-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Fix bootstrapping with default credentials #816
base: main
Are you sure you want to change the base?
Conversation
2ed94dc
to
ec6c66c
Compare
return "admin", "admin", nil | ||
// minimum 8 character password and must contain at least one uppercase letter, | ||
// one lowercase letter, one digit, and one special character | ||
return "admin", "0penS3@rch!", nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about this part. admin
didn't meet the default security requirements. Maybe this should be randomly generated instead (it'll get stored in the Secret object for admins to retrieve).
If this should be randomly generated, I could use some guidance if there is any existing code to assist or commonly used libraries.
With these changes, I'm able to bootstrap a cluster using the following CRD
|
- Set a more complex default password--not sure if there are documentation updates that need to go with this. - Consolidate env var generation that's the same between STS/Bootstrap into a convient function. - Update the example password in docs to fulfill complexity requirements. Signed-off-by: Nick Venenga <[email protected]>
ec6c66c
to
d46cbe8
Compare
Merging is blocked? |
I couldn't repro in the CI environment. Not sure why it failed on my cluster (and apparently some other people's) GitHub Actions CI looks like a standard cluster |
I want to generate a random password when opensearch is started, the operator can do that ? Thanks. |
}}, | ||
}, | ||
{ | ||
Name: "OPENSEARCH_INITIAL_ADMIN_PASSWORD", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does the 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' means? I only see the definition here, but I can't find a place to use this environment variable. Did I miss something? Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yiippee it is env. variable which needs to be set prior running the pod. https://opensearch.org/blog/replacing-default-admin-credentials/
I need this to set up my first 2.18 cluster. What are the next steps? Can I contribute? |
Description
username
parameter. Since I'm adding an additional parameter it seemed fair to remove one that appeared unused to limit how many parameters are being passed around. However, it's unclear if this interface is expected to be stable or is consumed outside the codebase.Issues Resolved
#759
Check List
make lint
)If CRDs are changed:
make manifests
) and also copied into the helm chartPlease refer to the PR guidelines before submitting this pull request.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.