-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Can't change default admin. #867
Comments
This was my fault, I researched forward and found out I hadn't deleted the PVC's from the initial cluster. |
The masters now bootstrap, but the dashboard won't: Dashboard pod logs:
Node log:
Namespace overview: NAME READY STATUS RESTARTS AGE
pod/opensearch-controller-manager-76d984bff-bb5vc 2/2 Running 0 96m
pod/opensearch-fluentd-dashboards-788d986f54-dzrwm 0/1 Running 2 (103s ago) 8m23s
pod/opensearch-fluentd-masters-0 1/1 Running 0 8m24s
pod/opensearch-fluentd-masters-1 1/1 Running 0 5m50s
pod/opensearch-fluentd-masters-2 1/1 Running 0 4m15s
pod/opensearch-fluentd-securityconfig-update-nj295 0/1 Completed 0 8m24s I tried giving the same credentials as the admin user:
I tried creating new credentials and adding them instead, I tried giving no special credentials to the dashboards, it's simply not working. EDIT: UPDATE: Operator logs:
Node logs:
curl test:
|
Hey @mvtab. I was able to change the default admin fine. I did not use python libs though to generate the salt. Here is my script for generating the salt that was executed in Ubuntu 22.04: opensearch_pass=$(openssl rand -base64 24)
echo $opensearch_pass
htpasswd -bnBC 8 "" $opensearch_pass | grep -oP '\$2[ayb]\$.{56}' Here is my opensearchcluster crd apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
annotations:
meta.helm.sh/release-name: opensearch-cluster
meta.helm.sh/release-namespace: logging
creationTimestamp: "2024-08-16T21:31:30Z"
finalizers:
- Opster
generation: 2
labels:
app.kubernetes.io/managed-by: Helm
name: opensearch-cluster
namespace: logging
resourceVersion: "144312069"
uid: 5da5873b-9705-4ff0-8a48-bb05cb914edb
spec:
bootstrap:
resources: {}
confMgmt: {}
dashboards:
enable: true
opensearchCredentialsSecret:
name: admin-credentials-secret
replicas: 1
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
service:
type: ClusterIP
version: 2.3.0
general:
drainDataNodes: true
httpPort: 9200
monitoring: {}
pluginsList:
- repository-s3
serviceName: opensearch-cluster
setVMMaxMapCount: true
vendor: opensearch
version: 2.3.0
initHelper:
resources: {}
nodePools:
- component: masters
diskSize: 30Gi
replicas: 3
resources:
limits:
cpu: 500m
memory: 2Gi
requests:
cpu: 500m
memory: 2Gi
roles:
- master
- data
security:
config:
adminCredentialsSecret:
name: admin-credentials-secret
adminSecret: {}
securityConfigSecret:
name: securityconfig-secret
updateJob:
resources: {}
tls:
http:
caSecret: {}
generate: true
secret: {}
transport:
caSecret: {}
generate: true
secret: {}
status:
availableNodes: 3
componentsStatus:
- component: Restarter
status: Finished
health: green
initialized: true
phase: RUNNING
version: 2.3.0 The 2 secrets that was added + # Source: secret/templates/secret.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app: securityconfig-secret
+ chart: secret
+ heritage: Helm
+ release: securityconfig-secret
+ name: securityconfig-secret
+ data:
+ action_groups.yml: '++++++++ # (49 bytes)'
+ config.yml: '++++++++ # (364 bytes)'
+ internal_users.yml: '++++++++ # (1689 bytes)'
+ nodes_dn.yml: '++++++++ # (44 bytes)'
+ roles.yml: '++++++++ # (6287 bytes)'
+ roles_mapping.yml: '++++++++ # (464 bytes)'
+ tenants.yml: '++++++++ # (44 bytes)'
+ whitelist.yml: '++++++++ # (46 bytes)'
+ type: Opaque + # Source: secret/templates/secret.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app: admin-credentials-secret
+ chart: secret
+ heritage: Helm
+ release: admin-credentials-secret
+ name: admin-credentials-secret
+ data:
+ password: '++++++++ # (32 bytes)'
+ username: '++++++++ # (5 bytes)'
+ type: Opaque One last thing. I am using open-search operator version: Hope this helps |
I really don't understand why, but apparently I was using an extremely old version of the chart: 2.3.0. Current is 2.23.1. Closing this. |
Bug description
The default admin password can not be changed.
Related to #409
Reproduction steps
I have an Ansible setup and would like to provision an opensearch cluster with custom credentials. The steps I followed are the following:
echo <> | base64
and create secret with the values,python -c 'import bcrypt; print(bcrypt.hashpw("<password>".encode("utf-8"), bcrypt.gensalt(12, prefix=b"2a")).decode("utf-8"))'
and put it in the example securityconfig,All together in a file:
Expected behavior
I would expect a working cluster to be bootstrapped with the new admin credentials.
Actual behavior
Cluster does not bootstrap at all, showing this error on all opensearch nodes:
opensearch-fluentd-securityconfig-update logs:
last logs in bootstrap node:
Environment
Kubernetes operating system: opensuse-leap-15.6
Container environment:
Kubernetes version: 1.30.3
Opensearch version: 2.15.0
The text was updated successfully, but these errors were encountered: