From 9f18438408b596b8c440996d71cd285b60d2e729 Mon Sep 17 00:00:00 2001 From: Rishabh Singh Date: Tue, 28 Mar 2023 16:43:59 -0700 Subject: [PATCH] Added feature to pass additional cluster settings from command line. (#21) * make OSD optional and other minor improvements Signed-off-by: Rishabh Singh * Feature to pass additional cluster settings from command line Signed-off-by: Rishabh Singh --------- Signed-off-by: Rishabh Singh (cherry picked from commit 5307477e40d3c620aac3a4c7051f60ad59537bb5) --- README.md | 51 ++++++++++++++++++------------------ lib/infra/infra-stack.ts | 13 ++++++++- lib/os-cluster-entrypoint.ts | 13 +++++++++ test/os-cluster.test.ts | 2 ++ 4 files changed, 53 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index c7397c092f9..d87f759e609 100644 --- a/README.md +++ b/README.md @@ -32,31 +32,32 @@ There are two stacks that get deployed: In order to deploy both the stacks the user needs to provide a set of required and optional parameters listed below: -| Name | Type | Description | -|-----------------------------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| distVersion (required) | string | The OpenSearch distribution version (released/un-released) the user wants to deploy | -| securityDisabled (required) | boolean | Enable or disable security plugin | -| minDistribution (required) | boolean | Is it the minimal OpenSearch distribution with no security and plugins | -| distributionUrl (required) | string | OpenSearch tar distribution url | -| cpuArch (required) | string | CPU platform for EC2, could be either `x64` or `arm64` | -| singleNodeCluster (required) | boolean | Set `true` for single-node cluster else `false` for multi-node | -| serverAccessType (required) | string | Restrict server access based on ip address (ipv4/ipv6), prefix list and/or security group. See [Restricting Server Access](#restricting-server-access) for more details. | -| restrictServerAccessTo (required) | string | The value for `serverAccessType`, e.g., 10.10.10.10/32, pl-12345, sg-12345. See [Restricting Server Access](#restricting-server-access) for more details. | -| dashboardsUrl (Optional) | string | OpenSearch Dashboards tar distribution url | -| vpcId (Optional) | string | Re-use existing vpc, provide vpc id | -| securityGroupId (Optional) | boolean | Re-use existing security group, provide security group id | -| cidr (Optional) | string | User provided CIDR block for new Vpc, default is `10.0.0.0/16` | -| managerNodeCount (Optional) | integer | Number of cluster manager nodes, default is 3 | -| dataNodeCount (Optional) | integer | Number of data nodes, default is 2 | -| clientNodeCount (Optional) | integer | Number of dedicated client nodes, default is 0 | -| ingestNodeCount (Optional) | integer | Number of dedicated ingest nodes, default is 0 | -| mlNodeCount (Optional) | integer | Number of dedicated machine learning nodes, default is 0 | -| jvmSysProps (Optional) | string | A comma-separated list of key=value pairs that will be added to `jvm.options` as JVM system properties. | -| suffix (Optional) | string | An optional string identifier to be concatenated with infra stack name. | -| region (Optional) | string | User provided aws region | -| account (Optional) | string | User provided aws account | -| dataNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | -| mlNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | +| Name | Type | Description | +|-----------------------------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| distVersion (required) | string | The OpenSearch distribution version (released/un-released) the user wants to deploy | +| securityDisabled (required) | boolean | Enable or disable security plugin | +| minDistribution (required) | boolean | Is it the minimal OpenSearch distribution with no security and plugins | +| distributionUrl (required) | string | OpenSearch tar distribution url | +| cpuArch (required) | string | CPU platform for EC2, could be either `x64` or `arm64` | +| singleNodeCluster (required) | boolean | Set `true` for single-node cluster else `false` for multi-node | +| serverAccessType (required) | string | Restrict server access based on ip address (ipv4/ipv6), prefix list and/or security group. See [Restricting Server Access](#restricting-server-access) for more details. | +| restrictServerAccessTo (required) | string | The value for `serverAccessType`, e.g., 10.10.10.10/32, pl-12345, sg-12345. See [Restricting Server Access](#restricting-server-access) for more details. | +| dashboardsUrl (Optional) | string | OpenSearch Dashboards tar distribution url | +| vpcId (Optional) | string | Re-use existing vpc, provide vpc id | +| securityGroupId (Optional) | boolean | Re-use existing security group, provide security group id | +| cidr (Optional) | string | User provided CIDR block for new Vpc, default is `10.0.0.0/16` | +| managerNodeCount (Optional) | integer | Number of cluster manager nodes, default is 3 | +| dataNodeCount (Optional) | integer | Number of data nodes, default is 2 | +| clientNodeCount (Optional) | integer | Number of dedicated client nodes, default is 0 | +| ingestNodeCount (Optional) | integer | Number of dedicated ingest nodes, default is 0 | +| mlNodeCount (Optional) | integer | Number of dedicated machine learning nodes, default is 0 | +| jvmSysProps (Optional) | string | A comma-separated list of key=value pairs that will be added to `jvm.options` as JVM system properties. | +| additionalConfig (Optional) | string | Additional opensearch.yml config parameters passed as JSON. e.g., `--context additionalConfig='{"plugins.security.nodes_dn": ["CN=*.example.com, OU=SSL, O=Test, L=Test, C=DE", "CN=node.other.com, OU=SSL, O=Test, L=Test, C=DE"], "plugins.security.nodes_dn_dynamic_config_enabled": false}'` | +| suffix (Optional) | string | An optional string identifier to be concatenated with infra stack name. | +| region (Optional) | string | User provided aws region | +| account (Optional) | string | User provided aws account | +| dataNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | +| mlNodeStorage (Optional) | string | User provided ebs block storage size, defaults to 100Gb | * Before starting this step, ensure that your AWS CLI is correctly configured with access credentials. diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts index 61576198620..1d7eca2a970 100644 --- a/lib/infra/infra-stack.ts +++ b/lib/infra/infra-stack.ts @@ -53,7 +53,8 @@ export interface infraProps extends StackProps{ readonly mlNodeCount: number, readonly dataNodeStorage: number, readonly mlNodeStorage: number, - readonly jvmSysPropsString?: string + readonly jvmSysPropsString?: string, + readonly additionalConfig?: string, } export class InfraStack extends Stack { @@ -467,6 +468,16 @@ export class InfraStack extends Stack { })); } + // @ts-ignore + if (props.additionalConfig.toString() !== 'undefined') { + // @ts-ignore + cfnInitConfig.push(InitCommand.shellCommand(`set -ex; cd opensearch; echo "${props.additionalConfig}">>config/opensearch.yml`, + { + cwd: '/home/ec2-user', + ignoreErrors: false, + })); + } + // final run command based on whether the distribution type is min or bundle if (props.minDistribution) { // using (stackProps.minDistribution) condition is not working when false value is being sent cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch; sudo -u ec2-user nohup ./bin/opensearch >> install.log 2>&1 &', diff --git a/lib/os-cluster-entrypoint.ts b/lib/os-cluster-entrypoint.ts index ff831ebb1bc..0d508c5e975 100644 --- a/lib/os-cluster-entrypoint.ts +++ b/lib/os-cluster-entrypoint.ts @@ -10,6 +10,7 @@ import { Stack, StackProps } from 'aws-cdk-lib'; import { AmazonLinuxCpuType, IVpc, SecurityGroup, Vpc, } from 'aws-cdk-lib/aws-ec2'; +import { dump } from 'js-yaml'; import { NetworkStack } from './networking/vpc-stack'; import { InfraStack } from './infra/infra-stack'; @@ -35,6 +36,7 @@ export class OsClusterEntrypoint { let infraStackName: string; let dataNodeStorage: number; let mlNodeStorage: number; + let ymlConfig: string = 'undefined'; const vpcId: string = scope.node.tryGetContext('vpcId'); const securityGroupId = scope.node.tryGetContext('securityGroupId'); @@ -134,6 +136,16 @@ export class OsClusterEntrypoint { const jvmSysProps = `${scope.node.tryGetContext('jvmSysProps')}`; + const osConfig = `${scope.node.tryGetContext('additionalConfig')}`; + if (osConfig.toString() !== 'undefined') { + try { + const jsonObj = JSON.parse(osConfig); + ymlConfig = dump(jsonObj); + } catch (e) { + throw new Error(`Encountered following error while parsing additionalConfig json parameter: ${e}`); + } + } + const suffix = `${scope.node.tryGetContext('suffix')}`; const network = new NetworkStack(scope, 'opensearch-network-stack', { @@ -179,6 +191,7 @@ export class OsClusterEntrypoint { dataNodeStorage, mlNodeStorage, jvmSysPropsString: jvmSysProps, + additionalConfig: ymlConfig, ...props, }); diff --git a/test/os-cluster.test.ts b/test/os-cluster.test.ts index b8c5d3565a7..e0d30bd64cb 100644 --- a/test/os-cluster.test.ts +++ b/test/os-cluster.test.ts @@ -11,6 +11,7 @@ import { OsClusterEntrypoint } from '../lib/os-cluster-entrypoint'; test('Test Resources with security disabled multi-node', () => { const app = new App({ + context: { securityDisabled: true, minDistribution: false, @@ -21,6 +22,7 @@ test('Test Resources with security disabled multi-node', () => { distVersion: '1.0.0', serverAccessType: 'ipv4', restrictServerAccessTo: 'all', + additionalConfig: '{ "name": "John Doe", "age": 30, "email": "johndoe@example.com" }', }, });