Closed jeff-cook closed 2 years ago
@jeff-cook Thanks for reporting! We'll take a look.
Unfortuantely I cannot update securityindex as long as this issue isn't fixed, since I'm running that image in OpenShift and I can't change the permissions with a non-root user.
Have the same issue, when running on Openshift. Have the following hack in my Dockerfile.
diff --git a/opendistro/elasticsearch/Dockerfile b/opendistro/elasticsearch/Dockerfile
index cf6101c..7d0b407 100644
--- a/opendistro/elasticsearch/Dockerfile
+++ b/opendistro/elasticsearch/Dockerfile
@@ -79,6 +79,12 @@ RUN for plugin_path in opendistro-sql/opendistro_sql-1.0.0.0.zip opendistro-aler
# Make the certificate installer script executable. This script has to be executed before ES is started.
RUN chmod +x /usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh
+# Remove chmod line in install_demo_configuration.sh script and make this in Dockerfile
+# root is needed for execute "chmod"
+# GitHub-Issue: https://github.com/opendistro-for-elasticsearch/opendistro-build/issues/3
+RUN sed -i '/$SUDO_CMD chmod +x "$ES_PLUGINS_DIR\/opendistro_security\/tools\/securityadmin.sh"/d' /usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh && \
+ chmod +x /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh
+
COPY --chown=1000:0 elasticsearch.yml log4j2.properties config/
USER 0
I can't not provide a PR, because I haven't an overview of all installation methods. I think, the best way to fix this issues, is to remove all chmod commands in Dockerfile and Start-Skripts. ".sh"-Files should be marked as executable after download.
I have the same problem on OpenShift 4.x:
OpenDistro for Elasticsearch Security Demo Installer
** Warning: Do not use on production or public reachable systems **
Basedir: /usr/share/elasticsearch
Elasticsearch install type: rpm/deb on CentOS Linux release 7.8.2003 (Core)
Elasticsearch config dir: /usr/share/elasticsearch/config
Elasticsearch config file: /usr/share/elasticsearch/config/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-7.6.1
Detected Open Distro Security Version: 1.7.0.0
chmod: changing permissions of '/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh': Operation not permitted
Any progress on this issue for openshift-users?
Mounting docker-entrypoint.sh
, install_demo_configuration.sh
and securityadmin.sh
explicitly via helm-configmaps with an executable fileMode and commented out chmod
isn't perfect either...
Any update on this issue. I am getting same error while trying to deploy elk on openshift container platform
I am also facing the same issue in OCP 4.6
Chiming in on this issue. OKD 4.7
We are doing some "spring cleaning in the fall", and to make sure we focus our energies on the right issues and we get a better picture of the state of the repo, we are closing all issues that we are carrying over from the ODFE era (ODFE is no longer supported/maintained, see post here).
If you believe this issue should still be considered for current versions of OpenSearch, apologies! Please let us know by re-opening it.
Thanks!
All shell scripts in the plugins/opendistro_security/tools directory should be set to executable.