From 763245e60347c6ccdedafb5db92f89ccf9cbac4d Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 16:39:36 -0400 Subject: [PATCH 1/7] Add support for vis_builder and data_source config in build scripts Signed-off-by: Peter Zhu --- ...ards.yml => opensearch_dashboards-1.x.yml} | 0 config/opensearch_dashboards-2.x.yml | 205 ++++++++++++++++++ ...opensearch-dashboards-docker-entrypoint.sh | 15 ++ .../opensearch-dashboards.al2.dockerfile | 14 +- .../OpenSearch-Dashboards/install.sh | 6 +- 5 files changed, 233 insertions(+), 7 deletions(-) rename config/{opensearch_dashboards.yml => opensearch_dashboards-1.x.yml} (100%) create mode 100644 config/opensearch_dashboards-2.x.yml diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards-1.x.yml similarity index 100% rename from config/opensearch_dashboards.yml rename to config/opensearch_dashboards-1.x.yml diff --git a/config/opensearch_dashboards-2.x.yml b/config/opensearch_dashboards-2.x.yml new file mode 100644 index 0000000000..d2f5f02713 --- /dev/null +++ b/config/opensearch_dashboards-2.x.yml @@ -0,0 +1,205 @@ +--- +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 + +# Description: +# Default configuration for OpenSearch Dashboards + +# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use. +# server.port: 5601 + +# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +# server.host: "localhost" + +# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +# server.basePath: "" + +# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +# server.maxPayloadBytes: 1048576 + +# The OpenSearch Dashboards server's name. This is used for display purposes. +# server.name: "your-hostname" + +# The URLs of the OpenSearch instances to use for all your queries. +# opensearch.hosts: ["http://localhost:9200"] + +# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and +# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist. +# opensearchDashboards.index: ".opensearch_dashboards" + +# The default application to load. +# opensearchDashboards.defaultAppId: "home" + +# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck. +# This settings should be used for large clusters or for clusters with ingest heavy nodes. +# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes. +# +# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting +# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up +# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id: +# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here +# opensearch.optimizedHealthcheckId: "cluster_id" + +# If your OpenSearch is protected with basic authentication, these settings provide +# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards +# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which +# is proxied through the OpenSearch Dashboards server. +# opensearch.username: "opensearch_dashboards_system" +# opensearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser. +# server.ssl.enabled: false +# server.ssl.certificate: /path/to/your/server.crt +# server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when +# xpack.security.http.ssl.client_authentication in OpenSearch is set to required. +# opensearch.ssl.certificate: /path/to/your/client.crt +# opensearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your OpenSearch instance. +# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +# opensearch.ssl.verificationMode: full + +# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of +# the opensearch.requestTimeout setting. +# opensearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or OpenSearch. This value +# must be a positive integer. +# opensearch.requestTimeout: 30000 + +# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side +# headers, set this value to [] (an empty list). +# opensearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration. +# opensearch.customHeaders: {} + +# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable. +# opensearch.shardTimeout: 30000 + +# Logs queries sent to OpenSearch. Requires logging.verbose set to true. +# opensearch.logQueries: false + +# Specifies the path where OpenSearch Dashboards creates the process ID file. +# pid.file: /var/run/opensearchDashboards.pid + +# Enables you to specify a file where OpenSearch Dashboards stores log output. +# logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +# logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +# logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +# logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +# ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +# i18n.locale: "en" + +# Set the allowlist to check input graphite Url. Allowlist is the default check list. +# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite'] + +# Set the blocklist to check input graphite Url. Blocklist is an IP list. +# Below is an example for reference +# vis_type_timeline.graphiteBlockedIPs: [ +# //Loopback +# '127.0.0.0/8', +# '::1/128', +# //Link-local Address for IPv6 +# 'fe80::/10', +# //Private IP address for IPv4 +# '10.0.0.0/8', +# '172.16.0.0/12', +# '192.168.0.0/16', +# //Unique local address (ULA) +# 'fc00::/7', +# //Reserved IP address +# '0.0.0.0/8', +# '100.64.0.0/10', +# '192.0.0.0/24', +# '192.0.2.0/24', +# '198.18.0.0/15', +# '192.88.99.0/24', +# '198.51.100.0/24', +# '203.0.113.0/24', +# '224.0.0.0/4', +# '240.0.0.0/4', +# '255.255.255.255/32', +# '::/128', +# '2001:db8::/32', +# 'ff00::/8', +# ] +# vis_type_timeline.graphiteBlockedIPs: [] + +# opensearchDashboards.branding: +# logo: +# defaultUrl: "" +# darkModeUrl: "" +# mark: +# defaultUrl: "" +# darkModeUrl: "" +# loadingLogo: +# defaultUrl: "" +# darkModeUrl: "" +# faviconUrl: "" +# applicationTitle: "" + +# Set the value of this setting to true to capture region blocked warnings and errors +# for your map rendering services. +# map.showRegionBlockedWarning: false% + +# Set the value of this setting to false to suppress search usage telemetry +# for reducing the load of OpenSearch cluster. +# data.search.usageTelemetry.enabled: false + +# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false' +# Set the value of this setting to false to disable VisBuilder +# functionality in Visualization. +# vis_builder.enabled: false + +# 2.4 New Experimental Feature +# Set the value of this setting to true to enable the experimental multiple data source +# support feature. Use with caution. +# data_source.enabled: false +# Set the value of these settings to customize crypto materials to encryption saved credentials +# in data sources. +# data_source.encryption.wrappingKeyName: 'changeme' +# data_source.encryption.wrappingKeyNamespace: 'changeme' +# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + +opensearch.hosts: [https://localhost:9200] +opensearch.ssl.verificationMode: none +opensearch.username: kibanaserver +opensearch.password: kibanaserver +opensearch.requestHeadersWhitelist: [authorization, securitytenant] + +opensearch_security.multitenancy.enabled: true +opensearch_security.multitenancy.tenants.preferred: [Private, Global] +opensearch_security.readonly_mode.roles: [kibana_read_only] +# Use this setting if you are running opensearch-dashboards without https +opensearch_security.cookie.secure: false diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh index a7b3920bcc..d0319116ef 100755 --- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh @@ -154,6 +154,7 @@ opensearch_dashboards_vars=( telemetry.optIn telemetry.optInStatusUrl telemetry.sendUsageFrom + vis_builder.enabled data_source.enabled data_source.encryption.wrappingKeyName data_source.encryption.wrappingKeyNamespace @@ -184,8 +185,22 @@ function setupSecurityDashboardsPlugin { } function runOpensearchDashboards { + vis_ds_block="2.4.0" + if [[ -n "$VERSION_NUMBER" ]]; then + vis_ds_block_check=`echo -e "$VERSION_NUMBER\n$viz_ds_block" | sort -V | head -n 1` + fi + longopts=() for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + + # viz_builer and data_source only available after 2.4.0 + if [[ "$opensearch_dashboards_var" = *"vis_builder"* || "$opensearch_dashboards_var" = *"data_source"* ]]; then + if [[ "$vis_ds_block_check" != "$vis_ds_block" ]]; then + echo "$opensearch_dashboards_var is not available in opensearch-dashboards $vis_ds_block" + continue + fi + fi + # 'opensearch.hosts' -> 'OPENSEARCH_URL' env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) diff --git a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile index ce700c16c5..5c518dd36d 100644 --- a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile +++ b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -18,6 +18,7 @@ ARG UID=1000 ARG GID=1000 ARG TEMP_DIR=/tmp/opensearch-dashboards ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards +ARG VERSION # Update packages # Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. @@ -33,7 +34,8 @@ RUN groupadd -g $GID opensearch-dashboards && \ COPY * $TEMP_DIR/ RUN tar -xzpf $TEMP_DIR/opensearch-dashboards-`uname -p`.tgz -C $OPENSEARCH_DASHBOARDS_HOME --strip-components=1 && \ cp -v $TEMP_DIR/opensearch-dashboards-docker-entrypoint.sh $OPENSEARCH_DASHBOARDS_HOME/ && \ - cp -v $TEMP_DIR/opensearch_dashboards.yml $TEMP_DIR/opensearch.example.org.