[DPE-1464] Sync folder layout with OpenSearch DEB #100
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
workflow_call: | |
pull_request: | |
jobs: | |
build: | |
name: Build Snap | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
outputs: | |
snap-file: ${{ steps.build-snap.outputs.snap }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install required dependencies | |
run: | | |
sudo snap install yq | |
- name: Upgrade linux deps | |
run: | | |
sudo apt-get update | |
# install security updates | |
sudo apt-get -s dist-upgrade \ | |
| grep "^Inst" \ | |
| grep -i securi \ | |
| awk -F " " {'print $2'} \ | |
| xargs sudo apt-get install -y | |
sudo apt-get autoremove -y | |
- id: build-snap | |
name: Build snap | |
uses: snapcore/action-build@v1 | |
with: | |
snapcraft-channel: 7.x/candidate | |
- name: Upload built snap job artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: opensearch_snap_amd64 | |
path: "opensearch_*.snap" | |
test: | |
name: Test Snap | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
needs: | |
- build | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download snap file | |
uses: actions/download-artifact@v3 | |
with: | |
name: opensearch_snap_amd64 | |
path: . | |
- name: Install snap file | |
run: | | |
version="$(cat snap/snapcraft.yaml | yq .version)" | |
sudo snap remove --purge opensearch | |
sudo snap install opensearch_${version}_amd64.snap --dangerous --jailmode | |
- name: Setup the required system configs | |
run: | | |
sudo sysctl -w vm.swappiness=0 | |
sudo sysctl -w vm.max_map_count=262144 | |
sudo sysctl -w net.ipv4.tcp_retries2=5 | |
- name: Connect required interfaces | |
run: | | |
sudo snap connect opensearch:log-observe | |
sudo snap connect opensearch:mount-observe | |
sudo snap connect opensearch:process-control | |
sudo snap connect opensearch:system-observe | |
sudo snap connect opensearch:sys-fs-cgroup-service | |
- name: Setup and Start OpenSearch | |
run: | | |
# create the certificates | |
sudo snap run opensearch.setup \ | |
--node-name cm0 \ | |
--node-roles cluster_manager,data \ | |
--tls-priv-key-root-pass root1234 \ | |
--tls-priv-key-admin-pass admin1234 \ | |
--tls-priv-key-node-pass node1234 \ | |
--tls-init-setup yes # this creates the root and admin certs as well. | |
# start opensearch | |
sudo snap start opensearch.daemon | |
# wait a bit for it to fully initialize | |
sleep 15s | |
# create the security index | |
sudo snap run opensearch.security-init --tls-priv-key-admin-pass=admin1234 | |
- name: Setup tmate session | |
if: ${{ failure() }} | |
uses: mxschmitt/action-tmate@v3 | |
- name: Ensure the cluster is reachable and node created | |
run: | | |
sudo snap install yq | |
sudo cp /var/snap/opensearch/current/etc/opensearch/certificates/node-cm0.pem ./ | |
cert=./node-cm0.pem | |
# Check node name | |
cluster_resp=$(curl --cacert ${cert} -XGET https://localhost:9200 -u 'admin:admin') | |
echo -e "Cluster Response: \n ${cluster_resp}" | |
node_name=$(echo "${cluster_resp}" | yq -r .name) | |
if [ "${node_name}" != "cm0" ]; then | |
exit 1 | |
fi | |
# Check cluster health | |
health_resp=$(curl --cacert ${cert} -XGET https://localhost:9200/_cluster/health -u 'admin:admin') | |
echo -e "Cluster Health Response: \n ${health_resp}" | |
cluster_status=$(echo "${health_resp}" | yq -r .status) | |
if [ "${cluster_status}" != "green" ]; then | |
exit 1 | |
fi | |
- name: Upgrade snap | |
run: | | |
version="$(cat snap/snapcraft.yaml | yq .version)" | |
sudo snap install opensearch_${version}_amd64.snap --dangerous --jailmode | |
if [ "$(ls /var/snap/opensearch/x2)" ]; then | |
echo "Snap upgraded." | |
fi | |
- name: Ensure the cluster is reachable and node created after upgrade | |
run: | | |
# start opensearch after upgrade | |
sudo snap start opensearch.daemon | |
# Give some time for the service to come back up | |
sleep 100s | |
sudo cp /var/snap/opensearch/current/etc/opensearch/certificates/node-cm0.pem ./ | |
cert=./node-cm0.pem | |
# Check node name | |
cluster_resp=$(curl --cacert ${cert} -XGET https://localhost:9200 -u 'admin:admin') | |
echo -e "Cluster Response: \n ${cluster_resp}" | |
node_name=$(echo "${cluster_resp}" | yq -r .name) | |
if [ "${node_name}" != "cm0" ]; then | |
exit 1 | |
fi | |
# Check cluster health | |
health_resp=$(curl --cacert ${cert} -XGET https://localhost:9200/_cluster/health -u 'admin:admin') | |
echo -e "Cluster Health Response: \n ${health_resp}" | |
cluster_status=$(echo "${health_resp}" | yq -r .status) | |
if [ "${cluster_status}" != "green" ]; then | |
exit 1 | |
fi |