Skip to content

Bug: OpenSearch password strength error #772

Closed
@oelhammouchi

Description

@oelhammouchi

Describe the bug

OpenSearch container complains about password strength when using a recent image version, even when setting security_enabled=False. It seems this is the consequence of a change in version 2.12.0. There seems to be an easy fix for this, which is to replace plugins.security.disabled environment variable with DISABLE_SECURITY_PLUGIN. I opened a small PR for this, see #773.

To Reproduce

from testcontainers.opensearch import OpenSearchContainer

container = OpenSearchContainer("opensearchproject/opensearch:2.18.0")
container.start()

This will block forever waiting for the container to be ready, and the logs give the following output:

$ docker logs <container id>

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user.
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string.
If a password is not provided, the setup will quit.
For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.1.0-17-amd64 amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.18.0
Detected OpenSearch Security Version: 2.18.0.0
Password admin failed validation: "Password is too short". Please re-try with a minimum 8 character password and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character that is strong. Password strength can be tested here: https://lowe.github.io/tryzxcvbn

Runtime environment

Runtime environment
Linux debian 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux

Python 3.11.2

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.20.0)
  compose: Docker Compose (Docker Inc., v2.32.4)

Server:
 Containers: 53
  Running: 2
  Paused: 0
  Stopped: 51
 Images: 365
 Server Version: 20.10.24+dfsg1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runtime.v1.linux nvidia runc io.containerd.runc.v2
 Default Runtime: nvidia
 Init Binary: docker-init
 containerd version: 1.6.20~ds1-1+b1
 runc version: 1.1.5+ds1-1+deb12u1
 init version:
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 6.1.0-17-amd64
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 62.51GiB
 Name: debian
 ID: MQZA:SAEE:WFPL:FTXS:NWZS:BZLG:B7FL:SQP3:GMZO:WMLA:5K7G:5DQ5
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

alembic==1.14.1
amqp==5.3.1
aniso8601==10.0.0
annotated-types==0.7.0
anyio==4.8.0
argon2-cffi==23.1.0
argon2-cffi-bindings==21.2.0
asgiref==3.8.1
asttokens==3.0.0
async-timeout==5.0.1
attrs==25.1.0
billiard==4.2.1
blinker==1.9.0
celery==5.4.0
certifi==2025.1.31
cffi==1.17.1
charset-normalizer==3.4.1
clean-text==0.6.0
click==8.1.8
click-didyoumean==0.3.1
click-plugins==1.1.1
click-repl==0.3.0
cryptography==44.0.1
-e git+ssh://git@gitlab.com/exantebe/curator.git@1d399adbdbd8a4cfaa30d4b336b31a7b8c001751#egg=curator
debugpy==1.8.12
decorator==5.1.1
Deprecated==1.2.18
deprecation==2.1.0
deptry==0.21.2
docker==7.1.0
emoji==1.7.0
environs==11.2.1
Events==0.5
executing==2.2.0
factory_boy==3.3.3
Faker==36.1.1
faker-file==0.17.14
Flask==3.1.0
Flask-HTTPAuth==4.8.0
Flask-Login==0.6.3
Flask-Mail==0.10.0
Flask-Migrate==4.1.0
flask-restx==1.3.0
Flask-SQLAlchemy==3.1.1
ftfy==6.3.1
gevent==24.11.1
greenlet==3.1.1
gunicorn==23.0.0
h11==0.14.0
httpcore==1.0.7
httpx==0.28.1
idna==3.10
img2pdf==0.5.1
importlib_resources==6.5.2
inflection==0.5.1
iniconfig==2.0.0
ipython==8.32.0
itsdangerous==2.2.0
jedi==0.19.2
Jinja2==3.1.5
jsonschema==4.23.0
jsonschema-specifications==2024.10.1
kombu==5.4.2
loguru==0.7.3
lxml==5.3.1
Mako==1.3.9
Markdown==3.7
markdown-it-py==3.0.0
MarkupSafe==3.0.2
marshmallow==3.26.1
marshmallow-oneofschema==3.1.1
marshmallow-sqlalchemy==1.4.1
matplotlib-inline==0.1.7
mdurl==0.1.2
minio==7.2.15
ocrmypdf==16.9.0
ollama==0.4.7
opensearch-py==2.8.0
orjson==3.10.15
packaging==24.2
parso==0.8.4
pdfkit==1.0.0
pdfminer.six==20240706
pdoc3==0.11.5
pexpect==4.9.0
pi_heif==0.21.0
pika==1.3.2
pikepdf==9.5.2
pillow==11.1.0
pluggy==1.5.0
polling==0.3.2
prompt_toolkit==3.0.50
psycogreen==1.0.2
psycopg2==2.9.10
ptyprocess==0.7.0
pure_eval==0.2.3
py-healthcheck==1.10.1
py-spy==0.3.14
pycparser==2.22
pycryptodome==3.21.0
pydantic==2.10.6
pydantic_core==2.27.2
pyfiglet==1.0.2
Pygments==2.19.1
pytest==8.3.4
pytest-dotenv==0.5.2
pytest-factoryboy==2.7.0
pytest-lazy-fixtures==1.1.2
pytest-print @ git+https://github.com/pytest-dev/pytest-print.git@d4721d5392713b61b75d85caa91ee34d67a4ddf8
python-dateutil==2.9.0.post0
python-dotenv==1.0.1
python-magic==0.4.27
pytz==2025.1
redis==5.2.1
referencing==0.36.2
requests==2.32.3
requests-toolbelt==1.0.0
requirements-parser==0.11.0
rich==13.9.4
rich-click==1.8.5
rpds-py==0.22.3
six==1.17.0
sniffio==1.3.1
SQLAlchemy==2.0.38
sqlalchemy-mixins==2.0.5
SQLAlchemy-Utils==0.41.2
stack-data==0.6.3
testcontainers @ git+https://github.com/oelhammouchi/testcontainers-python@acc3aa8cc03cff47432ccfcb32212d65ba474c3f
tika==2.6.0
traitlets==5.14.3
types-setuptools==75.8.0.20250210
typing_extensions==4.12.2
tzdata==2025.1
Unidecode==1.3.8
urllib3==2.3.0
vine==5.1.0
waitress==3.0.2
wcwidth==0.2.13
Werkzeug==3.1.3
wrapt==1.17.2
zope.event==5.0
zope.interface==7.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions