[v2.12.0] Ensure CI/documentation reflect changes to default admin credentials

[derek-ho]

Background

Previously, when installing the security plugin demo configuration, the cluster was spun up with the default admin credentials, admin:admin. A change was made in main and backported to 2.x for the 2.12.0 release, which now requires an initial admin password to be passed in via the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD. This will break some CI/testing that relies on OpenSearch to come up without setting this environment variable. This tracking issue is to ensure compliance with the new changes.

Coming from: opensearch-project/security#3624

Acceptance Criteria

• All documentation references to the old default credentials admin:admin are removed
• Ensure that CI/testing is working with main and 2.x branches

[derek-ho]

Seems like the only references are for BWC tests: https://github.com/search?q=repo%3Aopensearch-project%2FOpenSearch-Dashboards%20admin%3Aadmin&type=code, latest of which is 2.9.0. I think that makes this repo compliant/I do not see any CI failures on main/2.x either. Can Maintainers confirm if this is the only workflow which relies on admin:admin default creds in this repo? Thanks!

[DarshitChanpura]

@kavilla are we good to close this issue?

[bbarani]

@wbeckler @kavilla @ashwin-pc Can you please provide your updates?

[wbeckler]

@kavilla would you be willing to take a look at https://github.com/search?q=repo%3Aopensearch-project%2FOpenSearch-Dashboards++loginPage.enterPassword%28%27admin%27%29%3B&type=code

[DarshitChanpura]

@kavilla I found this:

OpenSearch-Dashboards/packages/osd-opensearch/src/cluster.js

Line 223 in f8ee03a

await execa(OPENSEARCH_SECURITY_INSTALL, ['-y', '-i', '-s'], { cwd: installPath });

which calls the demo config. Do you know what is that used for ?

[kavilla]

@kavilla I found this:

OpenSearch-Dashboards/packages/osd-opensearch/src/cluster.js

Line 223 in f8ee03a

await execa(OPENSEARCH_SECURITY_INSTALL, ['-y', '-i', '-s'], { cwd: installPath });

which calls the demo config. Do you know what is that used for ?

local development. developers can pull down this repo, clone the security dashboards plugin. Then from OSD call yarn start:security it will download an OpenSearch snapshot. Install the security plugin, run the demo certs installation, and start it then OpenSearch Dashboards.

If you just want to scale up an OpenSearch cluster with the certs install you can call yarn opensearch snapshot --security

[DarshitChanpura]

Then from OSD call yarn start:security it will download an OpenSearch snapshot. Install the security plugin, run the demo certs installation, and start it then OpenSearch Dashboards.

We should mention that a strong password is required to start the cluster with demo security configuration. Otherwise, when someone attempts to run yarn start:security it will fail.

[kavilla]

Then from OSD call yarn start:security it will download an OpenSearch snapshot. Install the security plugin, run the demo certs installation, and start it then OpenSearch Dashboards.

We should mention that a strong password is required to start the cluster with demo security configuration. Otherwise, when someone attempts to run yarn start:security it will fail.

I think we do. Do you think this will suffice @DarshitChanpura?
https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/DEVELOPER_GUIDE.md#configure-opensearch-dashboards-for-security

[DarshitChanpura]

@kavilla Yes that should suffice. Marking this as complete via #5736. Feel free to open it if I missed something.