From 63e4d321c4c034b281e5aa60065b7c640e50d8aa Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 15:02:09 +0800 Subject: [PATCH 01/19] update es python, opensearch --- .github/workflows/cicd.yml | 2 +- compose.yml | 2 +- stac_fastapi/elasticsearch/setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index da9f8938a..240482825 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -33,7 +33,7 @@ jobs: - 9200:9200 opensearch_2_11: - image: opensearchproject/opensearch:2.11.1 + image: opensearchproject/opensearch:2.19.3 env: cluster.name: stac-cluster node.name: os01 diff --git a/compose.yml b/compose.yml index b694c7e98..5dfa92e92 100644 --- a/compose.yml +++ b/compose.yml @@ -84,7 +84,7 @@ services: opensearch: container_name: os-container - image: opensearchproject/opensearch:${OPENSEARCH_VERSION:-2.11.1} + image: opensearchproject/opensearch:${OPENSEARCH_VERSION:-2.19.3} hostname: opensearch environment: - discovery.type=single-node diff --git a/stac_fastapi/elasticsearch/setup.py b/stac_fastapi/elasticsearch/setup.py index 1751df78f..a3b16075f 100644 --- a/stac_fastapi/elasticsearch/setup.py +++ b/stac_fastapi/elasticsearch/setup.py @@ -8,7 +8,7 @@ install_requires = [ "stac-fastapi-core==6.5.1", "sfeos-helpers==6.5.1", - "elasticsearch[async]~=8.18.0", + "elasticsearch[async]~=8.19.1", "uvicorn~=0.23.0", "starlette>=0.35.0,<0.36.0", ] From e74d794e1ff2f2e26b8f8a5f00319af6087c7b33 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 15:32:23 +0800 Subject: [PATCH 02/19] 2.13 --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 240482825..e858b3ac4 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_11: - image: opensearchproject/opensearch:2.19.3 + opensearch_2_13: + image: opensearchproject/opensearch:2.13.0 env: cluster.name: stac-cluster node.name: os01 From 6e95087abf374b0db944c0d3026cbcfec47178d7 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 15:39:42 +0800 Subject: [PATCH 03/19] 2.12 --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index e858b3ac4..7b024a9b5 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_13: - image: opensearchproject/opensearch:2.13.0 + opensearch_2_12: + image: opensearchproject/opensearch:2.12.0 env: cluster.name: stac-cluster node.name: os01 From ed297d7f51766221ffda7cef01d88d1bcdc430fb Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 15:46:58 +0800 Subject: [PATCH 04/19] add debug --- .github/workflows/cicd.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7b024a9b5..744154e4f 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -98,6 +98,20 @@ jobs: run: | pip install pytest-timeout + - name: Debug OpenSearch/Elasticsearch status + run: | + echo "Root response:" + curl -sS -D - http://localhost:$ES_PORT/ || true + echo; echo "Cluster health:" + curl -sS http://localhost:$ES_PORT/_cluster/health || true + echo; echo "List opensearch/elasticsearch containers:" + docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}" || true + echo; echo "Container logs (first match):" + cid=$(docker ps -q --filter "ancestor=opensearchproject/opensearch" | head -n1 || true) + if [ -n "$cid" ]; then docker logs --tail 200 $cid || true; else echo "no opensearch container found"; fi + env: + ES_PORT: ${{ matrix.backend == 'elasticsearch8' && '9200' || '9202' }} + - name: Run test suite run: | pipenv run pytest -svvv --timeout=300 From 972423f35d8ba476913d4f8ad586fdb2a0ec5dc9 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 15:57:14 +0800 Subject: [PATCH 05/19] wait --- .github/workflows/cicd.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 744154e4f..351c31d3a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -98,6 +98,29 @@ jobs: run: | pip install pytest-timeout + - name: Wait for OpenSearch to be ready + run: | + set -e + host="${{ env.OPENSEARCH_HOST:-localhost }}" + port="${{ env.OPENSEARCH_PORT:-9202 }}" + url="http://$host:$port/_cluster/health" + echo "Waiting for OpenSearch at $url" + for i in $(seq 1 60); do + if curl -sS "$url" | grep -E '"status":"(yellow|green)"' >/dev/null 2>&1; then + echo "OpenSearch is ready" + curl -sS "http://$host:$port" || true + break + fi + echo "OpenSearch not ready yet ($i/60) — sleeping 5s" + sleep 5 + done + # Final check: fail the job if still not ready + if ! curl -sS "$url" | grep -E '"status":"(yellow|green)"' >/dev/null 2>&1; then + echo "OpenSearch failed to become ready within timeout" + curl -sS "http://$host:$port" || true + exit 1 + fi + - name: Debug OpenSearch/Elasticsearch status run: | echo "Root response:" From 821b6d1f71a738cfad1ae4864574c09e94d11193 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:05:50 +0800 Subject: [PATCH 06/19] update --- .github/workflows/cicd.yml | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 351c31d3a..6aeb68c87 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -98,28 +98,34 @@ jobs: run: | pip install pytest-timeout - - name: Wait for OpenSearch to be ready + - name: Wait for Search Service to be ready run: | set -e - host="${{ env.OPENSEARCH_HOST:-localhost }}" - port="${{ env.OPENSEARCH_PORT:-9202 }}" + host="localhost" + port="${{ matrix.backend == 'elasticsearch8' && '9200' || '9202' }}" url="http://$host:$port/_cluster/health" - echo "Waiting for OpenSearch at $url" - for i in $(seq 1 60); do - if curl -sS "$url" | grep -E '"status":"(yellow|green)"' >/dev/null 2>&1; then - echo "OpenSearch is ready" + echo "Waiting for ${{ matrix.backend }} at $url" + + # Add initial delay + echo "Waiting 10s for service to start..." + sleep 10 + + for i in $(seq 1 10); do # 10 retries * 5s = 50s max wait + if curl -sS --fail --show-error --max-time 5 "$url" 2>/dev/null | grep -E '"status":"(yellow|green)"' >/dev/null; then + echo "${{ matrix.backend }} is ready" curl -sS "http://$host:$port" || true - break + exit 0 fi - echo "OpenSearch not ready yet ($i/60) — sleeping 5s" + echo "${{ matrix.backend }} not ready yet ($((i*5))s/50s) - waiting 5s" sleep 5 done - # Final check: fail the job if still not ready - if ! curl -sS "$url" | grep -E '"status":"(yellow|green)"' >/dev/null 2>&1; then - echo "OpenSearch failed to become ready within timeout" - curl -sS "http://$host:$port" || true - exit 1 - fi + + echo "${{ matrix.backend }} failed to become ready within timeout" + curl -sS -v "http://$host:$port/_cluster/health" || true + echo "Container logs:" + docker ps -a + docker logs $(docker ps -q --filter "ancestor=${{ matrix.backend == 'elasticsearch8' && 'docker.elastic.co/elasticsearch/elasticsearch:8.19.5' || 'opensearchproject/opensearch:2.12.0' }}" | head -1) || true + exit 1 - name: Debug OpenSearch/Elasticsearch status run: | From a4b0703a797dc590e9eb57f12ec30d3e1d7dd328 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:15:46 +0800 Subject: [PATCH 07/19] more debug --- .github/workflows/cicd.yml | 68 ++++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6aeb68c87..fafa41666 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -43,11 +43,21 @@ jobs: http.port: 9202 http.cors.enabled: true plugins.security.disabled: true - plugins.security.ssl.http.enabled: true - OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m + plugins.security.ssl.http.enabled: false + OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m -Dopensearch.transport.cname_in_publish_address=true action.destructive_requires_name: false + bootstrap.memory_lock: 'false' + DISABLE_SECURITY_PLUGIN: 'true' + DISABLE_INSTALL_DEMO_CONFIG: 'true' ports: - 9202:9202 + options: >- + --health-cmd="curl -f http://localhost:9202/_cluster/health || exit 1" + --health-interval=10s + --health-timeout=5s + --health-retries=10 + --ulimit nofile=65536:65536 + --ulimit memlock=-1:-1 strategy: matrix: @@ -128,16 +138,52 @@ jobs: exit 1 - name: Debug OpenSearch/Elasticsearch status + if: always() run: | - echo "Root response:" - curl -sS -D - http://localhost:$ES_PORT/ || true - echo; echo "Cluster health:" - curl -sS http://localhost:$ES_PORT/_cluster/health || true - echo; echo "List opensearch/elasticsearch containers:" - docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}" || true - echo; echo "Container logs (first match):" - cid=$(docker ps -q --filter "ancestor=opensearchproject/opensearch" | head -n1 || true) - if [ -n "$cid" ]; then docker logs --tail 200 $cid || true; else echo "no opensearch container found"; fi + echo "=== System Information ===" + echo "Hostname: $(hostname)" + echo "IP Addresses: $(hostname -I || true)" + echo "Docker version: $(docker --version || true)" + echo "Docker info:" + docker info || true + + echo "\n=== Container Status ===" + docker ps -a || true + + echo "\n=== Network Information ===" + docker network inspect bridge || true + + echo "\n=== OpenSearch Container Logs ===" + OPENSEARCH_ID=$(docker ps -a --filter "ancestor=opensearchproject/opensearch:2.12.0" -q | head -1 || true) + if [ -n "$OPENSEARCH_ID" ]; then + echo "Container logs for $OPENSEARCH_ID:" + docker logs --tail 500 $OPENSEARCH_ID || true + echo "\nContainer inspect:" + docker inspect $OPENSEARCH_ID || true + echo "\nContainer environment:" + docker exec $OPENSEARCH_ID env || true + else + echo "No OpenSearch container found" + fi + + echo "\n=== Elasticsearch Container Logs ===" + ES_ID=$(docker ps -a --filter "ancestor=docker.elastic.co/elasticsearch/elasticsearch:8.19.5" -q | head -1 || true) + if [ -n "$ES_ID" ]; then + echo "Container logs for $ES_ID:" + docker logs --tail 500 $ES_ID || true + else + echo "No Elasticsearch container found" + fi + + echo "\n=== Port Check ===" + echo "Port 9200 (Elasticsearch): $(nc -zv localhost 9200 2>&1 || true)" + echo "Port 9202 (OpenSearch): $(nc -zv localhost 9202 2>&1 || true)" + + echo "\n=== Disk Space ===" + df -h || true + + echo "\n=== Memory Info ===" + free -h || true env: ES_PORT: ${{ matrix.backend == 'elasticsearch8' && '9200' || '9202' }} From 2ec68a11ef33c416b7f03dd0da57322270cc5c68 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:26:06 +0800 Subject: [PATCH 08/19] fix --- .github/workflows/cicd.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fafa41666..e1146003f 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -42,13 +42,23 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true - plugins.security.disabled: true - plugins.security.ssl.http.enabled: false - OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m -Dopensearch.transport.cname_in_publish_address=true - action.destructive_requires_name: false + # Only set security settings in one place to avoid conflicts + plugins.security.disabled: 'true' + # Disable all security features + plugins.security.ssl.http.enabled: 'false' + plugins.security.ssl.transport.enabled: 'false' + plugins.security.authcz.admin_dn: + - "" + plugins.security.nodes_dn: + - "" + OPENSEARCH_JAVA_OPTS: >- + -Xms512m + -Xmx512m + -Dopensearch.transport.cname_in_publish_address=true + -Dopensearch.cgroups.hierarchy.override=/ + -Djava.security.manager=allow + action.destructive_requires_name: 'false' bootstrap.memory_lock: 'false' - DISABLE_SECURITY_PLUGIN: 'true' - DISABLE_INSTALL_DEMO_CONFIG: 'true' ports: - 9202:9202 options: >- From b88bb6a58cae9ee4238702d583e8219e6e0c3029 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:28:15 +0800 Subject: [PATCH 09/19] fix again --- .github/workflows/cicd.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index e1146003f..a280891cc 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -42,15 +42,6 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true - # Only set security settings in one place to avoid conflicts - plugins.security.disabled: 'true' - # Disable all security features - plugins.security.ssl.http.enabled: 'false' - plugins.security.ssl.transport.enabled: 'false' - plugins.security.authcz.admin_dn: - - "" - plugins.security.nodes_dn: - - "" OPENSEARCH_JAVA_OPTS: >- -Xms512m -Xmx512m From 5ad5efbf8598c442253a2cc0cbfe8326e5098895 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:31:05 +0800 Subject: [PATCH 10/19] try again --- .github/workflows/cicd.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a280891cc..45b82af42 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -42,6 +42,15 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true + plugins.security.disabled: 'false' + OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'admin' + DISABLE_SECURITY_DEMO_CONFIG: 'true' + plugins.security.ssl.http.enabled: 'false' + plugins.security.ssl.transport.enabled: 'false' + plugins.security.authcz.admin_dn: + - "" + plugins.security.nodes_dn: + - "" OPENSEARCH_JAVA_OPTS: >- -Xms512m -Xmx512m @@ -198,4 +207,7 @@ jobs: ES_USE_SSL: false DATABASE_REFRESH: true ES_VERIFY_CERTS: false - BACKEND: ${{ matrix.backend == 'elasticsearch8' && 'elasticsearch' || 'opensearch' }} \ No newline at end of file + BACKEND: ${{ matrix.backend == 'elasticsearch8' && 'elasticsearch' || 'opensearch' }} + OPENSEARCH_USER: admin + OPENSEARCH_PASSWORD: admin + OPENSEARCH_USE_SSL: 'false' \ No newline at end of file From 06ebb701dbb47fbd589cf10af41bdd6179c2f571 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:33:36 +0800 Subject: [PATCH 11/19] revert --- .github/workflows/cicd.yml | 116 +++---------------------------------- 1 file changed, 7 insertions(+), 109 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 45b82af42..da9f8938a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_12: - image: opensearchproject/opensearch:2.12.0 + opensearch_2_11: + image: opensearchproject/opensearch:2.11.1 env: cluster.name: stac-cluster node.name: os01 @@ -42,32 +42,12 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true - plugins.security.disabled: 'false' - OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'admin' - DISABLE_SECURITY_DEMO_CONFIG: 'true' - plugins.security.ssl.http.enabled: 'false' - plugins.security.ssl.transport.enabled: 'false' - plugins.security.authcz.admin_dn: - - "" - plugins.security.nodes_dn: - - "" - OPENSEARCH_JAVA_OPTS: >- - -Xms512m - -Xmx512m - -Dopensearch.transport.cname_in_publish_address=true - -Dopensearch.cgroups.hierarchy.override=/ - -Djava.security.manager=allow - action.destructive_requires_name: 'false' - bootstrap.memory_lock: 'false' + plugins.security.disabled: true + plugins.security.ssl.http.enabled: true + OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m + action.destructive_requires_name: false ports: - 9202:9202 - options: >- - --health-cmd="curl -f http://localhost:9202/_cluster/health || exit 1" - --health-interval=10s - --health-timeout=5s - --health-retries=10 - --ulimit nofile=65536:65536 - --ulimit memlock=-1:-1 strategy: matrix: @@ -118,85 +98,6 @@ jobs: run: | pip install pytest-timeout - - name: Wait for Search Service to be ready - run: | - set -e - host="localhost" - port="${{ matrix.backend == 'elasticsearch8' && '9200' || '9202' }}" - url="http://$host:$port/_cluster/health" - echo "Waiting for ${{ matrix.backend }} at $url" - - # Add initial delay - echo "Waiting 10s for service to start..." - sleep 10 - - for i in $(seq 1 10); do # 10 retries * 5s = 50s max wait - if curl -sS --fail --show-error --max-time 5 "$url" 2>/dev/null | grep -E '"status":"(yellow|green)"' >/dev/null; then - echo "${{ matrix.backend }} is ready" - curl -sS "http://$host:$port" || true - exit 0 - fi - echo "${{ matrix.backend }} not ready yet ($((i*5))s/50s) - waiting 5s" - sleep 5 - done - - echo "${{ matrix.backend }} failed to become ready within timeout" - curl -sS -v "http://$host:$port/_cluster/health" || true - echo "Container logs:" - docker ps -a - docker logs $(docker ps -q --filter "ancestor=${{ matrix.backend == 'elasticsearch8' && 'docker.elastic.co/elasticsearch/elasticsearch:8.19.5' || 'opensearchproject/opensearch:2.12.0' }}" | head -1) || true - exit 1 - - - name: Debug OpenSearch/Elasticsearch status - if: always() - run: | - echo "=== System Information ===" - echo "Hostname: $(hostname)" - echo "IP Addresses: $(hostname -I || true)" - echo "Docker version: $(docker --version || true)" - echo "Docker info:" - docker info || true - - echo "\n=== Container Status ===" - docker ps -a || true - - echo "\n=== Network Information ===" - docker network inspect bridge || true - - echo "\n=== OpenSearch Container Logs ===" - OPENSEARCH_ID=$(docker ps -a --filter "ancestor=opensearchproject/opensearch:2.12.0" -q | head -1 || true) - if [ -n "$OPENSEARCH_ID" ]; then - echo "Container logs for $OPENSEARCH_ID:" - docker logs --tail 500 $OPENSEARCH_ID || true - echo "\nContainer inspect:" - docker inspect $OPENSEARCH_ID || true - echo "\nContainer environment:" - docker exec $OPENSEARCH_ID env || true - else - echo "No OpenSearch container found" - fi - - echo "\n=== Elasticsearch Container Logs ===" - ES_ID=$(docker ps -a --filter "ancestor=docker.elastic.co/elasticsearch/elasticsearch:8.19.5" -q | head -1 || true) - if [ -n "$ES_ID" ]; then - echo "Container logs for $ES_ID:" - docker logs --tail 500 $ES_ID || true - else - echo "No Elasticsearch container found" - fi - - echo "\n=== Port Check ===" - echo "Port 9200 (Elasticsearch): $(nc -zv localhost 9200 2>&1 || true)" - echo "Port 9202 (OpenSearch): $(nc -zv localhost 9202 2>&1 || true)" - - echo "\n=== Disk Space ===" - df -h || true - - echo "\n=== Memory Info ===" - free -h || true - env: - ES_PORT: ${{ matrix.backend == 'elasticsearch8' && '9200' || '9202' }} - - name: Run test suite run: | pipenv run pytest -svvv --timeout=300 @@ -207,7 +108,4 @@ jobs: ES_USE_SSL: false DATABASE_REFRESH: true ES_VERIFY_CERTS: false - BACKEND: ${{ matrix.backend == 'elasticsearch8' && 'elasticsearch' || 'opensearch' }} - OPENSEARCH_USER: admin - OPENSEARCH_PASSWORD: admin - OPENSEARCH_USE_SSL: 'false' \ No newline at end of file + BACKEND: ${{ matrix.backend == 'elasticsearch8' && 'elasticsearch' || 'opensearch' }} \ No newline at end of file From 96105d9b0affd1af2183bf266ae0c34d57ad226f Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:38:43 +0800 Subject: [PATCH 12/19] 2.12 --- .github/workflows/cicd.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index da9f8938a..df6ab48cc 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_11: - image: opensearchproject/opensearch:2.11.1 + opensearch_2_12: + image: opensearchproject/opensearch:2.12.0 # Your upgrade target env: cluster.name: stac-cluster node.name: os01 @@ -42,12 +42,22 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true + # Fully disable security plugin and its SSL + DISABLE_SECURITY_PLUGIN: true # New: Explicitly skips security init + DISABLE_INSTALL_DEMO_CONFIG: true # New: Skips demo certs/password setup plugins.security.disabled: true - plugins.security.ssl.http.enabled: true + plugins.security.ssl.http.enabled: false # Fix: Disable HTTP SSL OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m action.destructive_requires_name: false ports: - 9202:9202 + # Optional: Add healthcheck for reliable startup (see below) + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:9202 || exit 1"] # Plain HTTP test + interval: 10s + timeout: 5s + retries: 10 + start-period: 30s # Gives 30s grace for JVM boot strategy: matrix: From 82a95ef86535c0455daa2e9add8f5c1e4af728b9 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 16:39:51 +0800 Subject: [PATCH 13/19] comments --- .github/workflows/cicd.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index df6ab48cc..48e2c9621 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -33,7 +33,7 @@ jobs: - 9200:9200 opensearch_2_12: - image: opensearchproject/opensearch:2.12.0 # Your upgrade target + image: opensearchproject/opensearch:2.12.0 env: cluster.name: stac-cluster node.name: os01 @@ -42,22 +42,21 @@ jobs: discovery.type: single-node http.port: 9202 http.cors.enabled: true - # Fully disable security plugin and its SSL - DISABLE_SECURITY_PLUGIN: true # New: Explicitly skips security init - DISABLE_INSTALL_DEMO_CONFIG: true # New: Skips demo certs/password setup + DISABLE_SECURITY_PLUGIN: true + DISABLE_INSTALL_DEMO_CONFIG: true plugins.security.disabled: true - plugins.security.ssl.http.enabled: false # Fix: Disable HTTP SSL + plugins.security.ssl.http.enabled: false OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m action.destructive_requires_name: false ports: - 9202:9202 - # Optional: Add healthcheck for reliable startup (see below) + healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:9202 || exit 1"] # Plain HTTP test + test: ["CMD-SHELL", "curl -f http://localhost:9202 || exit 1"] interval: 10s timeout: 5s retries: 10 - start-period: 30s # Gives 30s grace for JVM boot + start-period: 30s strategy: matrix: From 78146e7d75bb7b73de50bfe1d9e76fde5c9a7b2d Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 17:45:23 +0800 Subject: [PATCH 14/19] ues options --- .github/workflows/cicd.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 48e2c9621..fec878716 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -50,13 +50,13 @@ jobs: action.destructive_requires_name: false ports: - 9202:9202 - - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:9202 || exit 1"] - interval: 10s - timeout: 5s - retries: 10 - start-period: 30s + options: >- + --health-cmd="curl -f http://localhost:9202/_cluster/health || exit 1" + --health-interval=10s + --health-timeout=5s + --health-retries=10 + --ulimit nofile=65536:65536 + --ulimit memlock=-1:-1 strategy: matrix: From bb6499f5ac392de645c27e532dd159f957fc05f1 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 17:48:06 +0800 Subject: [PATCH 15/19] duplicated --- .github/workflows/cicd.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fec878716..ae9f83a25 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -44,8 +44,6 @@ jobs: http.cors.enabled: true DISABLE_SECURITY_PLUGIN: true DISABLE_INSTALL_DEMO_CONFIG: true - plugins.security.disabled: true - plugins.security.ssl.http.enabled: false OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m action.destructive_requires_name: false ports: From d634fea4d39baa38d6ed97368fe7dc3af5530451 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 18:31:27 +0800 Subject: [PATCH 16/19] 2.13 --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index ae9f83a25..685c5536b 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_12: - image: opensearchproject/opensearch:2.12.0 + opensearch_2_13: + image: opensearchproject/opensearch:2.13.0 env: cluster.name: stac-cluster node.name: os01 From 24fb8dfd571e5c40e76b6dc9a98d5bcb92e9f4dd Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 18:43:29 +0800 Subject: [PATCH 17/19] 2.18 --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 685c5536b..9ff063418 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_13: - image: opensearchproject/opensearch:2.13.0 + opensearch_2_18: + image: opensearchproject/opensearch:2.18.0 env: cluster.name: stac-cluster node.name: os01 From 401f23e60b5349e33a75a2c90d9ad5b8c218c595 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 18:48:42 +0800 Subject: [PATCH 18/19] 2.19.3 --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 9ff063418..e3e94a13a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -32,8 +32,8 @@ jobs: ports: - 9200:9200 - opensearch_2_18: - image: opensearchproject/opensearch:2.18.0 + opensearch_2_19: + image: opensearchproject/opensearch:2.19.3 env: cluster.name: stac-cluster node.name: os01 From c072eec80a04d09ced0b2032c46faf0cdd4fa194 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Sat, 18 Oct 2025 19:03:38 +0800 Subject: [PATCH 19/19] update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb8b2a2ed..e4f28dd06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Updated - Updated Elasticsearch version to 8.19.5 in CI/CD test matrix and compose.yml. [#497](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/497) +- Updated OpenSearch version to 2.19.3 in CI/CD test matrix and compose.yml. [#499](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/499) +- Updated elasticsearh python library to 8.19.1 in setup.py. [#499](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/499) ## [v6.5.1] - 2025-09-30