WIP: Fix bootstrapping with default credentials

[nijave]

Description

• Set a more complex default password--not sure if there are documentation updates that need to go with this.
• Consolidate env var generation that's the same between STS/Bootstrap into a convient function.
• Update the example password in docs to fulfill complexity requirements.
• Remove unused username parameter. Since I'm adding an additional parameter it seemed fair to remove one that appeared unused to limit how many parameters are being passed around. However, it's unclear if this interface is expected to be stable or is consumed outside the codebase.

Issues Resolved

#759

Check List

• Commits are signed per the DCO using --signoff
• Unittest added for the new/changed functionality and all unit tests are successful
• Customer-visible features documented
• No linter warnings (make lint)

If CRDs are changed:

• [N/A] CRD YAMLs updated (make manifests) and also copied into the helm chart
• [N/A] Changes to CRDs documented

Please refer to the PR guidelines before submitting this pull request.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[nijave]

I'm not sure about this part. admin didn't meet the default security requirements. Maybe this should be randomly generated instead (it'll get stored in the Secret object for admins to retrieve).

If this should be randomly generated, I could use some guidance if there is any existing code to assist or commonly used libraries.

[nijave]

With these changes, I'm able to bootstrap a cluster using the following CRD

---
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: default-cluster
  namespace: opensearch
spec:
  general:
    # Should also have this plugin @ version https://github.com/Aiven-Open/prometheus-exporter-plugin-for-opensearch/
    version: "2.13.0"
    httpPort: 9200
    vendor: opensearch
    serviceName: opensearch
    monitoring:
     enable: true
    pluginsList: ["repository-s3"]
    setVMMaxMapCount: true
  dashboards:
    version: "2.13.0"
    enable: true
    replicas: 1
    resources:
      requests:
         memory: 256Mi
         cpu: 50m
      limits:
         memory: 1Gi
         cpu: 500m
  confMgmt:
    smartScaler: true
  nodePools:
    - component: masters
      replicas: 3
      diskSize: 4Gi
      nodeSelector:
      resources:
         requests:
            memory: 512Mi
            cpu: 50m
         limits:
            memory: 768Mi
            cpu: 1000m
      roles:
        - master
        - ingest
    - component: nodes
      replicas: 3
      diskSize: 40Gi
      nodeSelector:
      resources:
         requests:
            memory: 1Gi
            cpu: 50m
         limits:
            memory: 2Gi
            cpu: 1000m
      roles:
        - data

[yiippee]

Merging is blocked?
Any update on this? Thanks.

[nijave]

Merging is blocked? Any update on this? Thanks.

I couldn't repro in the CI environment. Not sure why it failed on my cluster (and apparently some other people's)

GitHub Actions CI looks like a standard cluster

[yiippee]

I want to generate a random password when opensearch is started, the operator can do that ? Thanks.

[yiippee]

what does the 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' means? I only see the definition here, but I can't find a place to use this environment variable. Did I miss something? Thanks.

[danielkubat]

@yiippee it is env. variable which needs to be set prior running the pod. https://opensearch.org/blog/replacing-default-admin-credentials/

[apenen]

I need this to set up my first 2.18 cluster. What are the next steps? Can I contribute?