-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] KEYSTORE_PASSWORD Failed to read keystore password on console #12312
Comments
@derek-ho For us this issue has been around since the projects inception, it would just be a matter of adjusting the OpenSearch file to handle the KEYSTORE_PASSWORD as an environment variable. We deploy OpenSearch using tar.gz using ansible on Ubuntu. We haven't had a requirement for this feature to work until now. Happy to put in pull request, but will need to work through the process of how to do this appropriately for this project. |
@tastyfrankfurt @peternied this is not related to the default password, but let me see if some of our experience might help. Can you share what platform you are using? Are you using the ansible-playbook? Here we have admin-password being set into the playbook: https://github.com/search?q=repo%3Aopensearch-project%2Fansible-playbook%20admin_password&type=code, but not too familiar with how the KEYSTORE_PASSWORD is being used by Opensearch, can you share some more around that? If I am reading the situation right, you may need to make a PR against the ansible playbook to pass in the env variable similar to this - https://github.com/opensearch-project/ansible-playbook/blob/d1a1af02b2a2b9994dc0748bf6abfb3b0c7c7c5d/roles/linux/opensearch/tasks/security.yml#L225. Let me know if that solves for your use case! |
I think this is the correct file actually: https://github.com/opensearch-project/ansible-playbook/blob/d1a1af02b2a2b9994dc0748bf6abfb3b0c7c7c5d/roles/linux/opensearch/tasks/opensearch.yml |
@derek-ho @peternied
Basically lines 39 and 40, make the environment variable equal nothing. Also CHECK_KEYSTORE is set to true implicitly with no check for an existing environment variable. My code changes would be to [[ -z "${CHECK_KEYSTORE }" ]] && CHECK_KEYSTORE=true and delete lines 39 and 40 |
Describe the bug
When setting the KEYSTORE_PASSWORD environment variable the opensearch start command unsets this environment variable. The if statement then errors out as failed to read keystore password on conole.
Related component
Build
To Reproduce
Expected behavior
Service starts and decrypts all secrets in the keystore.
Additional Details
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: