From 24e8cd21ad79a419862abae02fe61aa040f3bd5a Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Thu, 5 Oct 2023 14:40:27 -0400 Subject: [PATCH] Adds random password generation capability to demo config install scripts Signed-off-by: Darshit Chanpura --- tools/generate-password.bat | 23 +++++++++++++++++++ tools/generate-password.sh | 12 ++++++++++ tools/install_demo_configuration.bat | 34 +++++++++++++++++----------- tools/install_demo_configuration.sh | 10 +++++++- 4 files changed, 65 insertions(+), 14 deletions(-) create mode 100755 tools/generate-password.bat create mode 100755 tools/generate-password.sh diff --git a/tools/generate-password.bat b/tools/generate-password.bat new file mode 100755 index 0000000000..6c831107ad --- /dev/null +++ b/tools/generate-password.bat @@ -0,0 +1,23 @@ +@echo off +setlocal enableDelayedExpansion + +REM Set the directory of the current script +set "SCRIPT_DIR=%~dp0" + +REM Set the desired password length +set "length=16" + +REM Define the character set for the password +set "characters=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" + +REM Initialize the password variable +set "password=" + +REM Loop to generate the random password +for /l %%i in (1,1,%length%) do ( + set /a "index=!random! %% 62" + for %%c in (!index!) do ( + set "char=!characters:~%%c,1!" + set "password=!password!!char!" + ) +) diff --git a/tools/generate-password.sh b/tools/generate-password.sh new file mode 100755 index 0000000000..53c44f2fee --- /dev/null +++ b/tools/generate-password.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +length="$1" +if [ -z "$length" ]; then + length=12 # Default password length +fi + +# Define the character set for the password +characters="A-Za-z0-9" + +# Use /dev/urandom to generate random bytes and tr to shuffle them +LC_ALL=C tr -dc "$characters" < /dev/urandom | head -c "$length" \ No newline at end of file diff --git a/tools/install_demo_configuration.bat b/tools/install_demo_configuration.bat index d9d30fea2b..42bde842d5 100755 --- a/tools/install_demo_configuration.bat +++ b/tools/install_demo_configuration.bat @@ -17,6 +17,7 @@ set "assumeyes=0" set "initsecurity=0" set "cluster_mode=0" set "skip_updates=-1" +set "generate_random_password=0" goto :GETOPTS @@ -27,6 +28,7 @@ echo -y confirm all installation dialogues automatically echo -i initialize Security plugin with default configuration (default is to ask if -y is not given) echo -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given) echo -s skip updates if config is already applied to opensearch.yml +echo -g generates random password for admin EXIT /B 0 :GETOPTS @@ -35,6 +37,7 @@ if /I "%1" == "-y" set "assumeyes=1" if /I "%1" == "-i" set "initsecurity=1" if /I "%1" == "-c" set "cluster_mode=1" if /I "%1" == "-s" set "skip_updates=0" +if /I "%1" == "-g" set "generate_random_password=1" shift if not "%1" == "" goto :GETOPTS @@ -325,23 +328,24 @@ setlocal enabledelayedexpansion set "ADMIN_PASSWORD_FILE=%OPENSEARCH_CONF_DIR%initialAdminPassword.txt" set "INTERNAL_USERS_FILE=%OPENSEARCH_CONF_DIR%opensearch-security\internal_users.yml" -echo "what is in the config directory" +echo "what is in the config directory" dir %OPENSEARCH_CONF_DIR% echo "what is in the password file" type "%ADMIN_PASSWORD_FILE%" - -if "%initialAdminPassword%" NEQ "" ( - set "ADMIN_PASSWORD=!initialAdminPassword!" +if not "%initialAdminPassword%"=="" ( + set "ADMIN_PASSWORD=%initialAdminPassword%" +) else if exist "%ADMIN_PASSWORD_FILE%" ( + for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a" +) else if "%generate_random_password%"=="1" ( + set "generate_password_script=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\generate-password.bat" + for /f %%a in ('"!generate_password_script!" 16') do set "ADMIN_PASSWORD=%%a" ) else ( - for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a" + echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password. + exit /b 1 ) -if not defined ADMIN_PASSWORD ( - echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password. - exit /b 1 -) echo " ***************************************************" echo " *** ADMIN PASSWORD SET TO: %ADMIN_PASSWORD% ***" @@ -349,12 +353,16 @@ echo " ***************************************************" set "HASH_SCRIPT=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\hash.bat" +REM The error level is set to 1 here if initialAdminPassword.txt was not provided +REM so we set it to 0 otherwise it would falsely fail this script on line 367 +set ERRORLEVEL=0 + REM Run the command and capture its output for /f %%a in ('%HASH_SCRIPT% -p !ADMIN_PASSWORD!') do ( set "HASHED_ADMIN_PASSWORD=%%a" ) -if errorlevel 1 ( +if %ERRORLEVEL% == 1 ( echo Failed to hash the admin password exit /b 1 ) @@ -397,14 +405,14 @@ echo. > securityadmin_demo.bat echo %OPENSEARCH_PLUGINS_DIR%opensearch-security\tools\securityadmin.bat -cd %OPENSEARCH_CONF_DIR%opensearch-security -icl -key %OPENSEARCH_CONF_DIR%kirk-key.pem -cert %OPENSEARCH_CONF_DIR%kirk.pem -cacert %OPENSEARCH_CONF_DIR%root-ca.pem -nhnv >> securityadmin_demo.bat if %initsecurity% == 0 ( - echo ### After the whole cluster is up execute: + echo ### After the whole cluster is up execute: type securityadmin_demo.bat echo ### or run ./securityadmin_demo.bat echo ### After that you can also use the Security Plugin ConfigurationGUI ) else ( echo ### OpenSearch Security will be automatically initialized. - echo ### If you like to change the runtime configuration - echo ### change the files in ../../../config/opensearch-security and execute: + echo ### If you like to change the runtime configuration + echo ### change the files in ../../../config/opensearch-security and execute: type securityadmin_demo.bat echo ### or run ./securityadmin_demo.bat echo ### To use the Security Plugin ConfigurationGUI diff --git a/tools/install_demo_configuration.sh b/tools/install_demo_configuration.sh index 01bc1bfed1..7a295bd4f6 100755 --- a/tools/install_demo_configuration.sh +++ b/tools/install_demo_configuration.sh @@ -29,6 +29,7 @@ assumeyes=0 initsecurity=0 cluster_mode=0 skip_updates=-1 +generate_random_password=0 function show_help() { echo "install_demo_configuration.sh [-y] [-i] [-c]" @@ -37,9 +38,10 @@ function show_help() { echo " -i initialize Security plugin with default configuration (default is to ask if -y is not given)" echo " -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)" echo " -s skip updates if config is already applied to opensearch.yml" + echo " -g generates random password for admin" } -while getopts "h?yics" opt; do +while getopts "h?yicsg" opt; do case "$opt" in h|\?) show_help @@ -52,6 +54,8 @@ while getopts "h?yics" opt; do c) cluster_mode=1 ;; s) skip_updates=0 + ;; + g) generate_random_password=1 esac done @@ -392,10 +396,14 @@ echo 'plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins- ADMIN_PASSWORD_FILE="$OPENSEARCH_CONF_DIR/initialAdminPassword.txt" INTERNAL_USERS_FILE="$OPENSEARCH_CONF_DIR/opensearch-security/internal_users.yml" + if [[ -n "$initialAdminPassword" ]]; then ADMIN_PASSWORD="$initialAdminPassword" elif [[ -f "$ADMIN_PASSWORD_FILE" && -s "$ADMIN_PASSWORD_FILE" ]]; then ADMIN_PASSWORD=$(head -n 1 "$ADMIN_PASSWORD_FILE") +elif [ "$generate_random_password" == 1 ]; then # Added double quotes around "1" + $SUDO_CMD chmod +x "$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh" + ADMIN_PASSWORD=$("$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh" 16) else echo "Unable to find the admin password for the cluster. Please run 'export initialAdminPassword=' or create a file $ADMIN_PASSWORD_FILE with a single line that contains the password." exit 1