Skip to content

Commit

Permalink
[Security] Updates dev guide for security (opensearch-project#5736)
Browse files Browse the repository at this point in the history
* [Docs] Updates dev guide for security

Signed-off-by: Ashwin P Chandran <[email protected]>

* better default creds

Signed-off-by: Ashwin P Chandran <[email protected]>

* undo changelog changes

Signed-off-by: Ashwin P Chandran <[email protected]>

* Adds sample password

Signed-off-by: Ashwin P Chandran <[email protected]>

---------

Signed-off-by: Ashwin P Chandran <[email protected]>

(cherry picked from commit 1a0cf47)
Signed-off-by: Miki <[email protected]>
  • Loading branch information
ashwin-pc authored and AMoo-Miki committed Feb 3, 2024
1 parent 844ad26 commit cf01981
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 34 deletions.
65 changes: 36 additions & 29 deletions DEVELOPER_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ This guide applies to all development within the OpenSearch Dashboards project a
- [Next Steps](#next-steps)
- [Alternative development installations](#alternative-development-installations)
- [Optional - Run OpenSearch with plugins](#optional---run-opensearch-with-plugins)
- [Plugin development](#plugin-development)
- [Alternative - Run OpenSearch from tarball](#alternative---run-opensearch-from-tarball)
- [Configure OpenSearch Dashboards for security](#configure-opensearch-dashboards-for-security)
- [Building artifacts](#building-artifacts)
Expand Down Expand Up @@ -61,6 +62,17 @@ We recommend using [Node Version Manager (nvm)](https://github.com/nvm-sh/nvm) t

If it's the only version of node installed, it will automatically be set to the `default` alias. Otherwise, use `nvm list` to see all installed `node` versions, and `nvm use` to select the node version required by OpenSearch Dashboards.

### Fork and clone OpenSearch Dashboards

All local development should be done in a [forked repository](https://docs.github.com/en/get-started/quickstart/fork-a-repo).
Fork OpenSearch Dashboards by clicking the "Fork" button at the top of the [GitHub repository](https://github.com/opensearch-project/OpenSearch-Dashboards).

Clone your forked version of OpenSearch Dashboards to your local machine (replace `opensearch-project` in the command below with your GitHub username):

```bash
$ git clone [email protected]:opensearch-project/OpenSearch-Dashboards.git
```

#### Install `yarn`

OpenSearch Dashboards is set up using yarn, which can be installed through corepack. To install yarn, run:
Expand All @@ -75,17 +87,6 @@ $ corepack install

(See the [corepack documentation](https://github.com/nodejs/corepack#-corepack) for more information.)

### Fork and clone OpenSearch Dashboards

All local development should be done in a [forked repository](https://docs.github.com/en/get-started/quickstart/fork-a-repo).
Fork OpenSearch Dashboards by clicking the "Fork" button at the top of the [GitHub repository](https://github.com/opensearch-project/OpenSearch-Dashboards).

Clone your forked version of OpenSearch Dashboards to your local machine (replace `opensearch-project` in the command below with your GitHub username):

```bash
$ git clone [email protected]:opensearch-project/OpenSearch-Dashboards.git
```

