Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HELM charts distribution should reflect changes to default admin credentials in demo configuration #3711

Closed
4 tasks done
Tracked by #3623
DarshitChanpura opened this issue Nov 14, 2023 · 2 comments
Closed
4 tasks done
Tracked by #3623

HELM charts distribution should reflect changes to default admin credentials in demo configuration #3711

DarshitChanpura opened this issue Nov 14, 2023 · 2 comments
Assignees
@DarshitChanpura
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@DarshitChanpura
Copy link
Member

DarshitChanpura commented Nov 14, 2023
edited
Loading

This task ensures that the changes to default admin credentials are reflected in the HELM charts distribution.

Acceptance Criteria:

  • A cluster, via helm charts, should not spin-up if a weak password or no password is supplied.
  • The configuration should have an option to provide an admin password.
  • A call with admin:admin to the cluster should fail.
  • A call with admin: to the cluster should succeed.
@DarshitChanpura DarshitChanpura mentioned this issue Nov 14, 2023
Closed
9 tasks
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Nov 14, 2023
@davidlago davidlago added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Nov 20, 2023
@DarshitChanpura DarshitChanpura mentioned this issue Dec 7, 2023
Closed
3 tasks
@DarshitChanpura DarshitChanpura self-assigned this Dec 8, 2023
@derek-ho
Copy link
Collaborator

derek-ho commented Dec 8, 2023

opensearch-project/helm-charts#504 should also help with this

@DarshitChanpura
Copy link
Member Author

Tested with a 2.12 image. HELM cluster satisfies all acceptance criteria listed.

Expand to see the logs from different test scenarios:

modified values.yaml to point to opensearchstaging/opensearch:2.12.0 image

  1. no password supplied
➜  charts git:(admin-cred-update) ✗ helm install os -f ./opensearch/values.yaml ./opensearch
NAME: os
LAST DEPLOYED: Thu Jan  4 11:07:11 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Watch all cluster members come up.
  $ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w
➜  charts git:(admin-cred-update) ✗ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w

NAME                          READY   STATUS    RESTARTS   AGE
opensearch-cluster-master-0   0/1     Running   0          8s
opensearch-cluster-master-1   0/1     Running   0          8s
opensearch-cluster-master-2   0/1     Running   0          8s
opensearch-cluster-master-1   0/1     Error     0          11s
opensearch-cluster-master-2   0/1     Error     0          11s
opensearch-cluster-master-0   0/1     Error     0          11s
opensearch-cluster-master-1   0/1     Running   1 (2s ago)   12s
opensearch-cluster-master-2   0/1     Running   1 (2s ago)   12s
opensearch-cluster-master-0   0/1     Running   1 (2s ago)   12s
opensearch-cluster-master-0   0/1     Error     1 (9s ago)   19s
opensearch-cluster-master-2   0/1     Error     1 (9s ago)   19s
opensearch-cluster-master-1   0/1     Error     1 (10s ago)   20s
opensearch-cluster-master-1   0/1     CrashLoopBackOff   1 (4s ago)    22s
opensearch-cluster-master-2   0/1     CrashLoopBackOff   1 (4s ago)    22s
opensearch-cluster-master-0   0/1     CrashLoopBackOff   1 (4s ago)    22s
opensearch-cluster-master-1   0/1     Running            2 (17s ago)   35s
opensearch-cluster-master-2   0/1     Running            2 (17s ago)   35s
opensearch-cluster-master-0   0/1     Running            2 (20s ago)   38s
opensearch-cluster-master-2   0/1     Error              2 (21s ago)   39s
opensearch-cluster-master-1   0/1     Error              2 (21s ago)   39s
opensearch-cluster-master-0   0/1     Error              2 (23s ago)   41s
opensearch-cluster-master-0   0/1     CrashLoopBackOff   2 (1s ago)    42s
opensearch-cluster-master-1   0/1     CrashLoopBackOff   2 (4s ago)    42s
opensearch-cluster-master-2   0/1     CrashLoopBackOff   2 (4s ago)    42s
^C%                                                                                                                                 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗  kubectl logs opensearch-cluster-master-0
Defaulted container "opensearch" out of: opensearch, fsgroup-volume (init)
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.5.11-linuxkit aarch64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.12.0
Detected OpenSearch Security Version: 2.12.0.0
No custom admin password found. Please provide a password.
  1. weak password supplied in values.yaml
➜  charts git:(admin-cred-update) ✗ cat ./opensearch/values.yaml | grep -A 2 extraEnvs 
extraEnvs:
  - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
    value: admin
➜  charts git:(admin-cred-update) ✗ helm install os -f ./opensearch/values.yaml ./opensearch
NAME: os
LAST DEPLOYED: Thu Jan  4 11:15:44 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Watch all cluster members come up.
  $ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w
➜  charts git:(admin-cred-update) ✗ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w
NAME                          READY   STATUS    RESTARTS   AGE
opensearch-cluster-master-0   0/1     Running   0          6s
opensearch-cluster-master-1   0/1     Running   0          6s
opensearch-cluster-master-2   0/1     Running   0          6s
opensearch-cluster-master-1   0/1     Error     0          10s
opensearch-cluster-master-2   0/1     Error     0          10s
opensearch-cluster-master-0   0/1     Error     0          10s
opensearch-cluster-master-2   0/1     Running   1 (2s ago)   11s
opensearch-cluster-master-1   0/1     Running   1 (2s ago)   11s
opensearch-cluster-master-0   0/1     Running   1 (1s ago)   11s
opensearch-cluster-master-2   0/1     Error     1 (8s ago)   17s
opensearch-cluster-master-1   0/1     Error     1 (8s ago)   17s
opensearch-cluster-master-0   0/1     Error     1 (7s ago)   17s
opensearch-cluster-master-0   0/1     CrashLoopBackOff   1 (5s ago)   22s
opensearch-cluster-master-1   0/1     CrashLoopBackOff   1 (6s ago)   22s
opensearch-cluster-master-2   0/1     CrashLoopBackOff   1 (5s ago)   22s
^C%                                                                                                                                                                                                                                                                                                 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ 
➜  charts git:(admin-cred-update) ✗ kubectl logs opensearch-cluster-master-0                                                        
Defaulted container "opensearch" out of: opensearch, fsgroup-volume (init)
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.5.11-linuxkit aarch64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.12.0
Detected OpenSearch Security Version: 2.12.0.0
Password admin is weak. Please re-try with a stronger password.
  1. strong password is supplied
➜  charts git:(admin-cred-update) ✗ cat ./opensearch/values.yaml | grep -A 2 extraEnvs
extraEnvs:
  - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
    value: myStrongPassword123!
➜  charts git:(admin-cred-update) ✗ helm install os -f ./opensearch/values.yaml ./opensearch
NAME: os
LAST DEPLOYED: Thu Jan  4 11:18:25 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Watch all cluster members come up.
  $ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w
➜  charts git:(admin-cred-update) ✗ kubectl get pods --namespace=default -l app.kubernetes.io/component=opensearch-cluster-master -w
NAME                          READY   STATUS    RESTARTS   AGE
opensearch-cluster-master-0   0/1     Running   0          4s
opensearch-cluster-master-1   0/1     Running   0          4s
opensearch-cluster-master-2   0/1     Running   0          4s
opensearch-cluster-master-2   0/1     Running   0          21s
opensearch-cluster-master-1   1/1     Running   0          21s
opensearch-cluster-master-0   1/1     Running   0          21s
opensearch-cluster-master-2   1/1     Running   0          21s
^C%                                                                                                                                                                                                                                                                                                 
➜  charts git:(admin-cred-update) ✗
➜  charts git:(admin-cred-update) ✗ kubectl get pods,svc
NAME                              READY   STATUS    RESTARTS   AGE
pod/opensearch-cluster-master-0   1/1     Running   0          25m
pod/opensearch-cluster-master-1   1/1     Running   0          25m
pod/opensearch-cluster-master-2   1/1     Running   0          25m

