1

According to the documentation, the REST API of OpenGrok is unauthenticated on localhost, but requires authentication from any other application.

In my K8S setup I want to run OpenGrok (the standard opengrok/docker:1.7 one) as a container, but to do the source update/checkout myself and also re-index after source updates. I have an opengrok container running and a src-update container. They share 3 volumes (/opengrok/src,/opengrok/etc,/opengrok/data).

The opengrok container is configured with a REST_TOKEN value and a SYNC_PERIOD_MINUTES value of 0 to disable the indexing. The src-update container runs and refreshes the codebases, and then runs the opengrok-indexer to re-index the data and notify (via the -U option) the opengrok container that the index has changed. When the opengrok-indexer runs it indexes OK, but fails with a HTTP 401 error when trying to PUT the updated configuration on the opengrok server:

2021-12-08 16:01:03.980+0000 SEVERE t1 Indexer.sendToConfigHost: Failed to send configuration to http://opengrok-service:8080 (is web application server running with opengrok deployed?)
java.io.IOException: InboundJaxrsResponse{context=ClientResponse{method=PUT, uri=http://opengrok-service:8080/api/v1/configuration?reindex=true, status=401, reason=Unauthorized}}
at org.opengrok.indexer.configuration.RuntimeEnvironment.writeConfiguration(RuntimeEnvironment.java:1462)
at org.opengrok.indexer.index.Indexer.sendToConfigHost(Indexer.java:1157)
at org.opengrok.indexer.index.Indexer.main(Indexer.java:383)

This is the command I am running on the source-updating container. The environment value OPENGROK_REST_TOKEN is the same value passed to the opengrok container as REST_TOKEN.

opengrok-indexer \
    -J=-Djava.util.logging.config.file=/opt/opengrok/repo-mgmt/config/opengrok-logging.properties \
    -a /opengrok/lib/opengrok.jar -- \
    --progress -c /usr/local/bin/ctags \
    -s /opengrok/src -d /opengrok/data -H -S -G \
    --token $OPENGROK_REST_TOKEN \
    -W /opengrok/etc/configuration.xml -U http://opengrok-service:8080

I looked at the /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml file on the opengrok container and I do not see any security configuration in there.

What am I doing wrong or missing in my configuration? What is the best way to provide the authentication required for the REST API from the source-update container?

JohnXF
  • 972
  • 9
  • 22

1 Answers1

0

You need to set the Token in the configuration.xml file (-W parameter), with the following:

<void property="authenticationTokens">
    <void method="add">
        <string>TOKEN</string>
    </void>
</void>
Marcelo Ávila de Oliveira
  • 19,950
  • 3
  • 39
  • 50