search

opensearch-project / security-dashboards-plugin

🔐 Manage your internal users, roles, access control, and audit logs from OpenSearch Dashboards
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
66 stars 148 forks source link

Cannot Start Opensearch Dashboard #1954

Closed anh2001ht closed 1 month ago

anh2001ht commented 1 month ago

Hello, I am using docker compose to run Opensearch, and use source code Opensearch-Dashboard then yarn start to run dashboard (to use plugin i18n). I have a problem that I can not access to dashboard Url (port 5601) because of this error :

image Here is my docker-compose.yaml

version: '3' services: opensearch: image: opensearchproject/opensearch:2.12.0 container_name: opensearch environment:

file config opensearch.yml: ` network.host: 0.0.0.0 plugins.security.ssl.transport.pemcert_filepath: node1.pem plugins.security.ssl.transport.pemkey_filepath: node1-key.pem plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem plugins.security.ssl.transport.enforce_hostname_verification: true plugins.security.ssl.http.enabled: false plugins.security.ssl.http.pemcert_filepath: node1.pem plugins.security.ssl.http.pemkey_filepath: node1-key.pem plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem plugins.security.allow_unsafe_democertificates: false plugins.security.allow_default_init_securityindex: true plugins.security.nodes_dn: 'CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'

file config opensearch_dashboards.yml

server.host: "0.0.0.0" opensearch.username: "admin" opensearch.password: "admin" opensearch.hosts: ["http://localhost:9200/"] i18n.locale: "ja-JP"

Can someone help me please, I can run dashboard and opensearch with docker compose sucessfully but I run dashboard with yarn start and docker compose opensearch I can not work. this is the file docker compose that both opensearch and opensearch dashboard work :

version: '3' services: opensearch: image: opensearchproject/opensearch:2.12.0 container_name: opensearch environment:

Hailong-am commented 1 month ago

@anh2001ht "OPENSEARCH_PASSWORD=admin" this password need to be same as - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=mypasswordStrong123!"

anh2001ht commented 1 month ago

@anh2001ht "OPENSEARCH_PASSWORD=admin" this password need to be same as - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=mypasswordStrong123!"

Thanks for reply, when I change OPENSEARCH_PASSWORD into mypasswordStrong123! I got this error server log [07:53:33.272] [error][data][opensearch] [ResponseError]: Response Error server log [07:53:33.287] [error][savedobjects-service] Unable to retrieve version information from OpenSearch nodes. log [07:53:34.098] [error][data][opensearch] [ResponseError]: Response Error server log [07:53:35.760] [error][data][opensearch] [ResponseError]: Response Error log [07:53:36.615] [error][data][opensearch] [ResponseError]: Response Error server log [07:53:38.252] [error][data][opensearch] [ResponseError]: Response Error

anh2001ht commented 1 month ago

image This is the screenshot when I curl to opensearch node: curl --insecure -u "admin:admin" -XGET https://localhost:9200/

Hailong-am commented 1 month ago

image This is the screenshot when I curl to opensearch node: curl --insecure -u "admin:admin" -XGET https://localhost:9200/

I see, do you have security dashboard plugin under plugins directory? it's used for login since OpenSearch has security enabled.

alternatively, you could disable security of OpenSearch and using default config of opensearch_dashboard.yml file.

anh2001ht commented 1 month ago

image This is the screenshot when I curl to opensearch node: curl --insecure -u "admin:admin" -XGET https://localhost:9200/

I see, do you have security dashboard plugin under plugins directory? it's used for login since OpenSearch has security enabled.

yes, I have install dashboard plugin already , this is the file opensearch_dashboard.yml after I build security plugin `server.host: "0.0.0.0"

opensearch.hosts: ["https://localhost:9200"]

opensearch.ssl.verificationMode: none

opensearch.username: "admin"

opensearch.password: "admin"

i18n.locale: "ja-JP"

opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

opensearch_security.multitenancy.enabled: true

opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]

opensearch_security.readonly_mode.roles: ["kibana_read_only"]

opensearch_security.cookie.secure: false `

anh2001ht commented 1 month ago

`StatusCodeError: Authorization Exception

at respond (/home/ntq/DemoPlugin/OpenSearch-Dashboards/node_modules/elasticsearch/src/lib/transport.js:349:15)

at checkRespForFailure (/home/ntq/DemoPlugin/OpenSearch-

Dashboards/node_modules/elasticsearch/src/lib/transport.js:306:7)

at HttpConnector. (/home/ntq/DemoPlugin/OpenSearch-

Dashboards/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)

at IncomingMessage.wrapper (/home/ntq/DemoPlugin/OpenSearch-Dashboards/node_modules/lodash/lodash.js:4991:19)

at IncomingMessage.emit (events.js:412:35)

at IncomingMessage.emit (domain.js:475:12)

at endReadableNT (internal/streams/readable.js:1333:12)

at processTicksAndRejections (internal/process/task_queues.js:82:21) {

status: 403,

displayName: ‘AuthorizationException’,

path: ‘/_plugins/_security/tenantinfo’,

query: {},

body: undefined,

statusCode: 403,

response: ‘’,

toString: [Function (anonymous)],

toJSON: [Function (anonymous)]

}`

I got the new error 403 after I apply security plugin

kavilla commented 1 month ago

@opensearch-project/admin can you re-route this to security dashboards plugin repo?