Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for AWS Elasticsearch Service #4664

Merged
merged 6 commits into from
Feb 17, 2021
Merged

Add support for AWS Elasticsearch Service #4664

merged 6 commits into from
Feb 17, 2021

Conversation

kalroy
Copy link
Collaborator

@kalroy kalroy commented Jan 28, 2021
edited by AnkurMundhra
Loading

Signed-off-by: Kallol Roy karoy@progress.com

🔩 Description: What code changed, and why?

External AWS ES Service backup fails with the error:

"Backup failed" backup_id=20210128145121 error="es-sidecar-service failed to create snapshot: rpc error: 
code = Unknown desc = failed to create snapshot repository chef-automate-es6-event-feed-service for snapshot \"20210128145121\" of service \"event-feed-service\": 
elasticsearch repository create request failed for repo \"chef-automate-es6-event-feed-service\"; 
request data: '{s3 map[base_path:automate-elasticsearch-data/chef-automate-es6-event-feed-service bucket:a2-nab-bucket compress:true]}': elastic: Error 403 (Forbidden)"

⛓️ Related Resources

4645

👍 Definition of Done

👟 How to Build and Test the Change

Assumptions about your AWS Elasticsearch configuration:

  • Must use fine grained access control
  • role arn must be provided. That role must be allowed to create snapshot repositories. This is done through the kibana interface.
  • username and password must be provided. All other requests to elasticsearch will use this for basic auth

Example Automate Configuration:

[global.v1.external.elasticsearch]
enable = true
nodes = ["https://youresdomain.us-west-2.es.amazonaws.com"]

[global.v1.external.elasticsearch.ssl]
server_name = "youresdomain.us-west-2.es.amazonaws.com"
root_cert_file = "/etc/ssl/certs/ca-bundle.crt"
[global.v1.external.elasticsearch.auth]
scheme = "aws_es"

[global.v1.external.elasticsearch.auth.aws_es]
username = "youruser"
password = "yourpassword"

[global.v1.external.elasticsearch.backup]
enable = true
location = "s3"
[global.v1.external.elasticsearch.backup.s3]
bucket = "yourbucket"
[global.v1.external.elasticsearch.backup.s3.settings]
region = "us-west-2"
role_arn = "arn:aws:iam::111111111111:role/snapshot-role"

✅ Checklist

📷 Screenshots, if applicable

Aha! Link: https://chef.aha.io/epics/SH-E-376

@netlify
Copy link

netlify bot commented Jan 28, 2021
edited
Loading

Deploy preview for chef-automate processing.

Building with commit cebf2b7

https://app.netlify.com/sites/chef-automate/deploys/6022dc9c061cba0007fdb7cb

@kalroy kalroy changed the title Initial changes to pass role_arn to backup WIP: Initial changes to pass role_arn to backup Jan 28, 2021
@kalroy kalroy self-assigned this Jan 28, 2021
@kalroy kalroy added this to the Automate 2021 Q1 SP1 milestone Jan 28, 2021
@kalroy kalroy marked this pull request as draft January 28, 2021 15:16
@kalroy kalroy changed the title WIP: Initial changes to pass role_arn to backup WIP: ES Sidecar service changes to pass ARN Jan 28, 2021
@jaym jaym force-pushed the kallol/external-es-s3-backup branch from 0e2f34d to 308894e Compare February 4, 2021 23:21
kalroy and others added 4 commits February 9, 2021 07:23
@kalroy
Initial changes to pass role_arn to backup
883e90d 
Signed-off-by: Kallol Roy <karoy@progress.com>
WIP
4f2c8f0
Add test and fix bug for esgateway config
a6bd485 
Signed-off-by: Jay Mundrawala <jmundrawala@chef.io>
Use optional parameters
d6e34a8 
Signed-off-by: Jay Mundrawala <jmundrawala@chef.io>
@jaym jaym force-pushed the kallol/external-es-s3-backup branch from 308894e to d6e34a8 Compare February 9, 2021 13:24
@jaym jaym changed the title WIP: ES Sidecar service changes to pass ARN Add support for AWS Elasticsearch Service Feb 9, 2021
Fix unit tests
c0e6020 
Signed-off-by: Jay Mundrawala <jmundrawala@chef.io>
@kalroy kalroy force-pushed the kallol/external-es-s3-backup branch from c0e6020 to 308894e Compare February 9, 2021 16:04
@jaym jaym force-pushed the kallol/external-es-s3-backup branch from 308894e to c0e6020 Compare February 9, 2021 16:10
fixup go.mod
cebf2b7 
Signed-off-by: Jay Mundrawala <jmundrawala@chef.io>
@jaym jaym marked this pull request as ready for review February 11, 2021 13:20
@kalroy kalroy merged commit 0dbf335 into master Feb 17, 2021
@kalroy kalroy deleted the kallol/external-es-s3-backup branch February 17, 2021 18:15
@balkarsinghkang
Copy link
Collaborator

Backup worked successfully, but restore failed. Below are some of the error logs

s operations" backup_id=20210218183956 error="failed to import database dump from authz-service/pg_data/chef_authz_service.fc: error importing database "chef_authz_service": failed to import SQL file from "stdin", stderr: pg_restore: [archiver (db)] Error while PROCESSING TOC:\npg_restore: [archiver (db)] Error from TOC entry 3357; 0 0 COMMENT EXTENSION pgcrypto \npg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension pgcrypto\n Command was: COMMENT ON EXTENSION pgcrypto IS 'cryptographic functions';\n\n\n\npg_restore: [archiver (db)] Error from TOC entry 3358; 0 0 COMMENT EXTENSION "uuid-ossp" \npg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension uuid-ossp\n Command was: COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';\n\n\n\nWARNING: errors ignored on restore: 2\n: exit status 1" restore_id=20210218190036
Feb 18 19:02:31 ip-10-100-101-171 hab[989]: deployment-service.default(O): time="2021-02-18T19:02:31Z" level=error msg="Failed to restore services" backup_id=20210218183956 error="failed to import database dump from authz-service/pg_data/chef_authz_service.fc: error importing database "chef_authz_service": failed to import SQL file from "stdin", stderr: pg_restore: [archiver (db)] Error while PROCESSING TOC:\npg_restore: [archiver (db)] Error from TOC entry 3357; 0 0 COMMENT EXTENSION pgcrypto \npg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension pgcrypto\n Command was: COMMENT ON EXTENSION pgcrypto IS 'cryptographic functions';\n\n\n\npg_restore: [archiver (db)] Error from TOC entry 3358; 0 0 COMMENT EXTENSION "uuid-ossp" \npg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension uuid-ossp\n Command was: COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';\n\n\n\nWARNING: errors ignored on restore: 2\n: exit status 1" restore_id=20210218190036

@Kmaralla Kmaralla mentioned this pull request Oct 5, 2021
Open
@Kmaralla
Copy link

Kmaralla commented Oct 5, 2021

@kalroy Opened similar issue. Any help would be appreciated
#5851

@Kmaralla
Copy link

Kmaralla commented Mar 4, 2022

Any update on restore support in Aws Elasticsearch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaym jaym jaym left review comments

Assignees

@kalroy kalroy

Labels
Epic
Projects
None yet
Milestone
Automate 2021 Q1 SP2
Development

Successfully merging this pull request may close these issues.
5 participants
@kalroy @balkarsinghkang @Kmaralla @jaym @AnkurMundhra