This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

No update password when doing helm upgrade

Go to solution
ticapix
Node Link

‎10-18-2020 05:08 AM

Hello,

After a first install of neo4j-4.1.1 with helm and automatic generated password , I'm doing an upgrade with

helm upgrade --install --atomic --cleanup-on-fail --values neo4j_values.yml db https://github.com/neo4j-contrib/neo4j-helm/archive/4.1.1-4.tar.gz

and values.yml contains

acceptLicenseAgreement: "yes"
neo4jPassword: test1
plugins: "[\"apoc\", \"n10s\"]"
core:
  standalone: true
  persistentVolume:
    size: 10Gi # might be needed later to get more space
  service:
    type: NodePort # expose service to Internet. default: ClusterIP

The issue is that the password is not updated.

The secret is updated
The variable NEO4J_AUTH used by the docker-entrypoint.sh seems to be ok.
Even if I open a shell in the running neo4j container and run neo4j-admin set-initial-password test1, then kill the pod, the new password is not taken into account.

Any reason for this behavior or is that a bug ?

Best regards,

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
david_allen
Neo4j
Neo4j

‎10-18-2020 06:15 AM

It isn't a bug, it's a misunderstanding about what happens.

When you install the helm chart for the first time, it creates the user with this setting. That user in turn gets persisted to the system database within neo4j. Subsequently to that, you can't change the password because you already have that user with an established password.

The way to change the password after system install, is to use cypher and the regular built-in procedures for modifying a user's password. The password option in the helm chart is just a cold-start "first time" affordance for deploys

View solution in original post

0 Kudos
Reply
2 REPLIES 2

Go to solution
david_allen
Neo4j
Neo4j

‎10-18-2020 06:15 AM

It isn't a bug, it's a misunderstanding about what happens.

When you install the helm chart for the first time, it creates the user with this setting. That user in turn gets persisted to the system database within neo4j. Subsequently to that, you can't change the password because you already have that user with an established password.

The way to change the password after system install, is to use cypher and the regular built-in procedures for modifying a user's password. The password option in the helm chart is just a cold-start "first time" affordance for deploys

0 Kudos
Reply

Go to solution
dhodun
Node
In response to david_allen

‎09-02-2021 01:15 PM

Ran into this after a bit of debugging - might be worth mentioning this in the helm docs and values.yaml comments?

Especially since the chart lets you hook up to a k8s secret, we figured we might be able to pipe in a rotated secret via our SecretManager.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays