Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial_admin_password parameter #51

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add initial_admin_password parameter #51

wants to merge 1 commit into from

Conversation

crazymind1337
Copy link
Member

Latest opensearch requires an initial password set via environment variable.

See also: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/debian/#step-1-download-and-install-opensearch

@crazymind1337 crazymind1337 force-pushed the add_initial_password branch 3 times, most recently from 9f02740 to 495016a Compare February 26, 2024 09:42
bastelfreak
bastelfreak reviewed Feb 26, 2024
View reviewed changes
manifests/init.pp
@@ -116,6 +118,7 @@
Enum['x64', 'arm64'] $package_architecture,
Enum['dpkg', 'rpm'] $package_provider,
Hash $default_settings,
String[1] $initial_admin_password,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it probably makes sense to support Sensitive here?

baurmatt
baurmatt reviewed Feb 26, 2024
View reviewed changes
manifests/install/package.pp
@@ -61,9 +61,15 @@
}
}

exec { 'set_initial_password_environment':
path => $facts['path'],
command => "env OPENSEARCH_INITIAL_ADMIN_PASSWORD=${opensearch::initial_admin_password}",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work as it's only valid for the exec :)

@crazymind1337 crazymind1337 marked this pull request as draft April 22, 2024 05:05
@smortex
Copy link
Member

smortex commented May 15, 2024

Attempting to cope with the OPENSEARCH_INITIAL_ADMIN_PASSWORD mess seems a waste of time, and fixing upsteam to stop that mess seems a better plan. I opened opensearch-project/security#4344 to discuss an escape plan. Feel free to comment there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

@baurmatt baurmatt baurmatt left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@crazymind1337 @smortex @bastelfreak @baurmatt