search

opensearch-project / OpenSearch-Dashboards

📊 Open source visualization dashboards for OpenSearch.
https://opensearch.org/docs/latest/dashboards/index/
Apache License 2.0
1.69k stars 893 forks source link

[BUG] Security plugin instalation problems #6711

Open Albertecat opened 6 months ago

Albertecat commented 6 months ago

Describe the bug

I installed Openearch with security disabled (windows 10). Then I learned you cannot run Op. Dashboard without security in opensearch. So i try to reinstall running opensearch-windows-install.bat with the security flag activated as per the instrucions in the documentation (creating the enviromental variable). An error pops up. Cannot even open opensearch anymore.

OpenSearch Version 2.13.0

Dashboards Version Please list the version of OpenSearch Dashboards being used.

Plugins

Base plugins only.

Host/Environment (please complete the following information):

Additional context

Error message:

C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0>opensearch-windows-install.bat "OPENSEARCH_HOME: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0" "OPENSEARCH_PATH_CONF: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config" "Running Security Plugin Install Demo Configuration" "OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user." "Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string." "If a password is not provided, the setup will quit." "For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/windows/"

OpenSearch Security Demo Installer

Warning: Do not use on production or public reachable systems

OpenSearch install type: .zip on Windows 10 10.0 amd64 OpenSearch config dir: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config\ OpenSearch config file: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config\opensearch.yml OpenSearch bin dir: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\bin\ OpenSearch plugins dir: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\plugins\ OpenSearch lib dir: C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\lib\ Detected OpenSearch Version: 2.13.0 Detected OpenSearch Security Version: 2.13.0.0 C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config\opensearch.yml seems to be already configured for Security. Quit. "Set KNN Dylib Path for Windows systems" Start OpenSearch WARNING: Using incubator modules: jdk.incubator.vector WARNING: A terminally deprecated method in java.lang.System has been called WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/C:/Users/usuario_n/Downloads/opensearch-2.13.0-windows-x64/opensearch-2.13.0/lib/opensearch-2.13.0.jar) WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch WARNING: System::setSecurityManager will be removed in a future release may 03, 2024 1:20:03 PM sun.util.locale.provider.LocaleProviderAdapter WARNING: COMPAT locale provider will be removed in a future release WARNING: A terminally deprecated method in java.lang.System has been called WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/C:/Users/usuario_n/Downloads/opensearch-2.13.0-windows-x64/opensearch-2.13.0/lib/opensearch-2.13.0.jar) WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security WARNING: System::setSecurityManager will be removed in a future release [2024-05-03T13:20:04,755][INFO ][o.o.n.Node ] [MW-AGARCON] version[2.13.0], pid[19908], build[zip/7ec678d1b7c87d6e779fdef94e33623e1f1e2647/2024-03-26T00:03:30.235291900Z], OS[Windows 10/10.0/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-LTS] [2024-05-03T13:20:04,757][INFO ][o.o.n.Node ] [MW-AGARCON] JVM home [C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\jdk], using bundled JDK/JRE [true] [2024-05-03T13:20:04,759][INFO ][o.o.n.Node ] [MW-AGARCON] JVM arguments [-Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms4g, -Xmx4g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=C:\Users\ALBERT~1.GAR\AppData\Local\Temp\opensearch, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, --add-modules=jdk.incubator.vector, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -XX:MaxDirectMemorySize=2147483648, -Dopensearch, -Dopensearch.path.home=C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0, -Dopensearch.path.conf=C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config, -Dopensearch.distribution.type=zip, -Dopensearch.bundled_jdk=true] [2024-05-03T13:20:06,368][INFO ][o.o.s.s.t.SSLConfig ] [MW-AGARCON] SSL dual mode is disabled [2024-05-03T13:20:06,369][INFO ][o.o.s.OpenSearchSecurityPlugin] [MW-AGARCON] OpenSearch Config path is C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config [2024-05-03T13:20:06,558][INFO ][o.o.s.s.DefaultSecurityKeyStore] [MW-AGARCON] JVM supports TLSv1.3 [2024-05-03T13:20:06,559][INFO ][o.o.s.s.DefaultSecurityKeyStore] [MW-AGARCON] Config directory is C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\config/, from there the key- and truststore files are resolved relatively [2024-05-03T13:20:06,571][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [MW-AGARCON] uncaught exception in thread [main] org.opensearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.opensearch.security.OpenSearchSecurityPlugin] at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:185) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:172) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-2.13.0.jar:2.13.0] at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:138) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:104) ~[opensearch-2.13.0.jar:2.13.0] Caused by: java.lang.IllegalStateException: failed to load plugin class [org.opensearch.security.OpenSearchSecurityPlugin] at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:803) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:743) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:544) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.