要約

Bitbucket ships with OpenSearch from version 7.21.0 onwards. It has an inbuilt user to connect to the search server to authenticate. But sometimes you might want to create your own user to connect Bitbucket to OpenSearch. The procedure is a bit different compared to how it was with ElasticSearch.

環境

Bitbucket verison 7.21.0 with bundled OpenSearch instance.

ソリューション

• Add a new user "testuser" in the <Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml file like below: 
  

  _meta:
    type: "internalusers"
    config_version: 2
  
  bitbucket:
    # Default "bitbucket-changeit" password which will be updated by automatic provisioning
    hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC"
    backend_roles:
      - "admin"
    description: "Admin user"
  
  testuser:
    hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC"
    backend_roles:
      - "admin"
    description: "Admin user"

• Run the hash.sh script in the location <Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/tools/ and it'll prompt you for a password. Enter a password and note it down. This will be the password for the new user. Also note down the hash output of the script

• Update the hash in the internal_users.yml with the output of the hash.sh script.

  _meta:
    type: "internalusers"
    config_version: 2
  
  bitbucket:
    # Default "bitbucket-changeit" password which will be updated by automatic provisioning
    hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC"
    backend_roles:
      - "admin"
    description: "Admin user"
  
  
  testuser:
    hash: "Q/aQ3ooqZMfUAXlaM7iadeqR9DJ08iwX1O3yFKtKlzcCwNEvPO/Ei"
    backend_roles:
      - "admin"
    description: "Admin user"

• Run the securityadmin.sh script as mentioned in the kb.