Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQUEST] [Upgrade] Add migration from ODFE demo certificates to generated ones #2129

Closed
8 of 11 tasks
to-bar opened this issue Mar 12, 2021 · 6 comments
Closed
8 of 11 tasks

[FEATURE REQUEST] [Upgrade] Add migration from ODFE demo certificates to generated ones #2129

to-bar opened this issue Mar 12, 2021 · 6 comments
Assignees
@przemyslavic @to-bar
Labels
area/logs area/security priority/high Task with high priority
Milestone
S20210617

Comments

@to-bar
Copy link
Contributor

to-bar commented Mar 12, 2021
edited by mkyc
Loading

Is your feature request related to a problem? Please describe.
We should remove demo certificates and replace them with self-generated.

Describe the solution you'd like
Using admin certificate is convenient for authentication to API. Installation of ODFE creates demo certificates and one of them is for admin user (kirk). This certificate can be used in apply mode but at the end it should be removed (other certificates to be checked). So it will be not available for upgrade mode.

Possible solutions (all assume that at least demo admin cert is removed):

  1. Generate self-signed certificates
  2. For upgrade mode use only password
  3. Allow user to provide their own certificates
  4. Mix from 1-3

Describe alternatives you've considered
See above.

Additional context
n/a

DoD checklist

  • Changelog updated
  • COMPONENTS.md updated / doesn't need to be updated
  • Feature has automated tests
  • Automated tests passed (QA pipelines)
    • apply
    • upgrade
  • Idempotency tested
  • Documentation added / updated / doesn't need to be updated
  • All conversations in PR resolved
  • Solution meets requirements and is done according to design doc
  • Usage compliant with license
@to-bar to-bar added this to the S20210325 milestone Mar 12, 2021
@mkyc
Copy link
Contributor

mkyc commented Mar 18, 2021

Passwords approach sounds simplest for now.

@rpudlowski93 rpudlowski93 self-assigned this Mar 24, 2021
@mkyc mkyc modified the milestones: S20210325, S20210408 Mar 25, 2021
@rpudlowski93
Copy link
Contributor

Done in PR : #1994

@przemyslavic przemyslavic self-assigned this Apr 2, 2021
@przemyslavic
Copy link
Collaborator

Looks like it's partially done. Changes were introduced in #1844 [PR #1994] for epicli apply and partially reverted in #2170 [PR #2174] for epicli upgrade.
Moving back to TODO to finish this task later or close it after discussion.

@rpudlowski93 rpudlowski93 removed their assignment Apr 6, 2021
@mkyc mkyc modified the milestones: S20210408, S20210422 Apr 8, 2021
@plirglo plirglo mentioned this issue Apr 15, 2021
Closed
3 tasks
This was referenced Apr 22, 2021
Closed
Closed
@mkyc mkyc modified the milestones: S20210422, S20210506 Apr 23, 2021
@mkyc mkyc modified the milestones: S20210506, S20210520 May 6, 2021
@to-bar to-bar changed the title [FEATURE REQUEST] Remove demo certificates after ODFE is installed [FEATURE REQUEST] Add migration from ODFE demo certificates to generated ones for upgrade mode May 14, 2021
@to-bar to-bar changed the title [FEATURE REQUEST] Add migration from ODFE demo certificates to generated ones for upgrade mode [FEATURE REQUEST] [Upgrade] Add migration from ODFE demo certificates to generated ones May 14, 2021
@plirglo plirglo modified the milestones: S20210520, S20210603 May 20, 2021
@mkyc mkyc modified the milestones: S20210603, S20210617 Jun 7, 2021
@mkyc
Copy link
Contributor

mkyc commented Jun 7, 2021

@to-bar @przemyslavic shouldn't it go first to 1.1.0 and then be back ported to 1.0.x?

@to-bar
Copy link
Contributor Author

to-bar commented Jun 8, 2021

@mkyc Yes, it should. Updated Releases.

@to-bar to-bar mentioned this issue Jun 10, 2021
Closed
10 tasks
@przemyslavic
Copy link
Collaborator

Tested logging component after refactoring:
✔️ epicli apply
✔️ epicli re-apply
✔️ epicli upgrade from v0.7 to develop
✔️ epicli upgrade from v0.8 to develop

@mkyc mkyc closed this as completed Jun 15, 2021
seriva added a commit that referenced this issue Jul 13, 2021
@seriva @to-bar
#2129 - Add migration from ODFE demo certificates to generated ones (#…
b75cf59 
…2427)

* #2129 - Add migration from ODFE demo certificates to generated ones

* Update core/src/epicli/data/common/ansible/playbooks/roles/opendistro_for_elasticsearch/defaults/main.yml

Co-authored-by: to-bar <[email protected]>

* Update core/src/epicli/data/common/ansible/playbooks/roles/opendistro_for_elasticsearch/defaults/main.yml

Co-authored-by: to-bar <[email protected]>

* - Removed unused parameter.

Co-authored-by: to-bar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@przemyslavic przemyslavic

@to-bar to-bar

Labels
area/logs area/security priority/high Task with high priority
Projects
None yet
Milestone
S20210617
Development

No branches or pull requests
6 participants
@seriva @mkyc @rpudlowski93 @przemyslavic @to-bar @plirglo