Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/kibana] remove unsable function kibana_set_key_value function and move to kibana_conf_set #76759

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[bitnami/kibana] remove unsable function kibana_set_key_value function and move to kibana_conf_set #76759

wants to merge 1 commit into from

Conversation

chocolattej
Copy link

@chocolattej chocolattej commented Jan 29, 2025
edited
Loading

Description of the change

remove unsable function kibana_set_key_value function and move to kibana_conf_set in containers/bitnami/kibana/8/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh

Possible drawbacks

  • have to configure the keystore-password in kibana.yaml might expose security concern or somethings related.

Applicable issues

Additional information

  • this [bitnami/kibana] Wrong ENV reference in libkibana.sh #76379 causing unable to use binami/kibana images with Java Keystore Configuration the full Issues report is in refer issue
  • I have already tesing in my local environment and its work properly as expects
  • keystore password configuration is exists on kibana.yaml
path:
  data: /bitnami/kibana/data
pid:
  file: /opt/bitnami/kibana/tmp/kibana.pid
server:
  host: 0.0.0.0
  port: 5061
  ssl:
    enabled: true
    keystore:
      path: /opt/bitnami/kibana/config/certs/kibana.keystore.p12
      password: kibana-password
elasticsearch:
  hosts: https://elasticsearch:9200
  username: kibana_system
  password: kibana
  ssl:
    verificationMode: certificate
    truststore:
      path: /opt/bitnami/kibana/config/certs/elasticsearch.truststore.p12
      password: elasticsearch-password

and no Error logs exist on starting container process

  • ENV in images build testing process
KIBANA_ELASTICSEARCH_URL: elasticsearch
KIBANA_ELASTICSEARCH_PORT_NUMBER: 9200
KIBANA_PASSWORD: kibana
KIBANA_PORT_NUMBER: 5061
KIBANA_SERVER_ENABLE_TLS: true
KIBANA_ELASTICSEARCH_ENABLE_TLS: true
KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE: certificate
KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION: /opt/bitnami/kibana/config/certs/elasticsearch.truststore.p12
KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD: elasticsearch-password
KIBANA_ELASTICSEARCH_TLS_USE_PEM: false
KIBANA_SERVER_KEYSTORE_LOCATION: /opt/bitnami/kibana/config/certs/kibana.keystore.p12
KIBANA_SERVER_KEYSTORE_PASSWORD: kibana-password
  • I'm quite new here if there anythings unclear or need more information, feel free to reach me anytime.

@chocolattej
[bitnami/kibana] remove unsable function kibana_set_key_value functio…
82c8e5d 
…n and move to kibana_conf_set in containers/bitnami/kibana/8/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh

Signed-off-by: CHOCOLATTE <[email protected]>
@github-actions github-actions bot added kibana triage Triage is needed labels Jan 29, 2025
@github-actions github-actions bot requested a review from carrodher January 29, 2025 07:23
@carrodher carrodher added verify Execute verification workflow for these changes in-progress labels Jan 29, 2025
@github-actions github-actions bot removed the triage Triage is needed label Jan 29, 2025
@github-actions github-actions bot removed the request for review from carrodher January 29, 2025 07:53
@github-actions github-actions bot requested a review from dgomezleon January 29, 2025 07:53
@dgomezleon
Copy link
Member

Hi @chocolattej ,

Thanks for contributing.
As you can see here, kibana-keystore is used for sensitive string settings, like authentication credentials. I would not remove it.

Have you tried to fix the typo by only changing the code below?:

                    if [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then
                        kibana_conf_set "server.ssl.keystore.password" "$SERVER_KEY_PASSWORD"
                    else
                        kibana_set_key_value "server.ssl.keystore.password" "$SERVER_KEY_PASSWORD"
                    fi

with

                    if [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then
                        kibana_conf_set "server.ssl.keystore.password" "$SERVER_KEYSTORE_PASSWORD"
                    else
                        kibana_set_key_value "server.ssl.keystore.password" "$SERVER_KEYSTORE_PASSWORD"
                    fi

If that fixed the reported issue, I consider it a better option.

@chocolattej
Copy link
Author

Hi @dgomezleon ,
Thanks for your discuss.
You could I have already tried it in detailed issues report

along with this function

kibana_set_key_value() {
    local key="${1:?missing key}"
    local value="${2:?missing value}"

    debug "Storing key: ${key}"
    kibana-keystore add --stdin --force "$key" <<<"$value"
}

this is mannual re-produce the set_key_value_function in this line kibana-keystore add --stdin --force "$key" <<<"$value" and show result in

I have no name!@kibana-6c5bf7568c-fszkp:/$ kibana-keystore add --stdin --force "server.ssl.keystore.password" <<<"$SERVER_KEY_PASSWORD"
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider
ERROR: Kibana keystore not found. Use 'create' command to create one.

and here is the log in starting container that show before container error and tried to restart

kibana 07:16:31.91 DEBUG ==> Storing key: server.ssl.keystore.password
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider
ERROR: Kibana keystore not found. Use 'create' command to create one.

the ERROR: Kibana keystore not found. Use 'create' command to create one. message show in terminal is the same
so I think the problem is set_key_value_function not work properly as expected. I assume that kibana-keystore cli is could not found the key properties when we import key file instead of create with its own command and I do not know about it much, so my solution is remove this function that could not be use.

another solution that could be possible is find the way to import key file that kibana-keystore cli could find them so we could use set_key_value_function as expected

@dgomezleon
Copy link
Member

Hi @chocolattej ,

Thanks for the detailed explanation.
Have you considered this?:

  1. The error ERROR: Kibana keystore not found. Use 'create' command to create one. could be solved by creating it previously with kibana-keystore create.
  2. The warning Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider could be avoided by removing --openssl-legacy-provider from /opt/bitnami/kibana/config/node.options (OPTIONAL)

Could you give these a try and let me know if this solution work for you?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgomezleon dgomezleon Awaiting requested review from dgomezleon

At least 1 approving review is required to merge this pull request.

Assignees

@dgomezleon dgomezleon

Labels
in-progress kibana verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bitnami/kibana] Wrong ENV reference in libkibana.sh
3 participants
@chocolattej @dgomezleon @carrodher