3*

```
opensearch-benchmark execute-test --workload nyc_taxis --pipeline benchmark-only --target-hosts <endpoint> --client-options "verify_certs:false,use_ssl:true,basic_auth_user:admin,basic_auth_password:admin"
opensearch-benchmark execute-test --workload nyc_taxis --pipeline benchmark-only --target-hosts <endpoint> --client-options "verify_certs:false,use_ssl:true,basic_auth_user:admin,basic_auth_password:<admin password>"
```

Execute the `nyc_taxis` workload against an existing OpenSearch cluster with the security plugin enabled.
Expand Down
2 changes: 1 addition & 1 deletion osbenchmark/resources/docker-compose.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ services:
networks:
- opensearch-net
healthcheck:
test: curl -f http://localhost:{{http_port}} -u admin:admin --insecure
test: curl -f http://localhost:{{http_port}} -u admin:myStrongPassword123! --insecure
Copy link
Author

@derek-ho derek-ho Dec 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command would fail if os_version < 2.12.0. Not sure how this file is used/how we can conditionally switch this password. Can maintainers help out here?

Copy link
Collaborator

@IanHoang IanHoang Dec 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@derek-ho Off the top of my head, there's a couple ways that we could get around this. Others might have better ideas

  1. You can add an additioonal method that checks the os_version variable that's being passed through and if it's < 2.12.0, use admin. You'll need to make that additional check in this section of provisioner.py and this section of docker_installer.py
  2. I believe you could also leverage a library such asyq https://stackoverflow.com/questions/76526508/replace-a-block-of-yaml but that would require upkeep with this library and adding it in setup.py

interval: 5s
timeout: 2s
retries: 10
Expand Down
1 change: 1 addition & 0 deletions samples/ccr/docker-compose-metricstore.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ services:
- cluster.initial_master_nodes=metricstore-node
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!"
ulimits:
memlock:
soft: -1
Expand Down
6 changes: 3 additions & 3 deletions samples/ccr/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ printf "Waiting for clusters to get ready "
ALL_CLUSTERS_READY=false

while ! $ALL_CLUSTERS_READY; do
(curl -ks -u admin:admin https://localhost:9200 -o /dev/null && curl -ks -u admin:admin https://localhost:9201 -o /dev/null && ALL_CLUSTERS_READY=true) || (printf "." && sleep 5)
(curl -ks -u admin:myStrongPassword123! https://localhost:9200 -o /dev/null && curl -ks -u admin:admin https://localhost:9201 -o /dev/null && ALL_CLUSTERS_READY=true) || (printf "." && sleep 5)
Copy link
Author

@derek-ho derek-ho Dec 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure where the second cluster is coming from, I think the first cluster is coming from docker-compose-metricstore, which is on the latest release. This change will fail CI until 2.12.0 docker image is released, at which point it would fix the CI.

Copy link
Author

@derek-ho derek-ho Dec 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can maintainers help out here in understanding if the second cluster needs similar changes/where those that cluster's password should be set?

Copy link
Collaborator

@IanHoang IanHoang Dec 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not believe this script is being used anymore. @gkamat can you confirm?

Copy link
Author

@derek-ho derek-ho Jan 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@IanHoang I will remove this file then, if its not being used. @gkamat can you also confirm here?

done

echo
Expand All @@ -50,7 +50,7 @@ curl -o /dev/null -H 'Content-Type: application/json' -k -u admin:admin -X PUT h
EOF

echo "Set auto-follow pattern on follower for every index on leader"
curl -H 'Content-Type: application/json' -k -u admin:admin https://localhost:9201/_plugins/_replication/_autofollow -d @- <<-EOF
curl -H 'Content-Type: application/json' -k -u admin:myStrongPassword123! https://localhost:9201/_plugins/_replication/_autofollow -d @- <<-EOF
{
"leader_alias": "source",
"name": "all",
Expand Down Expand Up @@ -90,7 +90,7 @@ cat >ccr-client-options.json <<'EOF'
"default": {
"use_ssl":"true",
"basic_auth_user":"admin",
"basic_auth_password":"admin",
"basic_auth_password":"myStrongPassword123!",
"verify_certs":"false"
},
"follower": {
Expand Down