From a64f409263a20f0e15f3596b7c9fd68f2fcba189 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Wed, 17 Jan 2024 15:45:40 -0500 Subject: [PATCH] Remove references to default admin creds (#3869) Signed-off-by: Derek Ho --- data-prepper-plugins/opensearch/opensearch_security.md | 2 +- docs/log_analytics.md | 2 +- docs/trace_analytics.md | 6 +++--- examples/dev/trace-analytics-sample-app/docker-compose.yml | 1 + .../resources/data-prepper-wait-for-opensearch-and-start.sh | 2 +- release/smoke-tests/README.md | 6 +++--- release/smoke-tests/data-prepper/config/pipelines.yaml | 6 +++--- release/smoke-tests/run-smoke-tests.sh | 4 ++-- 8 files changed, 15 insertions(+), 14 deletions(-) diff --git a/data-prepper-plugins/opensearch/opensearch_security.md b/data-prepper-plugins/opensearch/opensearch_security.md index 148626068f..1dc990ac54 100644 --- a/data-prepper-plugins/opensearch/opensearch_security.md +++ b/data-prepper-plugins/opensearch/opensearch_security.md @@ -8,7 +8,7 @@ sink: - opensearch: ... username: "admin" - password: "admin" + password: "" ``` or by using user credential assigned with a role that has the below required permissions. diff --git a/docs/log_analytics.md b/docs/log_analytics.md index 8eb50c6754..1164189b52 100644 --- a/docs/log_analytics.md +++ b/docs/log_analytics.md @@ -113,7 +113,7 @@ log-pipeline: hosts: [ "https://localhost:9200" ] # Change to your credentials username: "admin" - password: "admin" + password: "" # Add a certificate file if you are accessing an OpenSearch cluster with a self-signed certificate #cert: /path/to/cert # If you are connecting to an Amazon OpenSearch Service domain without diff --git a/docs/trace_analytics.md b/docs/trace_analytics.md index 5ef05aa972..a9a667a0be 100644 --- a/docs/trace_analytics.md +++ b/docs/trace_analytics.md @@ -123,7 +123,7 @@ raw-pipeline: hosts: [ "https://localhost:9200" ] # Change to your credentials username: "admin" - password: "admin" + password: "" # Add a certificate file if you are accessing an OpenSearch cluster with a self-signed certificate #cert: /path/to/cert # If you are connecting to an Amazon OpenSearch Service domain without @@ -137,7 +137,7 @@ raw-pipeline: index_type: trace-analytics-raw # Change to your credentials username: "admin" - password: "admin" + password: "" # Add a certificate file if you are accessing an OpenSearch cluster with a self-signed certificate #cert: /path/to/cert # If you are connecting to an Amazon OpenSearch Service domain without @@ -174,7 +174,7 @@ service-map-pipeline: index_type: trace-analytics-service-map # Change to your credentials username: "admin" - password: "admin" + password: "" # Add a certificate file if you are accessing an OpenSearch cluster with a self-signed certificate #cert: /path/to/cert # If you are connecting to an Amazon OpenSearch Service domain without diff --git a/examples/dev/trace-analytics-sample-app/docker-compose.yml b/examples/dev/trace-analytics-sample-app/docker-compose.yml index aaa209e08b..c03ce2a42e 100644 --- a/examples/dev/trace-analytics-sample-app/docker-compose.yml +++ b/examples/dev/trace-analytics-sample-app/docker-compose.yml @@ -84,6 +84,7 @@ services: - "9600:9600" environment: - discovery.type=single-node + - "OPENSEARCH_INIITAL_ADMIN_PASSWORD=myStrongPassword123!" networks: - my_network diff --git a/examples/dev/trace-analytics-sample-app/resources/data-prepper-wait-for-opensearch-and-start.sh b/examples/dev/trace-analytics-sample-app/resources/data-prepper-wait-for-opensearch-and-start.sh index b55b2cfb7c..4ce96951ef 100644 --- a/examples/dev/trace-analytics-sample-app/resources/data-prepper-wait-for-opensearch-and-start.sh +++ b/examples/dev/trace-analytics-sample-app/resources/data-prepper-wait-for-opensearch-and-start.sh @@ -5,7 +5,7 @@ # SPDX-License-Identifier: Apache-2.0 # -until [[ $(curl --write-out %{http_code} --output /dev/null --silent --head --fail https://node-0.example.com:9200 -u admin:admin --insecure) == 200 ]]; do +until [[ $(curl --write-out %{http_code} --output /dev/null --silent --head --fail https://node-0.example.com:9200 -u admin:myStrongPassword123! --insecure) == 