How to remove the waring of "OpenDistro for Elasticsearch Security Demo Installer"

yuecong · August 10, 2019, 7:39am

I already overwrite the demo certificates using my own certificates and pass them to opendistro_security.ssl.transport.* and opendistro_security.ssl.http.pemcert_filepath.*

But I when start each node, I still get this warning.

OpenDistro for Elasticsearch Security Demo Installer
 ** Warning: Do not use on production or public reachable systems **
Basedir: /usr/share/elasticsearch
Elasticsearch install type: rpm/deb on CentOS Linux release 7.6.1810 (Core)
Elasticsearch config dir: /usr/share/elasticsearch/config
Elasticsearch config file: /usr/share/elasticsearch/config/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-7.1.1
Detected Open Distro Security Version: 1.1.0.0
/usr/share/elasticsearch/config/elasticsearch.yml seems to be already configured for Security. Quit.
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2019-08-10T07:33:06,484][INFO ][o.e.e.NodeEnvironment    ] [elasticsearch-coordinating-0] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [888.7gb], net total_space [899.4gb], types [rootfs]
[2019-08-10T07:33:06,486][INFO ][o.e.e.NodeEnvironment    ] [elasticsearch-coordinating-0] heap size [1.9gb], compressed ordinary object pointers [true]
...

What else should I change to disable this warning? btw, what is the logic to check to show this message?

yuecong · August 10, 2019, 7:51am

seems it is due to the default endpoint of the docker container is to run tools/install_demo_configuration.sh.

github.com

opendistro-for-elasticsearch/security/blob/703253ed58e4471d5573e9bf950637797c534b55/tools/install_demo_configuration.sh#L19


      
          
          
        # try readlink (-f not needed because we know its a symlink)
                  DIR="$( cd "$( dirname $(readlink "$SCRIPT_PATH") )" && pwd -P)"
              else
                  DIR="$( cd "$( dirname "$SCRIPT_PATH" )" && pwd -P)"
              fi
          else
              DIR="$( cd "$( dirname "$(realpath "$SCRIPT_PATH")" )" && pwd -P)"
          fi
          
          
echo "OpenDistro for Elasticsearch Security Demo Installer"
          echo " ** Warning: Do not use on production or public reachable systems **"
          
          
OPTIND=1
          assumeyes=0
          initsecurity=0
          cluster_mode=0
          skip_updates=-1
          
          
function show_help() {
              echo "install_demo_configuration.sh [-y] [-i] [-c]"

how can I find what the endpoint is and overwrite it to make it not run this script in the beginning?

Thanks

yuecong · August 10, 2019, 8:02pm

created one github issue with my proposal

github.com/opendistro-for-elasticsearch/opendistro-build

add one env to turn off running install_demo_configuration.sh in production

opened 08:01PM - 10 Aug 19 UTC

closed 10:49PM - 03 Jun 20 UTC

yuecong

enhancement

Can I propose to add one system environment variable to allow users to turn off …run this script in their production? By doing this, users can easily just use the same docker image in their production environment. https://github.com/opendistro-for-elasticsearch/opendistro-build/blob/master/elasticsearch/docker/build/elasticsearch/bin/docker-entrypoint.sh#L88 If you guys agree, I can have one PR and ask for a review.

Topic		Replies	Views
Production Hardening Security	4	2628	September 5, 2019
Seems to be already configured for Security. Quit Security	3	1443	September 24, 2021
Facing issues with Opendistro Security Plugin Security	1	659	March 11, 2021
Opendistro_security.allow_unsafe_democertificates: true" Security	5	4050	May 4, 2019
Disable demo certificates autogeneration Security	2	2550	July 15, 2019

How to remove the waring of "OpenDistro for Elasticsearch Security Demo Installer"

Related topics