[BUG] cannot curl opensearch as described in docs for 2.12.0

ajbeach2 commented 3 months ago

Describe the bug

I am starting docker container with the following (which is directly from docs) https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/

 docker run -d -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=$w#ubWY7q*62@%" opensearchproject/opensearch:2.12.0

Running curl:

 curl -v https://localhost:9200 -ku 'admin:$w#ubWY7q*62@%'
*   Trying [::1]:9200...
* Connected to localhost (::1) port 9200
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Request CERT (13):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Certificate (11):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=de; L=test; O=node; OU=node; CN=node-0.example.com
*  start date: Aug 29 04:23:12 2023 GMT
*  expire date: Aug 26 04:23:12 2033 GMT
*  issuer: DC=com; DC=example; O=Example Com Inc.; OU=Example Com Inc. Root CA; CN=Example Com Inc. Root CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
* Server auth using Basic with user 'admin'
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46JHcjdWJXWTdxKjYyQCU=
> User-Agent: curl/8.4.0
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="OpenSearch Security"
< content-type: text/plain; charset=UTF-8
< content-length: 0
<

Related component

Other

To Reproduce

docker run -d -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=$w#ubWY7q*62@%" opensearchproject/opensearch:2.12.0

then

curl -v https://localhost:9200 -ku 'admin:$w#ubWY7q*62@%'

which returns 401

Expected behavior

docs work as described.

Additional Details

No response

ajbeach2 commented 3 months ago

issue seems to be password, i tried a different password and it seems to work. Escaping issue maybe?

jlopezcrd commented 3 months ago

I have the same problem when I've tried to start opensearch via "docker compose" and via CLI works well.

Exporting OPENSEARCH_INITIAL_ADMIN_PASSWORD variable startup, fails:

export OPENSEARCH_INITIAL_ADMIN_PASSWORD=hdgsdhdHGa12bas

docker compose up

No custom admin password found. Please provide a password via the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD.

Setting OPENSEARCH_INITIAL_ADMIN_PASSWORD in docker-compose.yml, fails:

opensearch:
    image: opensearchproject/opensearch:latest
    container_name: opensearch
    environment:
      - cluster.name=opensearch-cluster
      - node.name=opensearch
      - discovery.seed_hosts=opensearch
      - cluster.initial_cluster_manager_nodes=opensearch
      - bootstrap.memory_lock=true
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=hdgsdhdHGa12bas

[opensearch] Authentication finally failed for admin from XXXXX:56792

Running via cli, works well:

docker run --rm -it -p 9200:9200 -p 9600:9600 -e OPENSEARCH_INITIAL_ADMIN_PASSWORD="hdgsdhdHGa12bas" -e "discovery.type=single-node" --name opensearch-node opensearchproject/opensearch:latest

dblock commented 3 months ago

This is because $w tries to resolve a variable called w.

$ echo "$w#ubWY7q*62@%"
#ubWY7q*62@%

Single quotes would work.

$ echo '$w#ubWY7q*62@%'
$w#ubWY7q*62@%

We may want to update docs to say something to this effect. Please feel free to PR!

opensearch-project / OpenSearch