Multi-tenanted external ElasticSearch #11552
Milestone
Comments
|
Also need to take into consideration any non-obvious tools that access ElasticSearch:
Anything that grants access to an ES index should control visibility to only the ES namespace for it's own cluster |
|
We should use the shorty value of the cluster id to prefix the index names. |
|
For QA: Bug in Site Search.
|
|
For QA: Bug in Index tab in Maintanence
|
|
Let's read the links in this convo: |
|
Note to Doc: All indexes will now be prefixed with the value of the dotCMS Cluster Id. This value will be autogenerated, though it can be set in the dotmarketing-config.properties This change doesn't affect UI, however in a ES server, indexes and aliases are stored with the cluster id prefix. Now, indexes and aliases are stored using this format: "cluster"_{cluster_id}.{index_or_alias} |
nollymar
pushed a commit
that referenced
this issue
Dec 13, 2019
nollymar
pushed a commit
that referenced
this issue
Dec 13, 2019
* Saving index name in DB just after index creation * Removing cluster id prefix before returning live and working indexes
nollymar
pushed a commit
that referenced
this issue
Dec 13, 2019
* Filter out indexes that belong to other clusters * Remove cluster id prefix before returning live and working indexes
nollymar
pushed a commit
that referenced
this issue
Dec 13, 2019
* Add cluster id prefix to getPattern method * Add propertyName attribute to support methods calls via reflection in IndiciesFactory.point()
nollymar
pushed a commit
that referenced
this issue
Dec 13, 2019
nollymar
pushed a commit
that referenced
this issue
Dec 17, 2019
|
PRs to merge into |
nollymar
pushed a commit
that referenced
this issue
Dec 17, 2019
dsilvam
added a commit
that referenced
this issue
Jan 6, 2020
* #11552 Adding Cluster ID into ES Index Name * #11552 Saving index name in DB just after index creation * #11552 Changes on this commit: * Saving index name in DB just after index creation * Removing cluster id prefix before returning live and working indexes * #11552 Changes on this commit: * Filter out indexes that belong to other clusters * Remove cluster id prefix before returning live and working indexes * #11552 Changes on this commit: * Add cluster id prefix to getPattern method * Add propertyName attribute to support methods calls via reflection in IndiciesFactory.point() * #11552 Remove cluster prefix from index name to obtain timestamp * #11552 Removing cluster id prefix before returning live and working indexes * #11552 Add support for multi tenancy in ES * #11552 Fixing message format * #11552 Some refactoring * #11552 Support for ES multi tenancy * #11552 Adding missing index in the search request * #11552 Trying to fix upload/download snapshot. Part of migration to ES 7.2 * #11552 Some refactoring * #11552 Fixing test after changes for multi tenancy * #11552 Fixing merge conflicts * Adding javadoc * Updating commit reference for src/main/enterprise * #11552 Fixing tests Co-authored-by: Daniel Silva <daniel.silva@dotcms.com>
nollymar
pushed a commit
that referenced
this issue
Jan 8, 2020
dsilvam
added a commit
that referenced
this issue
Jan 21, 2020
* #15942 update modules and some initial code from ES 6.1.3 to 6.6.2 * #15942 migrate to ES 6.6.2 and High level REST Client * #15942 more mods to use Hi Level REST Client for ES * #15942 more changes to esindexapi * #15942 more code migration to ES 6.7 * #15942 more code migration to High Level REST Client * #15942 proper usage of query * #15942 Use Low Level Client to get Index and Cluster stats * #15942 more hi/low rest client * #15942 adjust jsp for cluster status * #15942 remove ES core dependencies * #15942 Fix index stats jsp, snapshot and restore * #15942 catch exception when index not found * #15942 content types portlet not rendering * Merging changes on 16807 * #15942 remove ES modules * #15942 Specify index. Caught by test * #15942 Clean up tests and config files * #15942 Specify correct doc type * Renaming ES_AUTH_SERVER_CERT * #15942 Specity proper type. Fix mapping file for sitesearch * #15942 snapshot functionality with open-distro * #15942 deprecate snapshot functionality in favor of ES rest api * #15942 fix test. remove test not applying anymore * #15942 fix SaveContentAsDraftActionlet test * #15942 ES autowire clean-up * #15942 remove n/a value from network tab * #15942 add unassigned shards to network tab es section * #15942 Include all cluster health properties. Include timeout for search. Fix index doc count and size * #15942 fix site-search screens * #15942 restore sitesearch results screen * #16807 ability to change es-client at runtime * #15942 upgrade to ES 7.2.0 * #15942 adapt mapping for ES 7.2.0 * #17479 #15942 set proper level (new since ES 7.0) for clusterheath request. Remove not anymore supported filter * #15942 disable TSL for troubleshotting * #15942 Add rest client failure listener to troubleshoot * #15942 Restore TLS. User proper HOST name * #15942 include property to be able to override it * #15942 update certs * #15942 missing keys in repo * #15942 more certs changes * Fixing merge error * Fixing some ITs * #16781 integrate open-distro docker image with integration tests * Updating commit reference for src/main/enterprise * #16781 use branch ee to be able to execute tests * #16781 not needed port change * #16781 try without TLS enabled * #15942 try to get more feedback * #16781 exception not being thrown * #16781 * #16781 * #16781 missing changes for travis * #16781 increase indices.query.bool.max_clause_count * #16781 set query default field * #17601 A new validation was added to the check in process to verify if the ES cluster is in read only mode (#17608) * #17601 A new validation was added to the check in process to verify if the ES cluster is in read only mode * #17601 Implementing new ITs * #17601 New IT that covers the validation of the cluster state when a checkin is executed using legacy relationships * #17601 Javadoc for isClusterInReadOnlyMode() * #17601 Adding javadoc * #17601 Applying code review suggestions * #15942 Fixing merge conflicts * Updating commit reference for src/main/enterprise * Updating commit reference for src/main/enterprise * Issue 11552 multi tenanted external elastic search (#17746) * #11552 Adding Cluster ID into ES Index Name * #11552 Saving index name in DB just after index creation * #11552 Changes on this commit: * Saving index name in DB just after index creation * Removing cluster id prefix before returning live and working indexes * #11552 Changes on this commit: * Filter out indexes that belong to other clusters * Remove cluster id prefix before returning live and working indexes * #11552 Changes on this commit: * Add cluster id prefix to getPattern method * Add propertyName attribute to support methods calls via reflection in IndiciesFactory.point() * #11552 Remove cluster prefix from index name to obtain timestamp * #11552 Removing cluster id prefix before returning live and working indexes * #11552 Add support for multi tenancy in ES * #11552 Fixing message format * #11552 Some refactoring * #11552 Support for ES multi tenancy * #11552 Adding missing index in the search request * #11552 Trying to fix upload/download snapshot. Part of migration to ES 7.2 * #11552 Some refactoring * #11552 Fixing test after changes for multi tenancy * #11552 Fixing merge conflicts * Adding javadoc * Updating commit reference for src/main/enterprise * #11552 Fixing tests Co-authored-by: Daniel Silva <daniel.silva@dotcms.com> * Updating commit reference for src/main/enterprise * Updating commit reference for src/main/enterprise * #15942 Changing the access modifier for the indicesAPI variable * #15942 Changing the way the ESIndexHelper is initialized to mock objects for unit tests * #15942 Changing the way the IndiciesAPI is initialized to mock objects for unit tests * #15942 Changing the way the IndiciesAPI is initialized to mock objects for unit tests * #15942 Changing the way the IndiciesAPI is initialized to mock objects for unit tests * #11552 Changing http_port to 19200 by default * #15942 Temporarily commenting sed command for ES_HOSTNAME * #15942 Temporarily getting null ES_HOSTNAME * #15942 Rolling back last change * #15942 Defining the same network for elasticsearch and database services * #15942 Setting default ES_PORT to 9200 * #15942 Rolling back last change * #15942 Fixing ITs * Updating commit reference for src/main/enterprise * #15942 Fixing race condition on testSearch * #15942 Fixing race condition on testSearch * #15942 Fixing race condition on testSearch * Updating commit reference for src/main/enterprise * #15942 Removing unnecessary sleep and uncommenting assert * #17747 Refactoring to add cluster id prefix to index alias (#17839) * Updating commit reference for src/main/enterprise * Issue 17848 update esindexresource to only call api methods (#17857) * #17848 Moving logic to get the document count of an index from ESIndexResource to ContentletIndexAPI * #17848 New postman tests for ESIndexResource * #17848 Commenting test case * #17848 Fixing issue when an index is activated * #17848 Applying code review suggestion * #15942 revert changes on dependencies file Co-authored-by: Nollymar Longa <nollymar@gmail.com>
|
This issue has been automatically marked as stale because it has not had activity within the past 90 days. It will be closed in 30 days no further activity occurs. Thank you. |
|
Tests are covered in this issue: #18046 |
|
Passed both Internal and Full QA. Tested here: #18046 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to efficiently use resources with an external ElasticSearch cluster, we need the ability for multiple dotCMS clusters to share an ElasticSearch cluster with private per-cluster namespacing. This should be hidden to the dotCMS Administrator, ie they should not have visibility that the Elastic cluster is shared and access should be isolated so that a given dotCMS cluster can only access and manage its own indexes.
A suggested pattern for enabling this would be to intercept all index API calls and inject a prefix into the index name, and stripping that prefix out when displaying in the dotCMS application (transparent to the app admins and developers). This prefix could use the existed unique CLUSTERID, which can also be set as a configuration parameter.
Example architecture:
The text was updated successfully, but these errors were encountered: