-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Admin password getting lost after pod restart #417
Comments
We'll also need to update the doc: |
Thank you @git-hyagi for pointing out that this is an issue in the image itself[0]. [0] https://github.com/pulp/pulp-oci-images/blob/latest/images/assets/pulp-api#L19-L27 |
It sounds like we need to write a file 'password-has-been-set' somewhere that is mounted into the container. Then we should check for the existence of this file and not reset the password when it is present. |
Consider (but you're not required to implement) the example of the Nexus container. It sets the password to a random default, and let's you view the password. If you set the password, it gets written to a file, and it prevents the random default from being set. |
In the s6 images we only set the admin password (from $PULP_DEFAULT_ADMIN_PASSWORD) if there is no admin account yet. Can we just do the same here? |
For the golang version of pulp-operator, I believe this is not needed anymore (but we still need to decide how to proceed with Galaxy/AH/Ansible version). To avoid having to reprovision an API pod to re-run the |
The pulp-api script in pulp-minimal now interprets the PULP_DEFAULT_ADMIN_PASSWORD environment variable in the same way as the s6 variant. fixes pulp#417
The pulp-api script in pulp-minimal now interprets the PULP_DEFAULT_ADMIN_PASSWORD environment variable in the same way as the s6 variant. fixes pulp#417
Describe the bug
The Pulp admin password from
admin-password
secret is overwriting the password defined through Pulp API.To Reproduce
Steps to reproduce the behavior:
Modify the admin password through Pulp API.
Delete Pulp pods (didn't test yet, but maybe just reprovisioning pulp-api pods would be enough).
Try to use the modified password and it will not work, but the "old" stored in the secret will.
Expected behavior
The password defined in the
admin-password
secret should be used only as a default password. As soon as a user changed it, the secret should not be checked anymore.Additional context
In a quick chat with @dkliban++ we identified a possible fix:
Notes
We will probably need to also fix this in ansible version.
Ref https://issues.redhat.com/browse/AAP-8344
The text was updated successfully, but these errors were encountered: