-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opensearch helm chart failing to install due to transport SSL layer initialization error #587
Comments
Same problem here |
[Triage] |
solved using below configuration. @gabriel-suela contents in config:
opensearch.yml: |
cluster.name: opensearch-cluster
# Bind to all interfaces because we don't know what IP address Docker will assign to us.
network.host: 0.0.0.0
# Start OpenSearch Security Demo Configuration
# WARNING: revise all the lines below before you go into production
plugins:
security:
ssl:
transport:
pemcert_filepath: esnode.pem
pemkey_filepath: esnode-key.pem
pemtrustedcas_filepath: root-ca.pem
enforce_hostname_verification: false
http:
enabled: true
pemcert_filepath: esnode.pem
pemkey_filepath: esnode-key.pem
pemtrustedcas_filepath: root-ca.pem
allow_unsafe_democertificates: true
allow_default_init_securityindex: true
authcz:
admin_dn:
- CN=kirk,OU=client,O=client,L=test,C=de
audit.type: internal_opensearch
enable_snapshot_restore_privilege: true
check_snapshot_restore_write_privileges: true
restapi:
roles_enabled: ["all_access", "security_rest_api_access"]
system_indices:
enabled: true
indices:
[
".opendistro-alerting-config",
".opendistro-alerting-alert*",
".opendistro-anomaly-results*",
".opendistro-anomaly-detector*",
".opendistro-anomaly-checkpoints",
".opendistro-anomaly-detection-state",
".opendistro-reports-*",
".opendistro-notifications-*",
".opendistro-notebooks",
".opendistro-asynchronous-search-response*",
]
extraEnvs:
- name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
value: <your_admin_password | change it> Helm Chart Version: opensearch-2.25.0 Installation command: helm install -n opensearch opensearch ./opensearch-2.25.0.tgz -f values.yaml |
@jerry0li I am still getting an error when trying to connect with plain http:
I just need to disable tls but would like to keep the authentication. |
@timbastin Sry for the late response. You may give more details about your configuration I suppose. It's hard to find the root cause of your error. |
Adding @cwperks to provide some insights. |
Description
It is more like a lack of documentation I guess. I don't want to cope with anything about certificate but only need to use user-password authentication as in an air-gap environment.
However, I can't find a precise documentation about this.
To Reproduce
Steps to reproduce the behavior:
contents in
values.yaml
:install opensearch via the following cmd.
Error msg:
Chart Name
opensearch
Host/Environment (please complete the following information):
Additional context
Just thank you for reading this and helping a distressed developer 😄
The text was updated successfully, but these errors were encountered: