-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Unable to set OPENSEARCH_INITIAL_ADMIN_PASSWORD for bootstrap pod #759
Comments
I think that once/if #754 is merged, this problem will be solved. |
[Triage] Thank you |
I tried to create a cluster with the following config but it's not working with the same error
This should run a |
It works adding these env vars. The operator can add this var referencing the Secret its stored in with ValueFrom. I'll put up a PR tonight after work if I have time |
I opened #816. It may need some input/review from contributors/maintainers and additional changes. |
Couldn't get it working locally without this but the current code consistency works in CI so there must be something else missing. I'm thinking something is triggering the security plugin & security demo script some times |
Hmm I can't seem to repro on Github Actions even with the config that was causing me errors locally. Maybe there's some kind of race condition or something at play |
probably you can add bootstrap:
additionalConfig:
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'password' and it should work, cause operator merge this values to pod env |
I think it's still missing from one of the pods--maybe bootstrap pod Edit: Yeah it looks like that's static env vars for bootstrap pod https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/opensearch-operator/pkg/builders/cluster.go#L470 That was one of the things I adjusted in the PR (make sure all pods use common env vars) |
Also experiencing this issue when trying to create a 2.13.0 cluster. Do you have any ideas when a fix will be released? |
Hi hi, Is someone able to explain the current state. The PR #816 from @nijave looks promising in that regard. So is there anything we can do here to support that PR being merged? And in the meantime? Has anyone an Idea on how to bootstrap a cluster ? |
yeah, Install 2.11.0 and then upgrade to a version you want to. during upgrade, bootstrap pod is no longer used. |
My PR was meant to address an issue where the Opensearch security plugin seemingly gets activated but the operator doesn't correctly setup/bootstrap pods with an initial admin password that meets complexity requirements enforced by the security plugin. I don't completely understand how the security plugin works but it looks like this is largely out of scope of the operator and built-in to the Opensearch Docker container. I think installing the s3 repository plugin pulled in the Opensearch security plugin causing bootstrap to fail but I don't have a very good understanding of how this is supposed to work and couldn't reliably reproduce it. There are some docs somewhere for bootstrapping a cluster with your own credentials in the operator docs It seems like the operator should do something here to play nice with Opensearch security but I don't have enough knowledge and time to figure out the correct approach. |
I noticed, that as soon as I remove security:
tls:
http:
generate: true
transport:
generate: true
perNode: true |
Hey the Operator does not run I have added some details to this GitHub issue #703 (comment) for 2.12.0 version, please check. Also from the same comment #703 (comment) the default should be Also if the cluster already has the security index created, upgrading the cluster (>=2.12.0) does not impact the admin password or user as the security index already has the data. For new clusters the default is still Cluster spec
|
+1 |
What is the bug?
Unable to perform new deployment of opensearch
2.12.0
using opensearch-operator2.5.1
.How can one reproduce the bug?
Create clean opensearch
2.12.0
cluster using opensearch-operator2.5.1
.What is the expected behavior?
Cluster is up and running including
bootstrap
pod.What is your host/environment?
GKE (
1.27.8-gke.1067004
)Do you have any additional context?
Opensearch
2.12.0
explicitely requires to setOPENSEARCH_INITIAL_ADMIN_PASSWORD
environment variable for each pod. This is possible fornodePools
but not forbootstrap
pod, as the helm manifest only supportsadditionalConfig
, therefore pod is crashing.Setting up Custom Admin User does not help, as pod strictly requires
OPENSEARCH_INITIAL_ADMIN_PASSWORD
defined as the variable.The text was updated successfully, but these errors were encountered: