⚓ T313868 OpenSearch Security plugin packaging

Status	Assigned	Task
Resolved	fgiunchedi	T213157 Increase utilization of application logging pipeline (FY2018-2019 Q3 TEC6)
Resolved	fgiunchedi	T220103 TEC6: Logging infrastructure (Q4 2018/19 goal)
Open	colewhite	T213902 Implement sensitive logstash access control
Resolved	colewhite	T313868 OpenSearch Security plugin packaging

colewhite created this task.Jul 26 2022, 10:31 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2022, 10:31 PM

colewhite moved this task from Inbox to Prioritized on the Observability-Logging board.Jul 26 2022, 10:32 PM

colewhite added a project: SRE Observability (FY2022/2023-Q2).Aug 10 2022, 7:09 PM

• lmata triaged this task as Medium priority.Jan 12 2023, 6:48 PM

• lmata edited projects, added SRE Observability (FY2022/2023-Q4); removed SRE Observability (FY2022/2023-Q2).

Upstream has released a deb package which is the path of least friction to getting the security plugin installed. Requires executing an upgrade on all environments.

Phase 1:

OpenSearch:

Use upstream's deb.

Requires plugins.security.disabled: true post-upgrade. This config cannot be pre-provisioned because without the security plugin installed, OpenSearch will fail to start.

OpenSearch Dashboards:

Can be upgraded to use upstream packages whenever as there is no conflict as long as these plugins are removed on install:

securityDashboards

notificationDashboards

indexManagementDashboards