From 553325e8715a38849be4efc9645396580c02dade Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 28 Dec 2023 15:14:29 -0500 Subject: [PATCH 1/3] Remove references to default admin creds Signed-off-by: Derek Ho --- docs/api/execute-test.md | 2 +- osbenchmark/resources/docker-compose.yml.j2 | 2 +- samples/ccr/docker-compose-metricstore.yml | 1 + samples/ccr/start.sh | 6 +++--- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/api/execute-test.md b/docs/api/execute-test.md index 6398d5e48..186005d58 100644 --- a/docs/api/execute-test.md +++ b/docs/api/execute-test.md @@ -50,7 +50,7 @@ Execute the `http_logs` workload against an existing OpenSearch cluster but only *Example 3* ``` -opensearch-benchmark execute-test --workload nyc_taxis --pipeline benchmark-only --target-hosts --client-options "verify_certs:false,use_ssl:true,basic_auth_user:admin,basic_auth_password:admin" +opensearch-benchmark execute-test --workload nyc_taxis --pipeline benchmark-only --target-hosts --client-options "verify_certs:false,use_ssl:true,basic_auth_user:admin,basic_auth_password:" ``` Execute the `nyc_taxis` workload against an existing OpenSearch cluster with the security plugin enabled. diff --git a/osbenchmark/resources/docker-compose.yml.j2 b/osbenchmark/resources/docker-compose.yml.j2 index 4ced6b46c..93563c75f 100644 --- a/osbenchmark/resources/docker-compose.yml.j2 +++ b/osbenchmark/resources/docker-compose.yml.j2 @@ -39,7 +39,7 @@ services: networks: - opensearch-net healthcheck: - test: curl -f http://localhost:{{http_port}} -u admin:admin --insecure + test: curl -f http://localhost:{{http_port}} -u admin:myStrongPassword123! --insecure interval: 5s timeout: 2s retries: 10 diff --git a/samples/ccr/docker-compose-metricstore.yml b/samples/ccr/docker-compose-metricstore.yml index 58989754f..0d4e0c816 100644 --- a/samples/ccr/docker-compose-metricstore.yml +++ b/samples/ccr/docker-compose-metricstore.yml @@ -11,6 +11,7 @@ services: - cluster.initial_master_nodes=metricstore-node - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" ulimits: memlock: soft: -1 diff --git a/samples/ccr/start.sh b/samples/ccr/start.sh index be849ea7a..423c29689 100755 --- a/samples/ccr/start.sh +++ b/samples/ccr/start.sh @@ -25,7 +25,7 @@ printf "Waiting for clusters to get ready " ALL_CLUSTERS_READY=false while ! $ALL_CLUSTERS_READY; do - (curl -ks -u admin:admin https://localhost:9200 -o /dev/null && curl -ks -u admin:admin https://localhost:9201 -o /dev/null && ALL_CLUSTERS_READY=true) || (printf "." && sleep 5) + (curl -ks -u admin:myStrongPassword123! https://localhost:9200 -o /dev/null && curl -ks -u admin:admin https://localhost:9201 -o /dev/null && ALL_CLUSTERS_READY=true) || (printf "." && sleep 5) done echo @@ -50,7 +50,7 @@ curl -o /dev/null -H 'Content-Type: application/json' -k -u admin:admin -X PUT h EOF echo "Set auto-follow pattern on follower for every index on leader" -curl -H 'Content-Type: application/json' -k -u admin:admin https://localhost:9201/_plugins/_replication/_autofollow -d @- <<-EOF +curl -H 'Content-Type: application/json' -k -u admin:myStrongPassword123! https://localhost:9201/_plugins/_replication/_autofollow -d @- <<-EOF { "leader_alias": "source", "name": "all", @@ -90,7 +90,7 @@ cat >ccr-client-options.json <<'EOF' "default": { "use_ssl":"true", "basic_auth_user":"admin", - "basic_auth_password":"admin", + "basic_auth_password":"myStrongPassword123!", "verify_certs":"false" }, "follower": { From f78b064a0248e721f46351afdf2735f9598efac8 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 28 Dec 2023 15:20:29 -0500 Subject: [PATCH 2/3] Add comment and copy changes to j2 Signed-off-by: Derek Ho --- osbenchmark/resources/docker-compose.yml.j2 | 1 + samples/ccr/docker-compose-metricstore.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/osbenchmark/resources/docker-compose.yml.j2 b/osbenchmark/resources/docker-compose.yml.j2 index 93563c75f..9055c3a6e 100644 --- a/osbenchmark/resources/docker-compose.yml.j2 +++ b/osbenchmark/resources/docker-compose.yml.j2 @@ -18,6 +18,7 @@ services: - DISABLE_INSTALL_DEMO_CONFIG=true - bootstrap.memory_lock=true - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" # starting with 2.12.0 a strong initial admin password must be set ulimits: memlock: soft: -1 diff --git a/samples/ccr/docker-compose-metricstore.yml b/samples/ccr/docker-compose-metricstore.yml index 0d4e0c816..1dc92b350 100644 --- a/samples/ccr/docker-compose-metricstore.yml +++ b/samples/ccr/docker-compose-metricstore.yml @@ -11,7 +11,7 @@ services: - cluster.initial_master_nodes=metricstore-node - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" + - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" # starting with 2.12.0 a strong initial admin password must be set ulimits: memlock: soft: -1 From 992ac3f78d428869a54e1dbca798e4b0892a96dc Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 18 Jan 2024 10:35:32 -0500 Subject: [PATCH 3/3] add conditional check Signed-off-by: Derek Ho --- osbenchmark/resources/docker-compose.yml.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/osbenchmark/resources/docker-compose.yml.j2 b/osbenchmark/resources/docker-compose.yml.j2 index 9055c3a6e..b1b460c07 100644 --- a/osbenchmark/resources/docker-compose.yml.j2 +++ b/osbenchmark/resources/docker-compose.yml.j2 @@ -40,7 +40,12 @@ services: networks: - opensearch-net healthcheck: - test: curl -f http://localhost:{{http_port}} -u admin:myStrongPassword123! --insecure + {%- set version_numbers = os_version.split('.') | map('int') %} + {%- if version_numbers[0] > 2 or (version_numbers[0] == 2 and version_numbers[1] >= 12) %} + test: curl -f http://localhost:{{http_port}} -u admin:myStrongPassword123! --insecure + {%- else %} + test: curl -f http://localhost:{{http_port}} -u admin:admin --insecure + {%- endif %} interval: 5s timeout: 2s retries: 10