Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
not getting that far
Describe the issue:
I can’t get the container to start kubernetes no matter what I do.
Exception updating the admin password : Unable to update the internal users file with the hashed password.
Configuration:
Relevant Logs or Screenshots:
Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for ‘admin’ user.
Please define an environment variable ‘OPENSEARCH_INITIAL_ADMIN_PASSWORD’ with a strong password string.
If a password is not provided, the setup will quit.
For more details, please visit: Docker - OpenSearch Documentation
OpenSearch Security Demo Installer
** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.6.32-talos amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.12.0
Detected OpenSearch Security Version: 2.12.0.0
Admin password set successfully.
Exception updating the admin password : Unable to update the internal users file with the hashed password.
apiVersion: v1
kind: Secret
metadata:
name: graylog-secret
type: Opaque
stringData:
OPENSEARCH_JAVA_OPTS: “-Xms1g -Xmx1g”
action.auto_create_index: “false”
bootstrap.memory_lock: “true”
discovery.type: “single-node”
DISABLE_INSTALL_DEMO_CONFIG: “false”
data:
OPENSEARCH_INITIAL_ADMIN_PASSWORD: “base64password”
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.32.0 (765fde254)
labels:
io.kompose.service: opensearch
name: opensearch
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: opensearch
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.32.0 (765fde254)
labels:
io.kompose.network/graylog-default: “true”
io.kompose.service: opensearch
spec:
securityContext:
fsGroup: 1000
containers:
- name: opensearch
image: opensearchproject/opensearch:2.12.0
envFrom:
- secretRef:
name: graylog-secret
optional: false
securityContext:
seccompProfile:
type: RuntimeDefault # or “Localhost”
capabilities:
drop: [‘ALL’]
add: [‘NET_BIND_SERVICE’]
volumeMounts:
- mountPath: /usr/share/opensearch/data
name: os-data
volumeMounts:
- name: config-volume
mountPath: /usr/share/opensearch/config
readOnly: true
volumes:
- name: config-volume
configMap:
name: opensearch-config
- name: os-data
persistentVolumeClaim:
claimName: os-data
restartPolicy: Always
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE
graylog-data Bound pvc-42afe000-7b0c-403b-b893-7c3a38a82931 100Mi RWO k8s-cephfs 3m54s
graylog-journal Bound pvc-a1d92cc0-81ca-4ce3-81fa-dcddd7567a28 100Mi RWO k8s-cephfs 3m54s
mongodb-data Bound pvc-e60dde2b-322e-4105-8125-c1757cb1995d 1000Mi RWO k8s-cephfs 3m54s
os-data Bound pvc-0fda4bc6-d87b-455f-bd12-a89a5d620268 100Mi RWO k8s-cephfs 3m53s