Skip to content

Commit

Permalink
Allow test clusters to run with TLS (opensearch-project#8900)
Browse files Browse the repository at this point in the history
* Basic idea

Signed-off-by: Stephen Crawford <[email protected]>

* Make configurable

Signed-off-by: Stephen Crawford <[email protected]>

* Update change log

Signed-off-by: Stephen Crawford <[email protected]>

* Have to ask around

Signed-off-by: Stephen Crawford <[email protected]>

* add http protocol configuration

Signed-off-by: Stephen Crawford <[email protected]>

* Fix failure

Signed-off-by: Stephen Crawford <[email protected]>

* Update settings

Signed-off-by: Stephen Crawford <[email protected]>

* Fix config

Signed-off-by: Stephen Crawford <[email protected]>

* retry integ

Signed-off-by: Stephen Crawford <[email protected]>

* retry integ

Signed-off-by: Stephen Crawford <[email protected]>

* Fix failure to find

Signed-off-by: Stephen Crawford <[email protected]>

* spotless

Signed-off-by: Stephen Crawford <[email protected]>

* fix assigment

Signed-off-by: Stephen Crawford <[email protected]>

* fix npe

Signed-off-by: Stephen Crawford <[email protected]>

* set default

Signed-off-by: Stephen Crawford <[email protected]>

* set default

Signed-off-by: Stephen Crawford <[email protected]>

* Spotless

Signed-off-by: Stephen Crawford <[email protected]>

* prevent empty string

Signed-off-by: Stephen Crawford <[email protected]>

* Swap optional use

Signed-off-by: Stephen Crawford <[email protected]>

* Swap back run setup

Signed-off-by: Stephen Crawford <[email protected]>

* try stream fix

Signed-off-by: Stephen Crawford <[email protected]>

* store

Signed-off-by: Stephen Crawford <[email protected]>

* remove config mentioons

Signed-off-by: Stephen Crawford <[email protected]>

* fix failure

Signed-off-by: Stephen Crawford <[email protected]>

* spotless

Signed-off-by: Stephen Crawford <[email protected]>

* Readd setting to config

Signed-off-by: Stephen Crawford <[email protected]>

* readd overridable

Signed-off-by: Stephen Crawford <[email protected]>

* Spotless

Signed-off-by: Stephen Crawford <[email protected]>

* Add setting to env

Signed-off-by: Stephen Crawford <[email protected]>

* spotless

Signed-off-by: Stephen Crawford <[email protected]>

* trigger retry

Signed-off-by: Stephen Crawford <[email protected]>

* Buildable

Signed-off-by: Stephen Crawford <[email protected]>

* update cert passing

Signed-off-by: Stephen Crawford <[email protected]>

* remove log

Signed-off-by: Stephen Crawford <[email protected]>

* buildable no logs

Signed-off-by: Stephen Crawford <[email protected]>

* Spotless

Signed-off-by: Stephen Crawford <[email protected]>

* remove uneeded configs

Signed-off-by: Stephen Crawford <[email protected]>

* Pass old creds

Signed-off-by: Stephen Crawford <[email protected]>

* fix bad logs

Signed-off-by: Stephen Crawford <[email protected]>

* spotless

Signed-off-by: Stephen Crawford <[email protected]>

* Reta's requests

Signed-off-by: Stephen Crawford <[email protected]>

* Swap to boolean

Signed-off-by: Stephen Crawford <[email protected]>

* trigger retry

Signed-off-by: Stephen Crawford <[email protected]>

* Make bool

Signed-off-by: Stephen Crawford <[email protected]>

* fix npe

Signed-off-by: Stephen Crawford <[email protected]>

* spotless

Signed-off-by: Stephen Crawford <[email protected]>

* failed with string logic

Signed-off-by: Stephen Crawford <[email protected]>

---------

Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
  • Loading branch information
stephen-crawford authored and austintlee committed Aug 25, 2023
1 parent 52fda0e commit 802f179
Show file tree
Hide file tree
Showing 5 changed files with 75 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Change InternalSignificantTerms to sum shard-level superset counts only in final reduce ([#8735](https://github.com/opensearch-project/OpenSearch/pull/8735))
- Exclude 'benchmarks' from codecov report ([#8805](https://github.com/opensearch-project/OpenSearch/pull/8805))
- Create separate SourceLookup instance per segment slice in SignificantTextAggregatorFactory ([#8807](https://github.com/opensearch-project/OpenSearch/pull/8807))
- Allow test clusters to run with TLS ([#8900](https://github.com/opensearch-project/OpenSearch/pull/8900))
- Replace the deprecated IndexReader APIs with new storedFields() & termVectors() ([#7792](https://github.com/opensearch-project/OpenSearch/pull/7792))
- [Remote Store] Add support to restore only unassigned shards of an index ([#8792](https://github.com/opensearch-project/OpenSearch/pull/8792))
- Add safeguard limits for file cache during node level allocation ([#8208](https://github.com/opensearch-project/OpenSearch/pull/8208))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,24 @@ public WaitForHttpResource(String protocol, String host, int numberOfNodes) thro
this(new URL(protocol + "://" + host + "/_cluster/health?wait_for_nodes=>=" + numberOfNodes + "&wait_for_status=yellow"));
}

public WaitForHttpResource(String protocol, String host, String username, String password, int numberOfNodes)
throws MalformedURLException {
this(
new URL(
protocol
+ "://"
+ username
+ ":"
+ password
+ "@"
+ host
+ "/_cluster/health?wait_for_nodes=>="
+ numberOfNodes
+ "&wait_for_status=yellow"
)
);
}

public WaitForHttpResource(URL url) {
this.url = url;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ public class OpenSearchCluster implements TestClusterConfiguration, Named {
private final FileSystemOperations fileSystemOperations;
private final ArchiveOperations archiveOperations;
private int nodeIndex = 0;

private int zoneCount = 1;

public OpenSearchCluster(
Expand All @@ -100,7 +99,6 @@ public OpenSearchCluster(
this.archiveOperations = archiveOperations;
this.workingDirBase = workingDirBase;
this.nodes = project.container(OpenSearchNode.class);

