-
Notifications
You must be signed in to change notification settings - Fork 8
172 lines (142 loc) · 5.34 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Build and Test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_call:
pull_request:
jobs:
build:
name: Build Snap
runs-on: ubuntu-latest
timeout-minutes: 60
outputs:
snap-file: ${{ steps.build-snap.outputs.snap }}
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install required dependencies
run: |
sudo snap install yq
- name: Upgrade linux deps
run: |
sudo apt-get update
# install security updates
sudo apt-get -s dist-upgrade \
| grep "^Inst" \
| grep -i securi \
| awk -F " " {'print $2'} \
| xargs sudo apt-get install -y
sudo apt-get autoremove -y
- id: build-snap
name: Build snap
uses: snapcore/action-build@v1
with:
snapcraft-channel: 7.x/candidate
- name: Upload built snap job artifact
uses: actions/upload-artifact@v3
with:
name: opensearch_snap_amd64
path: "opensearch_*.snap"
test:
name: Test Snap
runs-on: ubuntu-latest
timeout-minutes: 15
needs:
- build
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download snap file
uses: actions/download-artifact@v3
with:
name: opensearch_snap_amd64
path: .
- name: Install snap file
run: |
version="$(cat snap/snapcraft.yaml | yq .version)"
sudo snap remove --purge opensearch
sudo snap install opensearch_${version}_amd64.snap --dangerous --jailmode
- name: Setup the required system configs
run: |
sudo sysctl -w vm.swappiness=0
sudo sysctl -w vm.max_map_count=262144
sudo sysctl -w net.ipv4.tcp_retries2=5
- name: Connect required interfaces
run: |
sudo snap connect opensearch:log-observe
sudo snap connect opensearch:mount-observe
sudo snap connect opensearch:process-control
sudo snap connect opensearch:system-observe
sudo snap connect opensearch:sys-fs-cgroup-service
- name: Setup and Start OpenSearch
run: |
# create the certificates
sudo snap run opensearch.setup \
--node-name cm0 \
--node-roles cluster_manager,data \
--tls-priv-key-root-pass root1234 \
--tls-priv-key-admin-pass admin1234 \
--tls-priv-key-node-pass node1234 \
--tls-init-setup yes # this creates the root and admin certs as well.
# start opensearch
sudo snap start opensearch.daemon
# wait a bit for it to fully initialize
sleep 15s
# create the security index
sudo snap run opensearch.security-init --tls-priv-key-admin-pass=admin1234
- name: Setup tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
- name: Ensure the cluster is reachable and node created
run: |
sudo snap install yq
sudo cp /var/snap/opensearch/current/etc/opensearch/certificates/node-cm0.pem ./
cert=./node-cm0.pem
# Check node name
cluster_resp=$(curl --cacert ${cert} -XGET https://localhost:9200 -u 'admin:admin')
echo -e "Cluster Response: \n ${cluster_resp}"
node_name=$(echo "${cluster_resp}" | yq -r .name)
if [ "${node_name}" != "cm0" ]; then
exit 1
fi
# Check cluster health
health_resp=$(curl --cacert ${cert} -XGET https://localhost:9200/_cluster/health -u 'admin:admin')
echo -e "Cluster Health Response: \n ${health_resp}"
cluster_status=$(echo "${health_resp}" | yq -r .status)
if [ "${cluster_status}" != "green" ]; then
exit 1
fi
- name: Upgrade snap
run: |
version="$(cat snap/snapcraft.yaml | yq .version)"
sudo snap install opensearch_${version}_amd64.snap --dangerous --jailmode
if [ "$(ls /var/snap/opensearch/x2)" ]; then
echo "Snap upgraded."
fi
- name: Ensure the cluster is reachable and node created after upgrade
run: |
# start opensearch after upgrade
sudo snap start opensearch.daemon
# Give some time for the service to come back up
sleep 100s
sudo cp /var/snap/opensearch/current/etc/opensearch/certificates/node-cm0.pem ./
cert=./node-cm0.pem
# Check node name
cluster_resp=$(curl --cacert ${cert} -XGET https://localhost:9200 -u 'admin:admin')
echo -e "Cluster Response: \n ${cluster_resp}"
node_name=$(echo "${cluster_resp}" | yq -r .name)
if [ "${node_name}" != "cm0" ]; then
exit 1
fi
# Check cluster health
health_resp=$(curl --cacert ${cert} -XGET https://localhost:9200/_cluster/health -u 'admin:admin')
echo -e "Cluster Health Response: \n ${health_resp}"
cluster_status=$(echo "${health_resp}" | yq -r .status)
if [ "${cluster_status}" != "green" ]; then
exit 1
fi