* $OPENSEARCH_DASHBOARDS_HOME/config/ && \ + cp -v $TEMP_DIR/opensearch_dashboards-`echo $VERSION | cut -d. -f1`.x.yml $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml && \ + cp -v $TEMP_DIR/opensearch.example.org.* $OPENSEARCH_DASHBOARDS_HOME/config/ && \ echo "server.host: '0.0.0.0'" >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml && \ ls -l $OPENSEARCH_DASHBOARDS_HOME && \ rm -rf $TEMP_DIR @@ -63,19 +65,21 @@ COPY --from=linux_stage_0 --chown=$UID:$GID $OPENSEARCH_DASHBOARDS_HOME $OPENSEA # Setup OpenSearch-dashboards WORKDIR $OPENSEARCH_DASHBOARDS_HOME -# Set PATH -ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin - # Change user USER $UID # Expose port EXPOSE 5601 -ARG VERSION ARG BUILD_DATE ARG NOTES +# Set ENV +ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin +# Preserve version number after build so entrypoint can use it +ENV VERSION_NUMBER=$VERSION + + # Label LABEL org.label-schema.schema-version="1.0" \ org.label-schema.name="opensearch-dashboards" \ diff --git a/scripts/components/OpenSearch-Dashboards/install.sh b/scripts/components/OpenSearch-Dashboards/install.sh index cbccbda026..c095719914 100755 --- a/scripts/components/OpenSearch-Dashboards/install.sh +++ b/scripts/components/OpenSearch-Dashboards/install.sh @@ -80,10 +80,12 @@ cd $DIR ## Setup default config +MAJOR_VERSION=`echo $VERSION | cut -d. -f1` + if [ "$DISTRIBUTION" = "rpm" ]; then - cp -v ../../../config/opensearch_dashboards.yml "$OUTPUT/../etc/opensearch-dashboards/" + cp -v ../../../config/opensearch_dashboards-$MAJOR_VERSION.x.yml "$OUTPUT/../etc/opensearch-dashboards/opensearch_dashboards.yml" cp -a ../../../scripts/pkg/service_templates/opensearch-dashboards/* "$OUTPUT/../" cp -a ../../../scripts/pkg/build_templates/opensearch-dashboards/* "$OUTPUT/../" else - cp -v ../../../config/opensearch_dashboards.yml "$OUTPUT/config/" + cp -v ../../../config/opensearch_dashboards-$MAJOR_VERSION.x.yml "$OUTPUT/config/opensearch_dashboards.yml" fi From 6b98f85f1cace1448cd2597b72e18d96117fd0ea Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 16:48:23 -0400 Subject: [PATCH 2/7] tweak docker scripts Signed-off-by: Peter Zhu --- docker/release/build-image-multi-arch.sh | 2 +- docker/release/build-image-single-arch.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/release/build-image-multi-arch.sh b/docker/release/build-image-multi-arch.sh index 726989fff7..bc7a639610 100755 --- a/docker/release/build-image-multi-arch.sh +++ b/docker/release/build-image-multi-arch.sh @@ -147,7 +147,7 @@ docker ps | grep $BUILDER_NAME # Copy configs cp -v config/${PRODUCT}/* $DIR/ -cp -v ../../config/${PRODUCT_ALT}.yml $DIR/ +cp -v ../../config/${PRODUCT_ALT}*.yml $DIR/ cp -v ../../scripts/opensearch-onetime-setup.sh $DIR/ # Copy TGZ diff --git a/docker/release/build-image-single-arch.sh b/docker/release/build-image-single-arch.sh index bf89cbebd8..02c98e28b8 100755 --- a/docker/release/build-image-single-arch.sh +++ b/docker/release/build-image-single-arch.sh @@ -105,7 +105,7 @@ echo New workspace $DIR # Copy configs cp -v config/${PRODUCT}/* $DIR/ -cp -v ../../config/${PRODUCT_ALT}.yml $DIR/ +cp -v ../../config/${PRODUCT_ALT}*.yml $DIR/ cp -v ../../scripts/opensearch-onetime-setup.sh $DIR/ # Copy TGZ From 263d829e5d9a24e80932ab6fc9cdf831837a8253 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 17:05:10 -0400 Subject: [PATCH 3/7] test again Signed-off-by: Peter Zhu --- .../opensearch-dashboards-docker-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh index d0319116ef..53e50e1991 100755 --- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh @@ -189,6 +189,8 @@ function runOpensearchDashboards { if [[ -n "$VERSION_NUMBER" ]]; then vis_ds_block_check=`echo -e "$VERSION_NUMBER\n$viz_ds_block" | sort -V | head -n 1` fi + echo VERSION_NUMBER $VERSION_NUMBER + echo vis_ds_block_check $vis_ds_block_check longopts=() for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do From 89821367adba8849bb509566660bba7f272a0ad3 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 17:26:54 -0400 Subject: [PATCH 4/7] new changes Signed-off-by: Peter Zhu --- ...search-dashboards-docker-entrypoint-1.x.sh | 230 ++++++++++++++++++ ...earch-dashboards-docker-entrypoint-2.x.sh} | 15 -- .../opensearch-dashboards.al2.dockerfile | 9 +- 3 files changed, 233 insertions(+), 21 deletions(-) create mode 100755 docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh rename docker/release/config/opensearch-dashboards/{opensearch-dashboards-docker-entrypoint.sh => opensearch-dashboards-docker-entrypoint-2.x.sh} (92%) diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh new file mode 100755 index 0000000000..c2d2a1d3c9 --- /dev/null +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh @@ -0,0 +1,230 @@ +#!/bin/bash + +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 + +# +# Run OpenSearch-Dashboards, using environment variables to +# set longopts defining OpenSearch-Dashboards's configuration. +# +# eg. Setting the environment variable: +# +# OPENSEARCH_STARTUPTIMEOUT=60 +# +# will cause OpenSearch-Dashboards to be invoked with: +# +# --opensearch.startupTimeout=60 + +# Setup Home Directory +export OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.certificateAuthorities + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + server.rewriteBasePath + server.socketTimeout + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom +) + +function setupSecurityDashboardsPlugin { + SECURITY_DASHBOARDS_PLUGIN="securityDashboards" + + if [ -d "$OPENSEARCH_DASHBOARDS_HOME/plugins/$SECURITY_DASHBOARDS_PLUGIN" ]; then + if [ "$DISABLE_SECURITY_DASHBOARDS_PLUGIN" = "true" ]; then + echo "Disabling OpenSearch Security Dashboards Plugin" + ./bin/opensearch-dashboards-plugin remove securityDashboards + + # Remove all security related parameters as well as changing HTTPS to HTTP + # Temporary fix before security-dashboards plugin implement a parameter to disable the plugin entirely + # https://github.com/opensearch-project/security-dashboards-plugin/issues/896 + UPDATED_CONFIG=`cat $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml | sed "/^opensearch_security/d" | sed "s/https/http/g"` + echo "$UPDATED_CONFIG" > $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + fi + fi +} + +function runOpensearchDashboards { + longopts=() + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + + # 'opensearch.hosts' -> 'OPENSEARCH_URL' + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + + # Indirectly lookup env var values via the name of the var. + # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78 + value=${!env_var} + if [[ -n $value ]]; then + longopt="--${opensearch_dashboards_var}=${value}" + longopts+=("${longopt}") + fi + done + + # Files created at run-time should be group-writable, for Openshift's sake. + umask 0002 + + ##Security Dashboards Plugin + setupSecurityDashboardsPlugin + + # TO DO: + # Confirm with Mihir if this is necessary + + # The virtual file /proc/self/cgroup should list the current cgroup + # membership. For each hierarchy, you can follow the cgroup path from + # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and + # introspect the statistics for the cgroup for the given + # hierarchy. Alas, Docker breaks this by mounting the container + # statistics at the root while leaving the cgroup paths as the actual + # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override + # reading the cgroup path from /proc/self/cgroup and instead uses the + # cgroup path defined the configuration properties + # cpu.cgroup.path.override and cpuacct.cgroup.path.override. + # Therefore, we set this value here so that cgroup statistics are + # available for the container this process will run in. + + exec "$@" \ + --cpu.cgroup.path.override=/ \ + --cpuacct.cgroup.path.override=/ \ + "${longopts[@]}" +} + +# Prepend "opensearch-dashboards" command if no argument was provided or if the +# first argument looks like a flag (i.e. starts with a dash). +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh similarity index 92% rename from docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh rename to docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh index 53e50e1991..eff7900478 100755 --- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh @@ -185,24 +185,9 @@ function setupSecurityDashboardsPlugin { } function runOpensearchDashboards { - vis_ds_block="2.4.0" - if [[ -n "$VERSION_NUMBER" ]]; then - vis_ds_block_check=`echo -e "$VERSION_NUMBER\n$viz_ds_block" | sort -V | head -n 1` - fi - echo VERSION_NUMBER $VERSION_NUMBER - echo vis_ds_block_check $vis_ds_block_check - longopts=() for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do - # viz_builer and data_source only available after 2.4.0 - if [[ "$opensearch_dashboards_var" = *"vis_builder"* || "$opensearch_dashboards_var" = *"data_source"* ]]; then - if [[ "$vis_ds_block_check" != "$vis_ds_block" ]]; then - echo "$opensearch_dashboards_var is not available in opensearch-dashboards $vis_ds_block" - continue - fi - fi - # 'opensearch.hosts' -> 