How to add a new user to the bundled OpenSearch in Bitbucket Server
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Bitbucket ships with OpenSearch from version 7.21.0 onwards. It has an inbuilt user to connect to the search server to authenticate. But sometimes you might want to create your own user to connect Bitbucket to OpenSearch. The procedure is a bit different compared to how it was with ElasticSearch.
The OpenSearch that is bundled with Bitbucket is designed to be used as it is. We will be supporting if any issues with using it in the way it was intended (the user we ship with, automatic provisioning, etc.). The contents in this article is provided for reference only and Atlassian support does not guarantee providing any support for it.
Environment
Bitbucket verison 7.21.0 with bundled OpenSearch instance.
Solution
Add a new user "testuser" in the
<Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/securityconfig/internal_users.ymlfile like below:_meta: type: "internalusers" config_version: 2 bitbucket: # Default "bitbucket-changeit" password which will be updated by automatic provisioning hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user" testuser: hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user"- Run the
hash.shscript in the location<Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/tools/and it'll prompt you for a password. Enter a password and note it down. This will be the password for the new user. Also note down the hash output of the script Update the hash in the
internal_users.ymlwith the output of thehash.shscript._meta: type: "internalusers" config_version: 2 bitbucket: # Default "bitbucket-changeit" password which will be updated by automatic provisioning hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user" testuser: hash: "Q/aQ3ooqZMfUAXlaM7iadeqR9DJ08iwX1O3yFKtKlzcCwNEvPO/Ei" backend_roles: - "admin" description: "Admin user"- Run the securityadmin.sh script as mentioned in the kb.