Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addresses changes made to security demo config install tool #85

Closed
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 21 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
# CDK for deploying single-node and multi-node OpenSearch cluster with OpenSearch Dashboards

- [Getting Started](#getting-started)
- [Deployment](#deployment)
- [Required context parameters](#required-context-parameters)
- [Interacting with OpenSearch cluster](#interacting-with-opensearch-cluster)
- [Restricting Server Access](#restricting-server-access)
- [Enable Remote Store Feature](#enable-remote-store-feature)
- [Check Logs](#check-logs)
- [Access EC2 Instances](#access-ec2-instances)
- [Port Mapping](#port-mapping)
- [Teardown](#teardown)
- [Contributing](#contributing)
- [Getting Help](#getting-help)
- [Code of Conduct](#code-of-conduct)
- [Security](#security)
- [License](#license)
- [CDK for deploying single-node and multi-node OpenSearch cluster with OpenSearch Dashboards](#cdk-for-deploying-single-node-and-multi-node-opensearch-cluster-with-opensearch-dashboards)
- [Getting Started](#getting-started)
- [Deployment](#deployment)
- [Required context parameters](#required-context-parameters)
- [Sample command to set up multi-node cluster with security enabled on x64 AL2 machine](#sample-command-to-set-up-multi-node-cluster-with-security-enabled-on-x64-al2-machine)
- [Interacting with OpenSearch cluster](#interacting-with-opensearch-cluster)
- [Sample commands](#sample-commands)
- [Restricting Server Access](#restricting-server-access)
- [Please note the load-balancer url is internet facing and can be accessed by anyone.](#please-note-the-load-balancer-url-is-internet-facing-and-can-be-accessed-by-anyone)
- [Enable Remote Store Feature](#enable-remote-store-feature)
- [Check logs](#check-logs)
- [Access EC2 Instances](#access-ec2-instances)
- [Port Mapping](#port-mapping)
- [Teardown](#teardown)
- [Contributing](#contributing)
- [Getting Help](#getting-help)
- [Code of Conduct](#code-of-conduct)
- [Security](#security)
- [License](#license)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this table was auto-updated by VS code to the follow the section outlines in this readme. Please let me know if this should be reverted.


This project enables user to deploy either a single-node or a multi-node OpenSearch cluster.
There are two stacks that get deployed:
Expand All @@ -37,6 +41,7 @@ In order to deploy both the stacks the user needs to provide a set of required a
|------------------------|:------------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| distVersion | Required | string | The OpenSearch distribution version (released/un-released) the user wants to deploy |
| securityDisabled | Required | boolean | Enable or disable security plugin |
| adminPassword | Required | string | This value is required when security plugin is enabled |
| minDistribution | Required | boolean | Is it the minimal OpenSearch distribution with no security and plugins |
| distributionUrl | Required | string | OpenSearch tar distribution url |
| cpuArch | Required | string | CPU platform for EC2, could be either `x64` or `arm64` |
Expand Down Expand Up @@ -120,7 +125,7 @@ After CDK Stack deployment the user will be returned a load-balancer url which t

To interact with dashboards use port `8443`. Type `http://<load-balancer-url>:8443` in your browser.

For security enabled cluster run `curl -X GET https://<load-balancer-url> -u 'admin:admin' --insecure`
For security enabled cluster run `curl -X GET https://<load-balancer-url> -u 'admin:<admin-password>' --insecure`
The security enabled dashboard is accessible using `http` on port `8443`

### Restricting Server Access
Expand Down
6 changes: 5 additions & 1 deletion lib/infra/infra-stack.ts
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
readonly cpuArch: string,
readonly cpuType: AmazonLinuxCpuType,
readonly securityDisabled: boolean,
readonly adminPassword: string,
readonly minDistribution: boolean,
readonly distributionUrl: string,
readonly dashboardsUrl: string,
Expand Down Expand Up @@ -150,7 +151,7 @@
}

if (props.singleNodeCluster) {
console.log('Single node value is true, creating single node configurations');

Check warning on line 154 in lib/infra/infra-stack.ts

View workflow job for this annotation

GitHub Actions / build

Unexpected console statement
singleNodeInstance = new Instance(this, 'single-node-instance', {
vpc: props.vpc,
instanceType: singleNodeInstanceType,
Expand Down Expand Up @@ -639,6 +640,7 @@
}
}


// Starting OpenSearch based on whether the distribution type is min or bundle
if (props.minDistribution) { // using (stackProps.minDistribution) condition is not working when false value is being sent
cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch; sudo -u ec2-user nohup ./bin/opensearch >> install.log 2>&1 &',
Expand All @@ -647,7 +649,9 @@
ignoreErrors: false,
}));
} else {
cfnInitConfig.push(InitCommand.shellCommand('set -ex;cd opensearch; sudo -u ec2-user nohup ./opensearch-tar-install.sh >> install.log 2>&1 &',
// set initial admin password to be needed by demo configuration
cfnInitConfig.push(InitCommand.shellCommand(`set -ex;cd opensearch; sudo -u ec2-user nohup env OPENSEARCH_INITIAL_ADMIN_PASSWORD=${props.adminPassword}`
+ `./opensearch-tar-install.sh >> install.log 2>&1 &`,
{
cwd: '/home/ec2-user',
ignoreErrors: false,
Expand Down
7 changes: 7 additions & 0 deletions lib/os-cluster-entrypoint.ts
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,12 @@
}
const security = securityDisabled === 'true';

// adminPassword is required if security is enabled and demo config is to be run
const adminPassword: String = security ? `${scope.node.tryGetContext('adminPassword')}` : "";
if (security && adminPassword == null) {
throw new Error('adminPassword parameter is required to be set when security is enabled');

Check warning on line 92 in lib/os-cluster-entrypoint.ts

View check run for this annotation

Codecov / codecov/patch

lib/os-cluster-entrypoint.ts#L92

Added line #L92 was not covered by tests
}

const minDistribution = `${scope.node.tryGetContext('minDistribution')}`;
if (minDistribution !== 'true' && minDistribution !== 'false') {
throw new Error('minDistribution parameter is required to be set as - true or false');
Expand Down Expand Up @@ -250,6 +256,7 @@
const infraStack = new InfraStack(scope, infraStackName, {
vpc: this.vpc,
securityDisabled: security,
adminPassword: adminPassword,
opensearchVersion: distVersion,
clientNodeCount: clientCount,
cpuArch,
Expand Down
Loading