// Always add the first node
String zone = hasZoneProperty() ? "zone-1" : "";
addNode(clusterName + "-0", zone);
Expand Down Expand Up @@ -265,6 +263,11 @@ public void keystorePassword(String password) {
nodes.all(each -> each.keystorePassword(password));
}

@Override
public void setSecure(boolean secure) {
nodes.all(each -> each.setSecure(secure));
}

@Override
public void cliSetup(String binTool, CharSequence... args) {
nodes.all(each -> each.cliSetup(binTool, args));
Expand Down Expand Up @@ -367,6 +370,7 @@ private void commonNodeConfig() {
} else {
nodeNames = nodes.stream().map(OpenSearchNode::getName).map(this::safeName).collect(Collectors.joining(","));
}

OpenSearchNode firstNode = null;
for (OpenSearchNode node : nodes) {
// Can only configure master nodes if we have node names defined
Expand Down Expand Up @@ -554,12 +558,25 @@ public OpenSearchNode singleNode() {
private void addWaitForClusterHealth() {
waitConditions.put("cluster health yellow", (node) -> {
try {
WaitForHttpResource wait = new WaitForHttpResource("http", getFirstNode().getHttpSocketURI(), nodes.size());

List<Map<String, String>> credentials = getFirstNode().getCredentials();
if (getFirstNode().getCredentials().isEmpty() == false) {
wait.setUsername(credentials.get(0).get("useradd"));
wait.setPassword(credentials.get(0).get("-p"));
WaitForHttpResource wait;
if (!getFirstNode().isSecure()) {
wait = new WaitForHttpResource("http", getFirstNode().getHttpSocketURI(), nodes.size());
List<Map<String, String>> credentials = getFirstNode().getCredentials();
if (getFirstNode().getCredentials().isEmpty() == false) {
wait.setUsername(credentials.get(0).get("useradd"));
wait.setPassword(credentials.get(0).get("-p"));
}
} else {
wait = new WaitForHttpResource(
"https",
getFirstNode().getHttpSocketURI(),
getFirstNode().getCredentials().get(0).get("username"),
getFirstNode().getCredentials().get(0).get("password"),
nodes.size()
);
wait.setUsername(getFirstNode().getCredentials().get(0).get("username"));
wait.setPassword(getFirstNode().getCredentials().get(0).get("password"));
wait.setCertificateAuthorities(getFirstNode().getExtraConfigFilesMap().get("root-ca.pem"));
}
return wait.wait(500);
} catch (IOException e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ public class OpenSearchNode implements TestClusterConfiguration {
private final Path httpPortsFile;
private final Path tmpDir;

private boolean secure = false;
private int currentDistro = 0;
private TestDistribution testDistribution;
private final List<OpenSearchDistribution> distributions = new ArrayList<>();
Expand Down Expand Up @@ -209,6 +210,7 @@ public class OpenSearchNode implements TestClusterConfiguration {
setTestDistribution(TestDistribution.INTEG_TEST);
setVersion(VersionProperties.getOpenSearch());
this.zone = zone;
this.credentials.add(new HashMap<>());
}

@Input
Expand All @@ -217,6 +219,11 @@ public String getName() {
return nameCustomization.apply(name);
}

@Internal
public boolean isSecure() {
return secure;
}

@Internal
public Version getVersion() {
return Version.fromString(distributions.get(currentDistro).getVersion());
Expand Down Expand Up @@ -452,6 +459,11 @@ public void setPreserveDataDir(boolean preserveDataDir) {
this.preserveDataDir = preserveDataDir;
}

@Override
public void setSecure(boolean secure) {
this.secure = secure;
}

@Override
public void freeze() {
requireNonNull(testDistribution, "null testDistribution passed when configuring test cluster `" + this + "`");
Expand All @@ -471,6 +483,18 @@ public Stream<String> logLines() throws IOException {
@Override
public synchronized void start() {
LOGGER.info("Starting `{}`", this);
if (System.getProperty("tests.opensearch.secure") != null
&& System.getProperty("tests.opensearch.secure").equalsIgnoreCase("true")) {
secure = true;
}
if (System.getProperty("tests.opensearch.username") != null) {
this.credentials.get(0).put("username", System.getProperty("tests.opensearch.username"));
LOGGER.info("Overwriting username to: " + this.getCredentials().get(0).get("username"));
}
if (System.getProperty("tests.opensearch.password") != null) {
this.credentials.get(0).put("password", System.getProperty("tests.opensearch.password"));
LOGGER.info("Overwriting password to: " + this.getCredentials().get(0).get("password"));
}
if (Files.exists(getExtractedDistributionDir()) == false) {
throw new TestClustersException("Can not start " + this + ", missing: " + getExtractedDistributionDir());
}
Expand Down Expand Up @@ -1349,6 +1373,11 @@ public List<?> getExtraConfigFiles() {
return extraConfigFiles.getNormalizedCollection();
}

@Internal
public Map<String, File> getExtraConfigFilesMap() {
return extraConfigFiles;
}

@Override
@Internal
public boolean isProcessAlive() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ public interface TestClusterConfiguration {

void setPreserveDataDir(boolean preserveDataDir);

void setSecure(boolean secure);

void freeze();

void start();
Expand Down

0 comments on commit 802f179

Please sign in to comment.