New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: es: support username and password for ES #22030
Conversation
ran a suite at http://pulpito.ceph.com/abhi-2018-06-06_14:42:46-rgw-wip-abhi-testing-3-distro-basic-smithi/ where we had some failures due to centos mirrors and re-run at http://pulpito.ceph.com/abhi-2018-06-11_09:09:36-rgw-wip-abhi-testing-3-distro-basic-smithi/ |
@theanalyst pls rebase --- pr 22030 --- pulling https://github.com/theanalyst/ceph.git branch wip-es6-auth
|
67fe083
to
c146104
Compare
@yuriw updated.. |
@yehudasa can you review this once again, this was the same as the fixes for ES versions > 5.0 + support for ES deployments with a username + pw |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@theanalyst looks great, see my comment
src/rgw/rgw_sync_module_es.cc
Outdated
if (v1.major_ver == v2.major_ver) | ||
return v1.minor_ver >= v2.minor_ver; | ||
|
||
return v1.major_ver > v2.major_ver; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't it be >=
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the first equality should catch this, having said that this does look non intuitive, I'll collapse this to a one liner
@yehudasa updated to use a std::pair as the ESVersion, and just a wrapper struct to parse the nested version json. |
src/rgw/rgw_sync_module_es.cc
Outdated
|
||
ESVersion get_version() { | ||
int _major,_minor; | ||
sscanf(s.c_str(), "%d.%d", &_major, &_minor); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any possibility of parse error (including empty input) here? Remember to check the result of sscanf(), if you'd like to use scanf() here and there's any possibility of error. Or, consider using std::stoi(), which also has error detection (note that the older C atoi() doesn't give you a way to do this) and supports std::string directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@theanalyst should at least dump error and set defaults to _major and _minor.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
bdffb4f
to
44ae56b
Compare
rebased against current master, also have made the es_version_decoder throw a JSONDecoder error in case of a failed scanf, since the error will be caught by the rest coroutine which will ultimately raise an -EINVAL. |
Passes local testing, @yehudasa can you take a look |
This commit introduces an enum mapping various ES types. Also encode_json now has a new member for string type so that this can be changed easily when upgrading ES versions for eg. wherein new ES engines do not support the string type anymore. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Adding another constructor overload for cases when we need to override the default headers Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Getting the basic information from elasticsearch, while we're only currently interested in elasic search version, other data such as the ES cluster name etc may be useful in the future as well. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
from Elasticsearch 5.0+ the type string is deprecated, while it is still allowed in 5.0, it returns a 400 error on 6.0 clusters as this type is fully removed. We now determine the es version while initializing the cluster from elasticsearch's default endpoint and use that to determine what string type to use. This way we support both 2.x and 5.x,6.x es versions as we default to string type for clusters < 5.0 Fixes: http://tracker.ceph.com/issues/22877 Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Adding support to add additional headers as a part of GET and READ requests. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
For ES endpoints terminated with a username and password, either via xpack or fronted by another webserver with http basic auth, we now support "username" and "password" configurable which should be capable of doing HTTP basic authentication Fixes: https://tracker.ceph.com/issues/23655 Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
using std::pair as the version struct. Another decoder class is currently introduced as we have a nested json type for version right now. Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
44ae56b
to
53d1685
Compare
@yehudasa updated against the current master, and tested locally, can you take a look |
@theanalyst still looks good |
@theanalyst feel free to merge if passing tests. We'll want to backport it to mimic. |
@theanalyst though note comment by @chardan |
Need to revise string to text conversion for ES 5.x+
|
||
es_index_settings settings(conf->num_replicas, conf->num_shards); | ||
es_index_mappings mappings; | ||
if (es_info.version >= ESVersion(5,0)) { | ||
ldout(sync_env->cct, 0) << "elasticsearch: using text type for string index mappings " << dendl; | ||
mappings.string_type = ESType::Text; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@theanalyst note migration instructions here:
https://www.elastic.co/blog/strings-are-dead-long-live-strings
string
converts into either text
or keyword
, depending on the analyzed
state. We also need to make sure the index
field is being created correctly (as code is written now, it doesn't create it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the find, I'll modify dump_type to handle these cases
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm seeing the same behaviour even without the patch in ES 5.6, we get the double mapping to both text and keyword. I assume name fields should be text types and most of the fields like IDs should be keywords
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So reading more into this it seems even mapping types are already deprecated and going away in the next ES version. https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html, not sure how exactly we're supposed to be mapping types then. For now I'll decide based on "analyzed" field whether we dump a keyword or a text if the type set is not a string already.
@theanalyst I did some work on this, see here: |
taken up in #26106 |
For ES endpoints terminated with a username and password, either via xpack or
fronted by another webserver with http basic auth, we now support "username" and
"password" configurable which should be capable of doing HTTP basic
authentication
Fixes: https://tracker.ceph.com/issues/23655
This is built atop of #21852 and basically first adds support for headers in get http crs, and then adds these headers as a part of all the ES requests