Issue Updating Admin Password in OpenSearch Cluster #919
Replies: 1 comment 1 reply
-
|
password: YWRtaW4xMjMK Both Password and hash key is matching. If you are trying to change the password from existing default password 'admin123' to some other password, you need to generate new hash key according to the password you choose and update in securityconfig file. You have multiple ways of generating hash key. one easier approach is to use the online for testing purpose https://bcrypt.online/ With the existing secret, can you try deploying this opensearch.yml which is attached herewith and see if it works? this is my working yaml file. Change the name of the secret as per your secret name NOTE: some reason yaml is not formatting properly in github. I could not attach .yaml file too. #Minimal configuration of a cluster with version 2.X of the operator.
#Note the replacement of 'master' role with 'cluster_manager' on line 49
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
name: opensearch
namespace: demo
spec:
security:
config:
adminCredentialsSecret:
name: admin-credentials-secret # The secret with the admin credentials for the operator to use
securityConfigSecret:
name: securityconfig-secret # The secret containing your customized securityconfig
tls:
http:
generate: true
transport:
generate: true
perNode: true
general:
setVMMaxMapCount: false
httpPort: 9200
serviceName: opensearch
version: 2.14.0
pluginsList: ["repository-s3"]
drainDataNodes: true
dashboards:
opensearchCredentialsSecret:
name: dashboards-credentials # This is the name of your secret that contains the credentials for Dashboards to use
tls:
enable: true
generate: true
version: 2.14.0
enable: true
replicas: 1
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
nodePools:
- component: masters
replicas: 3
resources:
requests:
memory: "4Gi"
cpu: "1000m"
limits:
memory: "4Gi"
cpu: "1000m"
roles:
- "data"
- "cluster_manager"
- component: nodes
replicas: 3
resources:
requests:
memory: "4Gi"
cpu: "2000m"
limits:
memory: "4Gi"
cpu: "2000m"
roles:
- "data"
- component: coordinators
replicas: 1
resources:
requests:
memory: "4Gi"
cpu: "2000m"
limits:
memory: "4Gi"
cpu: "2000m"
roles:
- "ingest" |
Beta Was this translation helpful? Give feedback.
-
|
Hi @arshashi , Thank you for the quick response. I noticed an extra newline added to the password. After updating it, I was able to deploy successfully and access the OpenSearch Dashboard and API with the new password. However, I am continuously seeing the following error in the master logs: [opensearch-cluster-masters-1] Authentication finally failed for admin from Thank you, |
Beta Was this translation helpful? Give feedback.
-
Hi Everyone,
I have installed the OpenSearch Operator 2.7.0 and OpenSearch 2.18.0. I am trying to update the default password for the admin user in a running cluster, but it's not working. I am seeing the following error in the OpenSearch control manager logs:
`{"level":"error","ts":"2024-12-20T05:27:04.744Z","msg":"Reconciler error","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-cluster","namespace":"opensearch"},"namespace":"opensearch","name":"opensearch-cluster","reconcileID":"c4b4a708-0ce1-409f-a2ad-d768e9a54baa","error":"invalid character 'U' looking for beginning of value","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
Below are my configurations:
`
admin-credentials-secret
apiVersion: v1
kind: Secret
metadata:
name: admin-credentials-secret
type: Opaque
data:
username: YWRtaW4K
password: YWRtaW4xMjMK
securityconfig-secret
apiVersion: v1
kind: Secret
metadata:
name: securityconfig-secret
type: Opaque
stringData:
internal_users.yml: |-
_meta:
type: "internalusers"
config_version: 2
admin:
hash: "$2a$12$3JzOYiqouXSu2m5GbVcct.KAmt0KJQGq75eO66P6RM7nkIlPYSidm"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
dashboarduser:
hash: "$2a$12$3JzOYiqouXSu2m5GbVcct.KAmt0KJQGq75eO66P6RM7nkIlPYSidm"
reserved: true
description: "Demo OpenSearch Dashboards user"
values yaml file
security:
config:
adminCredentialsSecret:
name: admin-credentials-secret
securityConfigSecret:
name: securityconfig-secret
dashboards:
opensearchCredentialsSecret:
name: admin-credentials-secret``
I would appreciate any guidance on what might be causing this issue and how to resolve it. Thank you!
Beta Was this translation helpful? Give feedback.
All reactions