Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure the searchguard init script is only run on initial deployment #908

Merged
merged 1 commit into from May 15, 2019

Conversation

Projects
None yet
3 participants
@thom8
Copy link
Member

commented Feb 21, 2019

We have had a number of cases where the init script is run on a restart of the logs-db pod and resets the tenants to the default configuration.

This PR ensures that the searchguard init script sgadmin_demo.sh is only run on the initial deployment of logs-db.

You can also delete the state file and redeploy if you need to reset an existing deployment.

@thom8 thom8 requested a review from Schnitzel Feb 21, 2019

@Schnitzel

This comment has been minimized.

Copy link
Member

commented Feb 21, 2019

nice idea, but we need to make sure that this only runs on the very first node of an elasticsearch cluster. As in a cluster you have multiple nodes and all of them will run the same code, aka we would initialize the cluster the same amount that we have nodes. If we add a node to a cluster, it will also cause the cluster to be initialized again...

@Schnitzel
Copy link
Member

left a comment

see comment above

@thom8 thom8 force-pushed the thom8:feature/searchguard-init branch to 4f6c3e6 Feb 24, 2019

@Schnitzel

This comment has been minimized.

Copy link
Member

commented Feb 27, 2019

interesting idea, though I'm not sure if this really solves our problem:
The current issue is that sometimes an ES node comes back into the cluster and is not fully synchronized yet with the rest of the cluster, because of that the script will run sgadmin_demo.sh.
With the new code the same could happen again: The ES node comes back into the cluster, is not fully synced, therefore the user init does not exist yet and it will start to initialize again.
Or maybe I'm missing something?

I would suggest to just remove the init code all together, and we document within the Setup Documentation of Lagoon that an admin needs to run sgadmin_demo.sh at the very very first time manually.

@thom8 thom8 force-pushed the thom8:feature/searchguard-init branch from 4f6c3e6 to 93d0c14 Apr 3, 2019

@thom8

This comment has been minimized.

Copy link
Member Author

commented Apr 3, 2019

@Schnitzel removed the initialisation in start.sh and added docs for the initial setup.

@thom8 thom8 requested review from Schnitzel and shreddedbacon Apr 4, 2019

@shreddedbacon
Copy link
Member

left a comment

LGTM

@thom8 thom8 force-pushed the thom8:feature/searchguard-init branch from 15d2927 to c9adf08 May 5, 2019

@Schnitzel Schnitzel merged commit 0f7c030 into amazeeio:master May 15, 2019

1 check passed

continuous-integration/jenkins/pr-merge This commit looks good
Details

@Schnitzel Schnitzel added this to the v0.23.0 milestone May 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.