Open Search and Azure AD integration issue

OpenSearch
,
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
version: 2.32.0
appVersion: “2.19.1”

Describe the issue:
I am trying to integrate with azure ad using OpenID.
but once adding configuration OpenSearch pod is continuously restarted

Configuration:
values

securityConfig:
  enabled: true
  path: "/usr/share/opensearch/config/opensearch-security"
  actionGroupsSecret:
  configSecret:
  internalUsersSecret:
  rolesSecret:
  rolesMappingSecret:
  tenantsSecret: # The following option simplifies securityConfig by using a single secret and
  config:
    # There are multiple ways to define the configuration here:
    # * If you define anything under data, the chart will automatically create
    #   a secret and mount it. This is best option to choose if you want to override all the
    #   existing yml files at once.
    # * If you define securityConfigSecret, the chart will assume this secret is
    #   created externally and mount it. This is best option to choose if your intention is to
    #   only update a single yml file.
    # * It is an error to define both data and securityConfigSecret.
    securityConfigSecret: ""
    dataComplete: true
    data: 
      config.yml: |-
        _meta:
          type: "config"
          config_version: 2
        config:
          dynamic:
            http:
              anonymous_auth_enabled: false
            authc:
              basic_internal_auth_domain:
                description: "Authenticate via HTTP Basic against internal users database"
                http_enabled: true
                transport_enabled: true
                order: 0
                http_authenticator:
                  type: basic
                  challenge: false
                authentication_backend:
                  type: intern
              openid_auth_domain:
                http_enabled: true
                transport_enabled: true
                order: 1
                http_authenticator:
                  type: openid
                  challenge: false
                  config:
                    subject_key: preferred_username
                    roles_key: roles
                    openid_connect_url: https://login.microsoftonline.com/<TENANT_ID>/v2.0/.well-known/openid-configuration
                authentication_backend:
                  type: noop    
   
      # internal_users.yml: |-
      # roles.yml: |-
      # roles_mapping.yml: |-
      # action_groups.yml: |-
      # tenants.yml: |-

How long to wait for opensearch to stop gracefully

Relevant Logs or Screenshots:

image
image1277×551 35.2 KB

2

@pablo please help me on this

3

@malyadri, I’ve checked your original post for values.yml content and see that you’ve only set the OpenSearch admin password in extraEnvs.
You’ll need to disable the OpenSearch demo security configuration to use your custom files.

- name: DISABLE_INSTALL_DEMO_CONFIG
  value: true

Also, you must provide content for the remaining files.

See my working example.

4
  • name: DISABLE_INSTALL_DEMO_CONFIG
    value: true

if i keep it this do i need to genarate certifactes ,
if requred then how to genarate using cert manager

5

@malyadri Yes, you must generate new SSL certificates.
You can use OpenSSL to achieve that.

Then mount certificates as a secret.