rgw: es: support username and password for ES #22030
Conversation
|
ran a suite at http://pulpito.ceph.com/abhi-2018-06-06_14:42:46-rgw-wip-abhi-testing-3-distro-basic-smithi/ where we had some failures due to centos mirrors and re-run at http://pulpito.ceph.com/abhi-2018-06-11_09:09:36-rgw-wip-abhi-testing-3-distro-basic-smithi/ |
|
@theanalyst pls rebase --- pr 22030 --- pulling https://github.com/theanalyst/ceph.git branch wip-es6-auth
|
theanalyst
force-pushed
the
wip-es6-auth
branch
from
67fe083
to
c146104
Compare
|
@yuriw updated.. |
|
@yehudasa can you review this once again, this was the same as the fixes for ES versions > 5.0 + support for ES deployments with a username + pw |
src/rgw/rgw_sync_module_es.cc
Outdated
| if (v1.major_ver == v2.major_ver) | ||
| return v1.minor_ver >= v2.minor_ver; | ||
|
|
||
| return v1.major_ver > v2.major_ver; |
There was a problem hiding this comment.
I guess the first equality should catch this, having said that this does look non intuitive, I'll collapse this to a one liner
|
@yehudasa updated to use a std::pair as the ESVersion, and just a wrapper struct to parse the nested version json. |
src/rgw/rgw_sync_module_es.cc
Outdated
|
|
||
| ESVersion get_version() { | ||
| int _major,_minor; | ||
| sscanf(s.c_str(), "%d.%d", &_major, &_minor); |
There was a problem hiding this comment.
Is there any possibility of parse error (including empty input) here? Remember to check the result of sscanf(), if you'd like to use scanf() here and there's any possibility of error. Or, consider using std::stoi(), which also has error detection (note that the older C atoi() doesn't give you a way to do this) and supports std::string directly.
There was a problem hiding this comment.
@theanalyst should at least dump error and set defaults to _major and _minor.
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
theanalyst
force-pushed
the
wip-es6-auth
branch
3 times, most recently
from
bdffb4f
to
44ae56b
Compare
|
rebased against current master, also have made the es_version_decoder throw a JSONDecoder error in case of a failed scanf, since the error will be caught by the rest coroutine which will ultimately raise an -EINVAL. |
|
Passes local testing, @yehudasa can you take a look |
This commit introduces an enum mapping various ES types. Also encode_json now has a new member for string type so that this can be changed easily when upgrading ES versions for eg. wherein new ES engines do not support the string type anymore. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Adding another constructor overload for cases when we need to override the default headers Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Getting the basic information from elasticsearch, while we're only currently interested in elasic search version, other data such as the ES cluster name etc may be useful in the future as well. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
from Elasticsearch 5.0+ the type string is deprecated, while it is still allowed in 5.0, it returns a 400 error on 6.0 clusters as this type is fully removed. We now determine the es version while initializing the cluster from elasticsearch's default endpoint and use that to determine what string type to use. This way we support both 2.x and 5.x,6.x es versions as we default to string type for clusters < 5.0 Fixes: http://tracker.ceph.com/issues/22877 Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Adding support to add additional headers as a part of GET and READ requests. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
For ES endpoints terminated with a username and password, either via xpack or fronted by another webserver with http basic auth, we now support "username" and "password" configurable which should be capable of doing HTTP basic authentication Fixes: https://tracker.ceph.com/issues/23655 Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
using std::pair as the version struct. Another decoder class is currently introduced as we have a nested json type for version right now. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
theanalyst
force-pushed
the
wip-es6-auth
branch
from
44ae56b
to
53d1685
Compare
|
@yehudasa updated against the current master, and tested locally, can you take a look |
|
@theanalyst still looks good |
|
@theanalyst feel free to merge if passing tests. We'll want to backport it to mimic. |
|
@theanalyst though note comment by @chardan |
yehudasa
dismissed
their stale review
Need to revise string to text conversion for ES 5.x+
|
|
||
| es_index_settings settings(conf->num_replicas, conf->num_shards); | ||
| es_index_mappings mappings; | ||
| if (es_info.version >= ESVersion(5,0)) { | ||
| ldout(sync_env->cct, 0) << "elasticsearch: using text type for string index mappings " << dendl; | ||
| mappings.string_type = ESType::Text; |
There was a problem hiding this comment.
@theanalyst note migration instructions here:
https://www.elastic.co/blog/strings-are-dead-long-live-strings
string converts into either text or keyword, depending on the analyzed state. We also need to make sure the index field is being created correctly (as code is written now, it doesn't create it).
There was a problem hiding this comment.
Thanks for the find, I'll modify dump_type to handle these cases
There was a problem hiding this comment.
I'm seeing the same behaviour even without the patch in ES 5.6, we get the double mapping to both text and keyword. I assume name fields should be text types and most of the fields like IDs should be keywords
There was a problem hiding this comment.
So reading more into this it seems even mapping types are already deprecated and going away in the next ES version. https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html, not sure how exactly we're supposed to be mapping types then. For now I'll decide based on "analyzed" field whether we dump a keyword or a text if the type set is not a string already.
|
@theanalyst I did some work on this, see here: |
|
taken up in #26106 |
For ES endpoints terminated with a username and password, either via xpack or
fronted by another webserver with http basic auth, we now support "username" and
"password" configurable which should be capable of doing HTTP basic
authentication
Fixes: https://tracker.ceph.com/issues/23655
This is built atop of #21852 and basically first adds support for headers in get http crs, and then adds these headers as a part of all the ES requests