diff --git a/README.md b/README.md index ccc94bd498a..3b88dc38247 100644 --- a/README.md +++ b/README.md @@ -32,27 +32,32 @@ There are two stacks that get deployed: In order to deploy both the stacks the user needs to provide a set of required and optional parameters listed below: -| Name | Type | Description | -|-----------------------------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| distVersion (required) | string | The OpenSearch distribution version (released/un-released) the user wants to deploy | -| securityDisabled (required) | boolean | Enable or disable security plugin | -| minDistribution (required) | boolean | Is it the minimal OpenSearch distribution with no security and plugins | -| distributionUrl (required) | string | OpenSearch tar distribution url | -| dashboardsUrl (required) | string | OpenSearch Dashboards tar distribution url | -| cpuArch (required) | string | CPU platform for EC2, could be either `x64` or `arm64` | -| singleNodeCluster (required) | boolean | Set `true` for single-node cluster else `false` for multi-node | -| serverAccessType (required) | string | Restrict server access based on ip address (ipv4/ipv6), prefix list and/or security group. See [Restricting Server Access](#restricting-server-access) for more details. | -| restrictServerAccessTo (required) | string | The value for `serverAccessType`, e.g., 10.10.10.10/32, pl-12345, sg-12345. See [Restricting Server Access](#restricting-server-access) for more details. | -| vpcId (Optional) | string | Re-use existing vpc, provide vpc id | -| securityGroupId (Optional) | boolean | Re-use existing security group, provide security group id | -| cidr (Optional) | string | User provided CIDR block for new Vpc, default is `10.0.0.0/16` | -| managerNodeCount (Optional) | integer | Number of cluster manager nodes, default is 3 | -| dataNodeCount (Optional) | integer | Number of data nodes, default is 2 | -| clientNodeCount (Optional) | integer | Number of dedicated client nodes, default is 0 | -| ingestNodeCount (Optional) | integer | Number of dedicated ingest nodes, default is 0 | -| mlNodeCount (Optional) | integer | Number of dedicated machine learning nodes, default is 0 | -| jvmSysProps (Optional) | string | A comma-separated list of key=value pairs that will be added to `jvm.options` as JVM system properties. | - +| Name | Type | Description | +|-----------------------------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| distVersion (required) | string | The OpenSearch distribution version (released/un-released) the user wants to deploy | +| securityDisabled (required) | boolean | Enable or disable security plugin | +| minDistribution (required) | boolean | Is it the minimal OpenSearch distribution with no security and plugins | +| distributionUrl (required) | string | OpenSearch tar distribution url | +| cpuArch (required) | string | CPU platform for EC2, could be either `x64` or `arm64` | +| singleNodeCluster (required) | boolean | Set `true` for single-node cluster else `false` for multi-node | +| serverAccessType (required) | string | Restrict server access based on ip address (ipv4/ipv6), prefix list and/or security group. See [Restricting Server Access](#restricting-server-access) for more details. | +| restrictServerAccessTo (required) | string | The value for `serverAccessType`, e.g., 10.10.10.10/32, pl-12345, sg-12345. See [Restricting Server Access](#restricting-server-access) for more details. | +| dashboardsUrl (Optional) | string | OpenSearch Dashboards tar distribution url | +| vpcId (Optional) | string | Re-use existing vpc, provide vpc id | +| securityGroupId (Optional) | boolean | Re-use existing security group, provide security group id | +| cidr (Optional) | string | User provided CIDR block for new Vpc, default is `10.0.0.0/16` | +| managerNodeCount (Optional) | integer | Number of cluster manager nodes, default is 3 | +| dataNodeCount (Optional) | integer | Number of data nodes, default is 2 | +| clientNodeCount (Optional) | integer | Number of dedicated client nodes, default is 0 | +| ingestNodeCount (Optional) | integer | Number of dedicated ingest nodes, default is 0 | +| mlNodeCount (Optional) | integer | Number of dedicated machine learning nodes, default is 0 | +| jvmSysProps (Optional) | string | A comma-separated list of key=value pairs that will be added to `jvm.options` as JVM system properties. | +| additionalConfig (Optional) | string | Additional opensearch.yml config parameters passed as JSON. e.g., `--context additionalConfig='{"plugins.security.nodes_dn": ["CN=*.example.com, OU=SSL, O=Test, L=Test, C=DE", "CN=node.other.com, OU=SSL, O=Test, L=Test, C=DE"], "plugins.security.nodes_dn_dynamic_config_enabled": false}'` | +| suffix (Optional) | string | An optional string identifier to be concatenated with infra stack name. | +| region (Optional) | string | User provided aws region | +| account (Optional) | string | User provided aws account | +| dataNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | +| mlNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | * Before starting this step, ensure that your AWS CLI is correctly configured with access credentials. * Also ensure that you're running these commands in the current directory diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts index 061b26ed1a0..abfb872238f 100644 --- a/lib/infra/infra-stack.ts +++ b/lib/infra/infra-stack.ts @@ -49,7 +49,10 @@ export interface infraProps extends StackProps{ readonly ingestNodeCount: number, readonly clientNodeCount: number, readonly mlNodeCount: number, - readonly jvmSysPropsString?: string + readonly dataNodeStorage: number, + readonly mlNodeStorage: number, + readonly jvmSysPropsString?: string, + readonly additionalConfig?: string, } export class InfraStack extends Stack { @@ -471,6 +474,16 @@ export class InfraStack extends Stack { })); } + // @ts-ignore + if (props.additionalConfig.toString() !== 'undefined') { + // @ts-ignore + cfnInitConfig.push(InitCommand.shellCommand(`set -ex; cd opensearch; echo "${props.additionalConfig}">>config/opensearch.yml`, + { + cwd: '/home/ec2-user', + ignoreErrors: false, + })); + } + // final run command based on whether the distribution type is min or bundle if (props.minDistribution) { // using (stackProps.minDistribution) condition is not working when false value is being sent cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch; sudo -u ec2-user nohup ./bin/opensearch >> install.log 2>&1 &', diff --git a/lib/os-cluster-entrypoint.ts b/lib/os-cluster-entrypoint.ts index 8da83894b54..2be4d31a7e9 100644 --- a/lib/os-cluster-entrypoint.ts +++ b/lib/os-cluster-entrypoint.ts @@ -10,6 +10,7 @@ import { Stack, StackProps } from 'aws-cdk-lib'; import { AmazonLinuxCpuType, IVpc, SecurityGroup, Vpc, } from 'aws-cdk-lib/aws-ec2'; +import { dump } from 'js-yaml'; import { NetworkStack } from './networking/vpc-stack'; import { InfraStack } from './infra/infra-stack'; @@ -32,6 +33,10 @@ export class OsClusterEntrypoint { let clientCount: number; let ingestCount: number; let mlCount: number; + let infraStackName: string; + let dataNodeStorage: number; + let mlNodeStorage: number; + let ymlConfig: string = 'undefined'; const vpcId: string = scope.node.tryGetContext('vpcId'); const securityGroupId = scope.node.tryGetContext('securityGroupId'); @@ -120,7 +125,19 @@ export class OsClusterEntrypoint { const jvmSysProps = `${scope.node.tryGetContext('jvmSysProps')}`; - const network = new NetworkStack(scope, 'OpenSearch-Network-Stack', { + const osConfig = `${scope.node.tryGetContext('additionalConfig')}`; + if (osConfig.toString() !== 'undefined') { + try { + const jsonObj = JSON.parse(osConfig); + ymlConfig = dump(jsonObj); + } catch (e) { + throw new Error(`Encountered following error while parsing additionalConfig json parameter: ${e}`); + } + } + + const suffix = `${scope.node.tryGetContext('suffix')}`; + + const network = new NetworkStack(scope, 'opensearch-network-stack', { cidrBlock: cidrRange, maxAzs: 3, vpcId, @@ -155,6 +172,7 @@ export class OsClusterEntrypoint { securityGroup: this.securityGroup, singleNodeCluster: isSingleNode, jvmSysPropsString: jvmSysProps, + additionalConfig: ymlConfig, ...props, }); diff --git a/test/os-cluster.test.ts b/test/os-cluster.test.ts index 2a31f2bbbae..8324b684efd 100644 --- a/test/os-cluster.test.ts +++ b/test/os-cluster.test.ts @@ -11,6 +11,7 @@ import { OsClusterEntrypoint } from '../lib/os-cluster-entrypoint'; test('Test Resources with security disabled multi-node', () => { const app = new App({ + context: { securityDisabled: true, minDistribution: false, @@ -21,6 +22,7 @@ test('Test Resources with security disabled multi-node', () => { distVersion: '1.0.0', serverAccessType: 'ipv4', restrictServerAccessTo: 'all', + additionalConfig: '{ "name": "John Doe", "age": 30, "email": "johndoe@example.com" }', }, });