-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add feature to support customized config files to the cluster #82
Changes from 5 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -59,16 +59,17 @@ | |
readonly mlNodeCount: number, | ||
readonly dataNodeStorage: number, | ||
readonly mlNodeStorage: number, | ||
readonly jvmSysPropsString?: string, | ||
readonly additionalConfig?: string, | ||
readonly additionalOsdConfig?: string, | ||
readonly dataEc2InstanceType: InstanceType, | ||
readonly mlEc2InstanceType: InstanceType, | ||
readonly use50PercentHeap: boolean, | ||
readonly isInternal: boolean, | ||
readonly enableRemoteStore: boolean, | ||
readonly storageVolumeType: EbsDeviceVolumeType, | ||
readonly customRoleArn: string | ||
readonly customRoleArn: string, | ||
readonly jvmSysPropsString?: string, | ||
readonly additionalConfig?: string, | ||
readonly additionalOsdConfig?: string, | ||
readonly customConfigFiles?: string, | ||
} | ||
|
||
export class InfraStack extends Stack { | ||
|
@@ -147,7 +148,7 @@ | |
} | ||
|
||
if (props.singleNodeCluster) { | ||
console.log('Single node value is true, creating single node configurations'); | ||
singleNodeInstance = new Instance(this, 'single-node-instance', { | ||
vpc: props.vpc, | ||
instanceType: singleNodeInstanceType, | ||
|
@@ -585,7 +586,25 @@ | |
})); | ||
} | ||
|
||
// // Startinng OpenSearch based on whether the distribution type is min or bundle | ||
if (props.customConfigFiles !== 'undefined') { | ||
try { | ||
// @ts-ignore | ||
const jsonObj = JSON.parse(props.customConfigFiles); | ||
Object.keys(jsonObj).forEach((localFileName) => { | ||
const getConfig = load(readFileSync(localFileName, 'utf-8')); | ||
const remoteConfigLocation = jsonObj[localFileName]; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am assuming this provides the value, i.e, the actual path of the file in opensearch or opensearch-dashboards directory on the ec2 host? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes! root directory remains the same which is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Also, for local file name, the user has to provide the absolute path or does the code reads using relative-path? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Both works as per my testing. Relative as well as absolute path. |
||
cfnInitConfig.push(InitCommand.shellCommand(`set -ex; echo "${dump(getConfig)}" > ${remoteConfigLocation}`, | ||
{ | ||
cwd: '/home/ec2-user', | ||
ignoreErrors: false, | ||
})); | ||
}); | ||
} catch (e) { | ||
throw new Error(`Encountered following error while parsing customConfigFiles json parameter: ${e}`); | ||
} | ||
} | ||
|
||
// Starting OpenSearch based on whether the distribution type is min or bundle | ||
if (props.minDistribution) { // using (stackProps.minDistribution) condition is not working when false value is being sent | ||
cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch; sudo -u ec2-user nohup ./bin/opensearch >> install.log 2>&1 &', | ||
{ | ||
|
@@ -635,7 +654,7 @@ | |
})); | ||
} | ||
|
||
// Startinng OpenSearch-Dashboards | ||
// Starting OpenSearch-Dashboards | ||
cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch-dashboards;' | ||
+ 'sudo -u ec2-user nohup ./bin/opensearch-dashboards > dashboard_install.log 2>&1 &', { | ||
cwd: '/home/ec2-user', | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
_meta: | ||
type: "allowlist" | ||
config_version: 2 | ||
|
||
# Description: | ||
# enabled - feature flag. | ||
# if enabled is false, all endpoints are accessible. | ||
# if enabled is true, all users except the SuperAdmin can only submit the allowed requests to the specified endpoints. | ||
# SuperAdmin can access all APIs. | ||
# SuperAdmin is defined by the SuperAdmin certificate, which is configured with the opensearch.yml setting plugins.security.authcz.admin_dn: | ||
# Refer to the example setting in opensearch.yml to learn more about configuring SuperAdmin. | ||
# | ||
# requests - map of allow listed endpoints and HTTP requests | ||
|
||
#this name must be config | ||
config: | ||
enabled: true | ||
requests: | ||
/_cluster/settings: | ||
- GET | ||
/_cat/nodes: | ||
- GET |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
complex-role: | ||
reserved: false | ||
hidden: false | ||
cluster_permissions: | ||
- "read" | ||
- "cluster:monitor/nodes/stats" | ||
- "cluster:monitor/task/get" | ||
index_permissions: | ||
- index_patterns: | ||
- "opensearch_dashboards_sample_data_*" | ||
dls: "{\"match\": {\"FlightDelay\": true}}" | ||
fls: | ||
- "~FlightNum" | ||
masked_fields: | ||
- "Carrier" | ||
allowed_actions: | ||
- "read" | ||
tenant_permissions: | ||
- tenant_patterns: | ||
- "analyst_*" | ||
allowed_actions: | ||
- "kibana_all_write" | ||
static: false | ||
_meta: | ||
type: "roles" | ||
config_version: 2 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,6 +24,8 @@ test('Test Resources with security disabled multi-node default instance types', | |
restrictServerAccessTo: 'all', | ||
additionalConfig: '{ "name": "John Doe", "age": 30, "email": "[email protected]" }', | ||
additionalOsdConfig: '{ "something.enabled": "true", "something_else.enabled": "false" }', | ||
// eslint-disable-next-line max-len | ||
customConfigFiles: '{"test/data/config.yml": "opensearch/config/opensearch-security/config.yml", "test/data/roles.yml": "opensearch/config/opensearch-security/roles.yml"}', | ||
}, | ||
}); | ||
|
||
|
@@ -489,3 +491,36 @@ test('Test multi-node cluster with custom IAM Role', () => { | |
Roles: ['customRoleName'], | ||
}); | ||
}); | ||
|
||
test('Throw error on incorrect JSON', () => { | ||
const app = new App({ | ||
context: { | ||
securityDisabled: true, | ||
minDistribution: false, | ||
distributionUrl: 'www.example.com', | ||
cpuArch: 'x64', | ||
singleNodeCluster: false, | ||
dashboardsUrl: 'www.example.com', | ||
distVersion: '1.0.0', | ||
serverAccessType: 'ipv4', | ||
restrictServerAccessTo: 'all', | ||
additionalConfig: '{ "name": "John Doe", "age": 30, "email": "[email protected]" }', | ||
additionalOsdConfig: '{ "something.enabled": "true", "something_else.enabled": "false" }', | ||
// eslint-disable-next-line max-len | ||
customConfigFiles: '{"test/data/config.yml": opensearch/config/opensearch-security/config.yml"}', | ||
}, | ||
}); | ||
// WHEN | ||
try { | ||
const testStack = new OsClusterEntrypoint(app, { | ||
env: { account: 'test-account', region: 'us-east-1' }, | ||
}); | ||
|
||
// eslint-disable-next-line no-undef | ||
fail('Expected an error to be thrown'); | ||
} catch (error) { | ||
expect(error).toBeInstanceOf(Error); | ||
// eslint-disable-next-line max-len | ||
expect(error.message).toEqual('Encountered following error while parsing customConfigFiles json parameter: SyntaxError: Unexpected token o in JSON at position 25'); | ||
} | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Formatting change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed! Thanks!