-
Notifications
You must be signed in to change notification settings - Fork 210
opensearch support
Vinay Satish edited this page Jan 4, 2022
·
1 revision
=> for external ES
- we dont have authentication
- so erchef can connect directly, no problem
=> for external OS
- they will provinding opensearch super user, through chef-server.rb or default.rb
- using that, we create new user using chef-secrets,
- we do our operations using the new user we created
- validation - erchef should connect to OS using the chef-secrets
https://github.com/chef/chef-server/pull/2933/files => OS changes in general
- there are some change for OS in erchef pushed to main, thats why we have some flags like 'search_auth_enabled' and usernam and password
- we need to create a new user because, we have been creating new user for postgres in erchef and bifrost and storing it in chef-secreats. we want to use the same patteren for OS also. OS is used by erchef only, so only one user is enough.
- need a flag to identify if its solar, or ES or OS (can we reuse the existing flag - 'search_provider')
- must use 'search_auth_enabled' flag for OS, for others not sure
- erchef Shahid will be handeling
=> omnibus side changes
- ommnibus need to create a new user using http requests by triggering helper.rb/create_opensearch_user
- best place to trigger the method is recepies/elasticsearch_index.rb, next best resource/elasticsearch_index.rb
- this must be triggered before creating the index - optmize if required
- optimize the helper.rb/elastic_search_major_version and resource/elasticsearch_index.rb/auth_header method
- verify - check if PrivateChef.credentials.get reads from chef-seacrets
- to create new user for OS checkout private_chef.rb file
- to get the super user password, make changes to chef-server-ctl secrets