(PluginsService.java:196) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:490) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:417) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap$5.(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:181) ~[opensearch-2.13.0.jar:2.13.0] ... 6 more Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:74) ~[?:?] at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:502) ~[?:?] at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486) ~[?:?] at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:794) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:743) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:544) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.(PluginsService.java:196) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:490) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:417) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap$5.(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:181) ~[opensearch-2.13.0.jar:2.13.0] ... 6 more Caused by: org.opensearch.OpenSearchException: plugins.security.ssl.transport.keystore_filepath or plugins.security.ssl.transport.server.pemcert_filepath and plugins.security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested. at org.opensearch.security.ssl.DefaultSecurityKeyStore.initTransportSSLConfig(DefaultSecurityKeyStore.java:487) ~[?:?] at org.opensearch.security.ssl.DefaultSecurityKeyStore.initSSLConfig(DefaultSecurityKeyStore.java:298) ~[?:?] at org.opensearch.security.ssl.DefaultSecurityKeyStore.(DefaultSecurityKeyStore.java:204) ~[?:?] at org.opensearch.security.ssl.OpenSearchSecuritySSLPlugin.(OpenSearchSecuritySSLPlugin.java:235) ~[?:?] at org.opensearch.security.OpenSearchSecurityPlugin.(OpenSearchSecurityPlugin.java:295) ~[?:?] at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62) ~[?:?] at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:502) ~[?:?] at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486) ~[?:?] at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:794) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:743) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:544) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.plugins.PluginsService.(PluginsService.java:196) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:490) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.node.Node.(Node.java:417) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap$5.(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404) ~[opensearch-2.13.0.jar:2.13.0] at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:181) ~[opensearch-2.13.0.jar:2.13.0] ... 6 more uncaught exception in thread [main] java.lang.IllegalStateException: failed to load plugin class [org.opensearch.security.OpenSearchSecurityPlugin] Likely root cause: OpenSearchException[plugins.security.ssl.transport.keystore_filepath or plugins.security.ssl.transport.server.pemcert_filepath and plugins.security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested.] at org.opensearch.security.ssl.DefaultSecurityKeyStore.initTransportSSLConfig(DefaultSecurityKeyStore.java:487) at org.opensearch.security.ssl.DefaultSecurityKeyStore.initSSLConfig(DefaultSecurityKeyStore.java:298) at org.opensearch.security.ssl.DefaultSecurityKeyStore.(DefaultSecurityKeyStore.java:204) at org.opensearch.security.ssl.OpenSearchSecuritySSLPlugin.(OpenSearchSecuritySSLPlugin.java:235) at org.opensearch.security.OpenSearchSecurityPlugin.(OpenSearchSecurityPlugin.java:295) at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:502) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486) at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:794) at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:743) at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:544) at org.opensearch.plugins.PluginsService.(PluginsService.java:196) at org.opensearch.node.Node.(Node.java:490) at org.opensearch.node.Node.(Node.java:417) at org.opensearch.bootstrap.Bootstrap$5.(Bootstrap.java:242) at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404) at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:181) at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:172) at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) at org.opensearch.cli.Command.main(Command.java:101) at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:138) at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:104) For complete error details, refer to the log at C:\Users\usuario_n\Downloads\opensearch-2.13.0-windows-x64\opensearch-2.13.0\logs\opensearch.log

kavilla commented 6 months ago

Hello @Albertecat thanks for opening. @opensearch-project/admin please redirect this to security plugin.

But in the meantime. Did you go through this message "Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string." And set an env variable? If not then OpenSearch will not start.

Albertecat commented 6 months ago

Hello @Albertecat thanks for opening. @opensearch-project/admin please redirect this to security plugin.

But in the meantime. Did you go through this message "Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string." And set an env variable? If not then OpenSearch will not start.

I created a variable with this name, with value the password.