200 ]]; do echo "Waiting for OpenSearch to be ready" sleep 1 done diff --git a/release/smoke-tests/README.md b/release/smoke-tests/README.md index bbb9186180..ba175dca79 100644 --- a/release/smoke-tests/README.md +++ b/release/smoke-tests/README.md @@ -76,7 +76,7 @@ data-prepper_1 | 2021-12-03T19:57:31,925 [grok-pipeline-prepper-worker-7 ``` ### 3. Confirm Open Search is running ``` -curl -s -k -u 'admin:admin' 'https://localhost:9200/_cat/indices' +curl -s -k -u 'admin:' 'https://localhost:9200/_cat/indices' ``` If indicies are displayed Open Search is running. ``` @@ -90,14 +90,14 @@ yellow open otel-v1-apm-span-000001 3pN9V1YNSjSMY5ggHa2TfA 1 1 12 0 28.3k **To confirm if Open Search is receiving log data run** Use the following cURL command to query the index `test-grok-index` for any documents. **Note**: The results may not show all documents received. ``` -curl -k -u 'admin:admin' https://localhost:9200/test-grok-index/_search +curl -k -u 'admin:' https://localhost:9200/test-grok-index/_search ``` If in your results the JSON path `.hits.total.value` has a value of 0 Open Search is not receiving log data. Confirm with the Data Prepper logs records are being processed from the buffer and no error messages are displayed. **To confirm if Open Search is receiving trace data run** Use the following cURL command to query the `otel-v1-apm-span-000001` index for documents containing **PythonService**. These documents will be generated by the **otel-span-exporter**, sent to **otel-collector**, then sent to **data-prepper**, then sent to **opensearch**. ``` -curl -k -u 'admin:admin' https://localhost:9200/otel-v1-apm-span-000001/_search?q=PythonService +curl -k -u 'admin:' https://localhost:9200/otel-v1-apm-span-000001/_search?q=PythonService ``` If in your results the JSON path `.hits.total.value` has a value of 0 Open Search is not receiving trace data. Confirm OTel opentelemetry-collector logs are continueally displaying metrics and no errors are printing. Next confirm with the Data Prepper logs records are being processed from the buffer and no error messages are displayed. diff --git a/release/smoke-tests/data-prepper/config/pipelines.yaml b/release/smoke-tests/data-prepper/config/pipelines.yaml index 8db03006a9..8ab9c14ce0 100644 --- a/release/smoke-tests/data-prepper/config/pipelines.yaml +++ b/release/smoke-tests/data-prepper/config/pipelines.yaml @@ -9,7 +9,7 @@ grok-pipeline: - opensearch: hosts: [ "https://node-0.example.com:9200" ] username: "admin" - password: "admin" + password: "myStrongPassword123!" index: "test-grok-index" entry-pipeline: @@ -32,7 +32,7 @@ raw-pipeline: - opensearch: hosts: [ "https://node-0.example.com:9200" ] username: "admin" - password: "admin" + password: "myStrongPassword123!" index_type: trace-analytics-raw service-map-pipeline: @@ -46,5 +46,5 @@ service-map-pipeline: - opensearch: hosts: ["https://node-0.example.com:9200"] username: "admin" - password: "admin" + password: "myStrongPassword123!" index_type: trace-analytics-service-map diff --git a/release/smoke-tests/run-smoke-tests.sh b/release/smoke-tests/run-smoke-tests.sh index fa3c54e251..c8d2923f47 100755 --- a/release/smoke-tests/run-smoke-tests.sh +++ b/release/smoke-tests/run-smoke-tests.sh @@ -53,7 +53,7 @@ function usage() { function query_hits_gt_zero () { local URL=$1 local SEARCH_RESPONSE - SEARCH_RESPONSE=$(curl -s -k -u 'admin:admin' "${URL}") + SEARCH_RESPONSE=$(curl -s -k -u 'admin:myStrongPassword123!' "${URL}") local LOG_COUNT=0 if command -v jq &> /dev/null @@ -138,7 +138,7 @@ WAITING_FOR_DATAPREPPER=true echo -n "Waiting for Data Prepper to start " while ${WAITING_FOR_DATAPREPPER} do - if curl -s -k -u 'admin:admin' 'https://localhost:9200/_cat/indices' > /dev/null && curl -s -k -H "Content-Type: application/json" -d '[{"log": "smoke test log "}]' 'http://localhost:2021/log/ingest' > /dev/null + if curl -s -k -u 'admin:myStrongPassword123!' 'https://localhost:9200/_cat/indices' > /dev/null && curl -s -k -H "Content-Type: application/json" -d '[{"log": "smoke test log "}]' 'http://localhost:2021/log/ingest' > /dev/null then WAITING_FOR_DATAPREPPER=false else