'OPENSEARCH_URL' env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) diff --git a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile index 5c518dd36d..5c647a6b58 100644 --- a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile +++ b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -18,7 +18,6 @@ ARG UID=1000 ARG GID=1000 ARG TEMP_DIR=/tmp/opensearch-dashboards ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards -ARG VERSION # Update packages # Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. @@ -33,7 +32,7 @@ RUN groupadd -g $GID opensearch-dashboards && \ # Prepare working directory COPY * $TEMP_DIR/ RUN tar -xzpf $TEMP_DIR/opensearch-dashboards-`uname -p`.tgz -C $OPENSEARCH_DASHBOARDS_HOME --strip-components=1 && \ - cp -v $TEMP_DIR/opensearch-dashboards-docker-entrypoint.sh $OPENSEARCH_DASHBOARDS_HOME/ && \ + cp -v $TEMP_DIR/opensearch-dashboards-docker-entrypoint-`echo $VERSION | cut -d. -f1`.x.sh $OPENSEARCH_DASHBOARDS_HOME/opensearch-dashboards-docker-entrypoint.sh && \ cp -v $TEMP_DIR/opensearch_dashboards-`echo $VERSION | cut -d. -f1`.x.yml $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml && \ cp -v $TEMP_DIR/opensearch.example.org.* $OPENSEARCH_DASHBOARDS_HOME/config/ && \ echo "server.host: '0.0.0.0'" >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml && \ @@ -71,14 +70,12 @@ USER $UID # Expose port EXPOSE 5601 +ARG VERSION ARG BUILD_DATE ARG NOTES -# Set ENV +# Set PATH ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin -# Preserve version number after build so entrypoint can use it -ENV VERSION_NUMBER=$VERSION - # Label LABEL org.label-schema.schema-version="1.0" \ From 8577000646b367921ff081684638c4aa02de0719 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 17:29:02 -0400 Subject: [PATCH 5/7] new changes Signed-off-by: Peter Zhu --- .../release/dockerfiles/opensearch-dashboards.al2.dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile index 5c647a6b58..b90816395d 100644 --- a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile +++ b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -18,6 +18,8 @@ ARG UID=1000 ARG GID=1000 ARG TEMP_DIR=/tmp/opensearch-dashboards ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards +ARG VERSION +ARG NOTES # Update packages # Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. @@ -70,9 +72,7 @@ USER $UID # Expose port EXPOSE 5601 -ARG VERSION ARG BUILD_DATE -ARG NOTES # Set PATH ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin From 1db234225f0bbfb2f0c2a29977f2fff94a4c656b Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 18:22:43 -0400 Subject: [PATCH 6/7] remove space Signed-off-by: Peter Zhu --- .../opensearch-dashboards-docker-entrypoint-1.x.sh | 1 - .../opensearch-dashboards-docker-entrypoint-2.x.sh | 1 - 2 files changed, 2 deletions(-) diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh index c2d2a1d3c9..1209fb4f58 100755 --- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-1.x.sh @@ -176,7 +176,6 @@ function setupSecurityDashboardsPlugin { function runOpensearchDashboards { longopts=() for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do - # 'opensearch.hosts' -> 'OPENSEARCH_URL' env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh index eff7900478..b170ffe38f 100755 --- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh +++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh @@ -187,7 +187,6 @@ function setupSecurityDashboardsPlugin { function runOpensearchDashboards { longopts=() for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do - # 'opensearch.hosts' -> 'OPENSEARCH_URL' env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) From 0ac636df14e0adecc56f978643d92b268032586a Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Fri, 4 Nov 2022 18:24:35 -0400 Subject: [PATCH 7/7] change restore Signed-off-by: Peter Zhu --- .../dockerfiles/opensearch-dashboards.al2.dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile index b90816395d..5de23ec30e 100644 --- a/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile +++ b/docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -66,6 +66,9 @@ COPY --from=linux_stage_0 --chown=$UID:$GID $OPENSEARCH_DASHBOARDS_HOME $OPENSEA # Setup OpenSearch-dashboards WORKDIR $OPENSEARCH_DASHBOARDS_HOME +# Set PATH +ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin + # Change user USER $UID @@ -74,9 +77,6 @@ EXPOSE 5601 ARG BUILD_DATE -# Set PATH -ENV PATH=$PATH:$OPENSEARCH_DASHBOARDS_HOME/bin - # Label LABEL org.label-schema.schema-version="1.0" \ org.label-schema.name="opensearch-dashboards" \