NAME                                         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
service/kubernetes                           ClusterIP   10.96.0.1      <none>        443/TCP                      2d
service/opensearch-cluster-master            ClusterIP   10.107.90.78   <none>        9200/TCP,9300/TCP            25m
service/opensearch-cluster-master-headless   ClusterIP   None           <none>        9200/TCP,9300/TCP,9600/TCP   25m
➜  charts git:(admin-cred-update) ✗ kubectl port-forward service/opensearch-cluster-master 9200:9200
Forwarding from 127.0.0.1:9200 -> 9200
Forwarding from [::1]:9200 -> 9200
Handling connection for 9200
Handling connection for 9200

simultaneously, in another terminal:

➜  charts git:(admin-cred-update) ✗ curl -XGET https://localhost:9200/ -k -u admin:admin                               
➜  charts git:(admin-cred-update) ✗ curl -XGET https://localhost:9200/ -k -u admin:myStrongPassword123!                
{
  "name" : "opensearch-cluster-master-0",
  "cluster_name" : "opensearch-cluster",
  "cluster_uuid" : "33mBOoXCSZC-dvez-pa6yw",
  "version" : {
    "distribution" : "opensearch",
    "number" : "2.12.0",
    "build_type" : "tar",
    "build_hash" : "56eb55dd2ab143a91fbbb4ead0ea9b15853861ab",
    "build_date" : "2024-01-02T01:36:41.303539435Z",
    "build_snapshot" : false,
    "lucene_version" : "9.8.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
➜  charts git:(admin-cred-update) ✗

logged in to a container to verify:

sh-5.2$ curl -XGET https://0.0.0.0:9200/ -k -u admin:admin
sh-5.2$ curl -XGET https://0.0.0.0:9200/ -k -u admin:myStrongPassword123!
{
  "name" : "opensearch-cluster-master-0",
  "cluster_name" : "opensearch-cluster",
  "cluster_uuid" : "33mBOoXCSZC-dvez-pa6yw",
  "version" : {
    "distribution" : "opensearch",
    "number" : "2.12.0",
    "build_type" : "tar",
    "build_hash" : "56eb55dd2ab143a91fbbb4ead0ea9b15853861ab",
    "build_date" : "2024-01-02T01:36:41.303539435Z",
    "build_snapshot" : false,
    "lucene_version" : "9.8.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
sh-5.2$

@prudhvigodithi prudhvigodithi mentioned this issue Feb 7, 2024
Merged
3 tasks
This was referenced Feb 20, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DarshitChanpura DarshitChanpura

Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidlago @derek-ho @DarshitChanpura