### Bootstrap OpenSearch Dashboards

If you haven't already, change directories to your cloned repository directory:
Expand Down Expand Up @@ -178,6 +179,7 @@ For windows:
$ wsl -d docker-desktop
$ sysctl -w vm.max_map_count=262144
```

### Next Steps

Now that you have a development environment to play with, there are a number of different paths you may take next.
Expand Down Expand Up @@ -211,6 +213,10 @@ $ yarn start --run-examples
- [Project testing guidelines](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/TESTING.md)
- [Plugin conventions](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/core/CONVENTIONS.md#technical-conventions)

#### Join the discussion

See the [communication guide](COMMUNICATION.md)for information on how to join our slack workspace, forum, or developer office hours.

## Alternative development installations

Although the [getting started guide](#getting-started-guide) covers the recommended development environment setup, there are several alternatives worth being aware of.
Expand All @@ -229,6 +235,10 @@ $ yarn opensearch snapshot --P https://repo1.maven.org/maven2/org/opensearch/plu

Note - if you add the [`security` plugin](https://github.com/opensearch-project/security), you'll also need to [configure OpenSearch Dashboards for security](#configure-opensearch-dashboards-for-security).

### Plugin development

The osd-plugin-generator tool makes it easier to create a plugin for OpenSearch Dashboards. It sets up the basic structure of the project and provides scripts to build it. Refer to [osd-plugin-generator](https://github.com/opensearch-project/OpenSearch-Dashboards/tree/main/packages/osd-plugin-generator) for more details.

#### Other snapshot configuration options

Additional options can be passed after `yarn opensearch snapshot` to further configure the cluster snapshot.
Expand Down Expand Up @@ -272,29 +282,26 @@ This method can also be used to develop against the [full distribution of OpenSe

### Configure OpenSearch Dashboards for security

_This step is only mandatory if you have the [`security` plugin](https://github.com/opensearch-project/security) installed on your OpenSearch cluster with https/authentication enabled._
_This step is only needed if you want your dev environment to also start with security. To do so both the OpenSearch node and OpenSearch Dashboards cluster need to have the security plugin installed. Follow the steps below to get setup correctly._

> 1. Run `export initialAdminPassword=<initial admin password>` since it's needed by the configuration script
> 2. Run `yarn opensearch snapshot --security`
> 3. Wait a few seconds while the plugin is installed, configured, and OpenSearch starts up.
To startup the OpenSearch snapshot with security

Then within another window. You can start:
> OpenSearch has strong password requirements and will fail to bootstrap if the password requirements are not met. e.g. myStrongPassword123!
> 1. Run `export OPENSEARCH_USERNAME=admin`
> 2. Run `export OPENSEARCH_PASSWORD=<initial admin password>`
> 3. Optional: Run `export OPENSEARCH_SECURITY_READONLY_ROLE=<read only role>`
> 4. Run `yarn start:security`
> 5. Navigate to OpenSearch Dashboards and login with the above username and password.
1. Run `export OPENSEARCH_INITIAL_ADMIN_PASSWORD=<initial admin password>` since it's needed by the configuration script
2. Run `yarn opensearch snapshot --security`
3. Wait a few seconds while the plugin is installed, configured, and OpenSearch starts up.

Once the bootstrap of OpenSearch Dashboards is finished, you need to apply some
changes to the default [`opensearch_dashboards.yml`](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml#L25-L72) in order to connect to OpenSearch.
Then within another window you can start OpenSearch Dashboards:

```yml
opensearch.hosts: ["https://localhost:9200"]
opensearch.username: "admin" # Default username on the docker image
opensearch.password: "admin" # Default password on the docker image
opensearch.ssl.verificationMode: none
```
_First make sure to clone the https://github.com/opensearch-project/security-dashboards-plugin repo into the plugins folder and build it (Using `yarn build`). You can follow the instructions here https://github.com/opensearch-project/security-dashboards-plugin/blob/main/DEVELOPER_GUIDE.md#install-opensearch-dashboards-with-security-dashboards-plugin._

> You do not have to edit the `config/opensearch-dashboards.yml` file since the `yarn start:security` command sets up the default overrides automatically
Then do the following:

1. Run `yarn start:security`
2. Navigate to OpenSearch Dashboards and login with the username `admin` and password `<initial admin password>`.

For more detailed documentation, see [Configure TLS for OpenSearch Dashboards](https://opensearch.org/docs/latest/install-and-configure/install-dashboards/tls).

Expand Down
9 changes: 4 additions & 5 deletions src/cli/serve/serve.js
Original file line number Diff line number Diff line change
Expand Up @@ -81,11 +81,11 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
set('env', 'development');

if (!has('opensearch.username')) {
set('opensearch.username', 'opensearch_dashboards_system');
set('opensearch.username', 'kibanaserver');
}

if (!has('opensearch.password')) {
set('opensearch.password', 'changeme');
set('opensearch.password', 'kibanaserver');
}

if (opts.ssl) {
Expand Down Expand Up @@ -147,11 +147,10 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
set('opensearch.ssl.verificationMode', 'none');
}

if (get('opensearch.username') === 'opensearch_dashboards_system') {
if (process.env.OPENSEARCH_USERNAME) {
set('opensearch.username', process.env.OPENSEARCH_USERNAME);
}

if (get('opensearch.password') === 'changeme') {
if (process.env.OPENSEARCH_PASSWORD) {
set('opensearch.password', process.env.OPENSEARCH_PASSWORD);
}

Expand Down

0 comments on commit cf01981

Please sign in to comment.