-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include the certificate management tool in docker distribution #1363
Comments
Adding logs for OpenSearch docker run today. the demo certificates are by default enabled as seen.
|
Added a new volume Logs that show how subsequent
|
@setiah Is this issue still valid? Can we close it for now? |
@setiah @davidlago @peternied Is this issue still valid? Can we close it for now? |
The docker distribution should not be treated differently from other distributions in the certificate space - lets close out this issue as not planned. |
Is your feature request related to a problem? Please describe.
Today, the OpenSearch docker distribution comes pre-installed with demo certificates. The intention is to replace the insecure demo certificates with self-signed certificates as discussed in opensearch-project/OpenSearch#1618 (point 2).
Describe the solution you'd like
Package the certificate management tool (provided in opensearch-project/OpenSearch#1633) in the docker distribution. While instantiating the container, check if the certificates are present in the respective mounted volume that holds the
config
. If missing, it should run the certificate management tool to create self-signed certificates with default arguments before bootstrapping OpenSearch. If present, skips the certificate generation and rely on user provided certificates and yml configurations.Implementation task details
replace install_demo_configurations.sh with cert-management-tool from Provide a certificate management tool for opensearch distributions OpenSearch#1633.docker-compose.yml
based on new dockerfileRelated to opensearch-project/OpenSearch#1618
The text was updated successfully, but these errors were encountered: