From dc1a54074aebc6a243822cb7118dfb0d82347661 Mon Sep 17 00:00:00 2001 From: Max Sokolski Date: Tue, 16 May 2023 16:34:42 +0300 Subject: [PATCH] feat: unify ElasticSearch and OpenSearch configuration Changes: - set the same cluster and service name - unify tutor plugin configuration variables --- README.md | 2 +- charts/harmony-chart/Chart.lock | 6 +- charts/harmony-chart/Chart.yaml | 4 +- .../templates/elasticsearch/secrets.yaml | 3 +- .../templates/opensearch/secrets.yaml | 24 +++ charts/harmony-chart/values.yaml | 142 +++++++++++------- .../templates/opensearch/secrets.yaml | 12 -- .../tutor_k8s_harmony_plugin/commands.py | 12 +- .../base.py} | 40 +++-- .../harmony_search/elasticsearch.py | 12 ++ .../harmony_search/opensearch.py | 13 ++ .../tutor_k8s_harmony_plugin/opensearch.py | 70 --------- .../patches/openedx-common-settings | 21 +-- ...penedx-dockerfile-post-python-requirements | 7 - .../tutor_k8s_harmony_plugin/plugin.py | 9 +- 15 files changed, 185 insertions(+), 192 deletions(-) create mode 100644 charts/harmony-chart/templates/opensearch/secrets.yaml delete mode 100644 harmony-chart/templates/opensearch/secrets.yaml rename tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/{elasticsearch.py => harmony_search/base.py} (56%) create mode 100644 tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/elasticsearch.py create mode 100644 tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/opensearch.py delete mode 100644 tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/opensearch.py delete mode 100644 tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-dockerfile-post-python-requirements diff --git a/README.md b/README.md index f57c741..08a528e 100644 --- a/README.md +++ b/README.md @@ -217,7 +217,7 @@ To enable set `elasticsearch.enabled=true` in your `values.yaml` and deploy the For each instance you would like to enable this on, set the configuration values in the respective `config.yml`: ```yaml -K8S_HARMONY_ENABLE_SHARED_ELASTICSEARCH: true +K8S_HARMONY_ENABLE_SHARED_HARMONY_SEARCH: true RUN_ELASTICSEARCH: false ``` diff --git a/charts/harmony-chart/Chart.lock b/charts/harmony-chart/Chart.lock index ef761e9..4bf4ac8 100644 --- a/charts/harmony-chart/Chart.lock +++ b/charts/harmony-chart/Chart.lock @@ -16,6 +16,6 @@ dependencies: version: 6.0.3 - name: opensearch repository: https://opensearch-project.github.io/helm-charts - version: 2.11.4 -digest: sha256:e55d718bc0033d348cbabefe6d570b65ed3f26c463ace08201b3dd11b36f5a68 -generated: "2023-04-24T18:23:43.967524+03:00" + version: 2.13.3 +digest: sha256:11b69b1ea771337b1e7cf8497ee342a25b095b86899b8cee716be8cc9f955559 +generated: "2023-07-01T19:23:29.18815+03:00" diff --git a/charts/harmony-chart/Chart.yaml b/charts/harmony-chart/Chart.yaml index 120e44b..ea7ea57 100644 --- a/charts/harmony-chart/Chart.yaml +++ b/charts/harmony-chart/Chart.yaml @@ -11,7 +11,7 @@ version: 0.1.0 # version the application is using. It is recommended to use it with quotes. # # In our case, this represents the version of Tutor that this chart is compatible with. -appVersion: "14.1.1" +appVersion: "16.0.2" dependencies: # This is just info for the "helm dependency update" command, which will update the ./charts/ directory when run, using @@ -44,6 +44,6 @@ dependencies: condition: vpa.enabled - name: opensearch - version: "2.11.4" + version: "2.13.3" condition: opensearch.enabled repository: https://opensearch-project.github.io/helm-charts diff --git a/charts/harmony-chart/templates/elasticsearch/secrets.yaml b/charts/harmony-chart/templates/elasticsearch/secrets.yaml index e25eecf..cf70d9e 100644 --- a/charts/harmony-chart/templates/elasticsearch/secrets.yaml +++ b/charts/harmony-chart/templates/elasticsearch/secrets.yaml @@ -1,6 +1,7 @@ --- {{- $ca := genCA "elasticca" 1825 }} -{{- $cert := genSignedCert "elasticsearch-master.{{ Release.Namespace }}.local" nil (list "elasticsearch-master.{{ Release.Namespace }}.local") 1825 $ca }} +{{- $cn := printf "elasticsearch-master.%s.local" .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $cn) 1825 $ca }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/harmony-chart/templates/opensearch/secrets.yaml b/charts/harmony-chart/templates/opensearch/secrets.yaml new file mode 100644 index 0000000..40bbf00 --- /dev/null +++ b/charts/harmony-chart/templates/opensearch/secrets.yaml @@ -0,0 +1,24 @@ +--- +{{- $ca := genCA "opensearchca" 1825 }} +{{- $cn := printf "opensearch-master.%s.local" .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $cn) 1825 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: opensearch-certificates +type: Opaque +data: + "ca.crt": {{ $ca.Cert | b64enc | toYaml | indent 4}} + "tls.key": {{ $cert.Key | b64enc | toYaml | indent 4}} + "tls.crt": {{ print $cert.Cert $ca.Cert | b64enc | toYaml | indent 4}} +--- +{{- $password := randAlphaNum 32 }} +{{- $password_bcrypt := $password | bcrypt }} +apiVersion: v1 +kind: Secret +metadata: + name: opensearch-credentials +type: Opaque +data: + harmony_password: {{ $password | b64enc | quote }} + internal_users.yml: {{ printf "---\n_meta:\n type: \"internalusers\"\n config_version: 2\n\nharmony:\n hash: \"%s\"\n reserved: true\n backend_roles:\n - \"admin\"\n description: \"Harmony admin user\"\n" $password_bcrypt | b64enc | quote }} diff --git a/charts/harmony-chart/values.yaml b/charts/harmony-chart/values.yaml index b7ddfbd..63a0298 100644 --- a/charts/harmony-chart/values.yaml +++ b/charts/harmony-chart/values.yaml @@ -18,16 +18,18 @@ cert-manager: elasticsearch: enabled: false + clusterName: "harmony-search-cluster" + # Operators will need to add/update the following setting in each # of their instances by running the commands: # ``` - # tutor config save --set K8S_HARMONY_ENABLE_SHARED_ELASTICSEARCH=true --set RUN_ELASTICSEARCH=false + # tutor config save --set K8S_HARMONY_ENABLE_SHARED_HARMONY_SEARCH=true --set RUN_ELASTICSEARCH=false # tutor harmony create-elasticsearch-user # ``` # RUN_ELASTICSEARCH: false - # ELASTICSEARCH_PREFIX_INDEX: "username-" - # K8S_HARMONY_USE_SHARED_ELASTICSEARCH: true - # ELASTICSEARCH_AUTH: "username:actual_password" + # HARMONY_SEARCH_INDEX_PREFIX: "username-" + # K8S_HARMONY_ENABLE_SHARED_HARMONY_SEARCH: true + # HARMONY_SEARCH_HTTP_AUTH: "username:actual_password" # We will create the relevant certs, because they need to shared # with pods in other namespaces. @@ -52,6 +54,7 @@ elasticsearch: esConfig: "elasticsearch.yml": | + cluster.name: harmony-search-cluster xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certs/tls.key @@ -82,75 +85,100 @@ vpa: # Multi-tenant OpenSearch opensearch: enabled: false + clusterName: "harmony-search-cluster" + masterService: "harmony-search-cluster" # Operators will need to add/update the following setting in each # of their instances by running the commands: # ``` - # tutor config save --set K8S_HARMONY_ENABLE_SHARED_OPENSEARCH=true --set RUN_ELASTICSEARCH=false + # tutor config save --set K8S_HARMONY_ENABLE_SHARED_HARMONY_SEARCH=true --set RUN_ELASTICSEARCH=false # tutor harmony create-opensearch-user # ``` # RUN_ELASTICSEARCH: false - # ELASTICSEARCH_PREFIX_INDEX: "username-" + # HARMONY_SEARCH_INDEX_PREFIX: "username-" # K8S_HARMONY_USE_SHARED_OPENSEARCH: true - # ELASTICSEARCH_AUTH: "username:actual_password" - -# Allows you to add any config files in {{ .Values.opensearchHome }}/config -opensearchHome: /usr/share/opensearch -# such as opensearch.yml and log4j2.properties -config: - opensearch.yml: | - cluster.name: opensearch-cluster - network.host: 0.0.0.0 - plugins: - security: - ssl: - transport: - pemcert_filepath: certs/tls.crt - pemkey_filepath: certs/tls.key - pemtrustedcas_filepath: certs/ca.crt - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: certs/tls.crt - pemkey_filepath: certs/tls.key - pemtrustedcas_filepath: certs/ca.crt - allow_unsafe_democertificates: false - allow_default_init_securityindex: true - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] + # HARMONY_SEARCH_HTTP_AUTH: "username:actual_password" + # # This secret will contain the ssl certificates. secretMounts: - - name: openseach-certificates - secretName: openseach-certificates + - name: opensearch-certificates + secretName: opensearch-certificates path: /usr/share/opensearch/config/certs defaultMode: 0777 resources: requests: - cpu: "100m" - memory: "512Mi" - limits: - cpu: "500m" - memory: "700Mi" + cpu: "1000m" + memory: "100Mi" persistence: size: 30Gi + + # Set vm.max_map_count + # Default value is 262144 + sysctlInit: + enabled: true + + extraEnvs: + - name: DISABLE_INSTALL_DEMO_CONFIG + value: "true" + - name: HARMONY_PASSWORD + valueFrom: + secretKeyRef: + name: opensearch-credentials + key: harmony_password + + # Allows you to add any config files in {{ .Values.opensearchHome }}/config + opensearchHome: /usr/share/opensearch + # such as opensearch.yml and log4j2.properties + + securityConfig: + enabled: true + internalUsersSecret: opensearch-credentials + + config: + opensearch.yml: | + cluster.name: harmony-search-cluster + network.host: 0.0.0.0 + plugins: + security: + ssl: + transport: + enabled: true + pemcert_filepath: certs/tls.crt + pemkey_filepath: certs/tls.key + pemtrustedcas_filepath: certs/ca.crt + enforce_hostname_verification: false + http: + enabled: true + pemcert_filepath: certs/tls.crt + pemkey_filepath: certs/tls.key + pemtrustedcas_filepath: certs/ca.crt + authcz: + admin_dn: + - CN=opensearch-master.*.local + nodes_dn: + - CN=opensearch-master.*.local + allow_unsafe_democertificates: false + allow_default_init_securityindex: true + audit.type: internal_opensearch + enable_snapshot_restore_privilege: true + check_snapshot_restore_write_privileges: true + restapi: + roles_enabled: ["all_access", "security_rest_api_access"] + system_indices: + enabled: true + indices: + [ + ".opendistro-alerting-config", + ".opendistro-alerting-alert*", + ".opendistro-anomaly-results*", + ".opendistro-anomaly-detector*", + ".opendistro-anomaly-checkpoints", + ".opendistro-anomaly-detection-state", + ".opendistro-reports-*", + ".opendistro-notifications-*", + ".opendistro-notebooks", + ".opendistro-asynchronous-search-response*", + ] diff --git a/harmony-chart/templates/opensearch/secrets.yaml b/harmony-chart/templates/opensearch/secrets.yaml deleted file mode 100644 index ece73da..0000000 --- a/harmony-chart/templates/opensearch/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -{{- $ca := genCA "opensearchca" 1825 }} -{{- $cert := genSignedCert "opensearch-master.{{ Release.Namespace }}.local" nil (list "opensearch-master.{{ Release.Namespace }}.local") 1825 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: opensearch-certificates -type: Opaque -data: - "ca.crt": {{ $ca.Cert | b64enc | toYaml | indent 4}} - "tls.key": {{ $cert.Key | b64enc | toYaml | indent 4}} - "tls.crt": {{ print $cert.Cert $ca.Cert | b64enc | toYaml | indent 4}} diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/commands.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/commands.py index aa2e1cc..047c4bf 100644 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/commands.py +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/commands.py @@ -4,8 +4,8 @@ from tutor import config as tutor_config from tutor import env as tutor_env from tutor.commands.k8s import K8sContext, kubectl_exec -from .elasticsearch import ElasticSearchAPI -from .opensearch import OpenSearchAPI +from .harmony_search.elasticsearch import ElasticSearchAPI +from .harmony_search.opensearch import OpenSearchAPI @click.group(help="Commands and subcommands of the openedx-k8s-harmony.") @click.pass_context @@ -22,10 +22,10 @@ def create_elasticsearch_user(context: click.Context): config = tutor_config.load(context.root) namespace = config["K8S_HARMONY_NAMESPACE"] api = ElasticSearchAPI(namespace) - username, password = config["ELASTICSEARCH_HTTP_AUTH"].split(":", 1) + username, password = config["HARMONY_SEARCH_HTTP_AUTH"].split(":", 1) role_name = f"{username}_role" - prefix = config["ELASTICSEARCH_INDEX_PREFIX"] + prefix = config["HARMONY_SEARCH_INDEX_PREFIX"] api.post( f"_security/role/{role_name}", {"indices": [{"names": [f"{prefix}*"], "privileges": ["all"]}]}, @@ -50,10 +50,10 @@ def create_opensearch_user(context: click.Context): config = tutor_config.load(context.root) namespace = config["K8S_HARMONY_NAMESPACE"] api = OpenSearchAPI(namespace) - username, password = config["OPENSEARCH_HTTP_AUTH"].split(":", 1) + username, password = config["HARMONY_SEARCH_HTTP_AUTH"].split(":", 1) role_name = f"{username}_role" - prefix = config["OPENSEARCH_INDEX_PREFIX"] + prefix = config["HARMONY_SEARCH_INDEX_PREFIX"] api.put( f"_plugins/_security/api/roles/{role_name}", {"index_permissions": [{ diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/elasticsearch.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/base.py similarity index 56% rename from tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/elasticsearch.py rename to tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/base.py index c654e31..57c3bca 100644 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/elasticsearch.py +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/base.py @@ -4,9 +4,9 @@ from tutor import utils -class ElasticSearchAPI: +class BaseSearchAPI: """ - Helper class to interact with the ElasticSearch + Helper class to interact with the HarmonySearch API on the deployed cluster. """ @@ -18,18 +18,19 @@ def __init__(self, namespace): "--tty", "--namespace", namespace, - "elasticsearch-master-0", + "harmony-search-cluster-master-0", "--", "bash", "-c", ] - self._curl_base = ["curl", "--insecure", "-u", "elastic:${ELASTIC_PASSWORD}"] + # Must be specified by subclasses + self._curl_base = None def run_command(self, curl_options) -> typing.Union[dict, bytes]: """ - Invokes a curl command on the first Elasticsearch pod. + Invokes a curl command on the first HarmonySearch pod. - If possible returns the parsed json from the Elasticsearch response. + If possible returns the parsed json from the HarmonySearch response. Otherwise, the raw bytes from the curl command are returned. """ response = utils.check_output( @@ -42,20 +43,20 @@ def run_command(self, curl_options) -> typing.Union[dict, bytes]: def get(self, endpoint): """ - Runs a GET request on the Elasticsearch cluster with the specified + Runs a GET request on the HarmonySearch cluster with the specified endpoint. - If possible returns the parsed json from the Elasticsearch response. + If possible returns the parsed json from the HarmonySearch response. Otherwise, the raw bytes from the curl command are returned. """ return self.run_command(["-XGET", f"https://localhost:9200/{endpoint}"]) def post(self, endpoint: str, data: dict) -> typing.Union[dict, bytes]: """ - Runs a POST request on the Elasticsearch cluster with the specified + Runs a POST request on the HarmonySearch cluster with the specified endpoint. - If possible returns the parsed json from the Elasticsearch response. + If possible returns the parsed json from the HarmonySearch response. Otherwise, the raw bytes from the curl command are returned. """ return self.run_command( @@ -68,3 +69,22 @@ def post(self, endpoint: str, data: dict) -> typing.Union[dict, bytes]: '"Content-Type: application/json"', ] ) + + def put(self, endpoint: str, data: dict) -> typing.Union[dict, bytes]: + """ + Runs a PUT request on the HarmonySearch cluster with the specified + endpoint. + + If possible returns the parsed json from the HarmonySearch response. + Otherwise, the raw bytes from the curl command are returned. + """ + return self.run_command( + [ + "-XPUT", + f"https://localhost:9200/{endpoint}", + "-d", + f"'{json.dumps(data)}'", + "-H", + '"Content-Type: application/json"', + ] + ) diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/elasticsearch.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/elasticsearch.py new file mode 100644 index 0000000..14a6331 --- /dev/null +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/elasticsearch.py @@ -0,0 +1,12 @@ +from .base import BaseSearchAPI + + +class ElasticSearchAPI(BaseSearchAPI): + """ + Helper class to interact with the ElasticSearch + API on the deployed cluster. + """ + + def __init__(self, namespace): + super().__init__(namespace) + self._curl_base = ["curl", "--insecure", "-u", "elastic:${ELASTIC_PASSWORD}"] diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/opensearch.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/opensearch.py new file mode 100644 index 0000000..ca25572 --- /dev/null +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/harmony_search/opensearch.py @@ -0,0 +1,13 @@ +from .base import BaseSearchAPI + + +class OpenSearchAPI(BaseSearchAPI): + """ + Helper class to interact with the OpenSearch + API on the deployed cluster. + """ + + def __init__(self, namespace): + super().__init__(namespace) + # TODO: Make this configurable + self._curl_base = ["curl", "--insecure", "-u", "harmony:${HARMONY_PASSWORD}"] diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/opensearch.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/opensearch.py deleted file mode 100644 index 7fc296f..0000000 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/opensearch.py +++ /dev/null @@ -1,70 +0,0 @@ -import json -import typing - -from tutor import utils - - -class OpenSearchAPI: - """ - Helper class to interact with the OpenSearch - API on the deployed cluster. - """ - - def __init__(self, namespace): - self._command_base = [ - "kubectl", - "exec", - "--stdin", - "--tty", - "--namespace", - namespace, - "opensearch-cluster-master-0", - "--", - "bash", - "-c", - ] - self._curl_base = ["curl", "--insecure", "-u", "admin:admin"] - - def run_command(self, curl_options) -> typing.Union[dict, bytes]: - """ - Invokes a curl command on the first Opensearch pod. - - If possible returns the parsed json from the Opensearch response. - Otherwise, the raw bytes from the curl command are returned. - """ - response = utils.check_output( - *self._command_base, " ".join(self._curl_base + curl_options) - ) - try: - return json.loads(response) - except (TypeError, ValueError): - return response - - def get(self, endpoint): - """ - Runs a GET request on the Opensearch cluster with the specified - endpoint. - - If possible returns the parsed json from the Opensearch response. - Otherwise, the raw bytes from the curl command are returned. - """ - return self.run_command(["-XGET", f"https://opensearch-cluster-master:9200/{endpoint}"]) - - def put(self, endpoint: str, data: dict) -> typing.Union[dict, bytes]: - """ - Runs a POST request on the Opensearch cluster with the specified - endpoint. - - If possible returns the parsed json from the Opensearch response. - Otherwise, the raw bytes from the curl command are returned. - """ - return self.run_command( - [ - "-XPUT", - f"https://opensearch-cluster-master:9200/{endpoint}", - "-d", - f"'{json.dumps(data)}'", - "-H", - '"Content-Type: application/json"', - ] - ) diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-common-settings b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-common-settings index 285a3cf..5c6e4a4 100644 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-common-settings +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-common-settings @@ -1,23 +1,10 @@ -# ElasticSearch is a prefered engine. -# If both are turned on, ELASTICSEARCH will be used. -{% if K8S_HARMONY_ENABLE_SHARED_OPENSEARCH %} -ELASTICSEARCH_INDEX_PREFIX = "{{OPENSEARCH_INDEX_PREFIX}}" +{% if K8S_HARMONY_ENABLE_SHARED_HARMONY_SEARCH %} +ELASTIC_SEARCH_INDEX_PREFIX = "{{HARMONY_SEARCH_INDEX_PREFIX}}" ELASTIC_SEARCH_CONFIG = [{ "use_ssl": True, - "host": "opensearch-cluster-master.{{K8S_HARMONY_NAMESPACE}}.svc.cluster.local", + "host": "harmony-search-cluster.{{K8S_HARMONY_NAMESPACE}}.svc.cluster.local", "verify_certs": False, "port": 9200, - "http_auth": "{{ OPENSEARCH_HTTP_AUTH }}" -}] -{% endif %} - -{% if K8S_HARMONY_ENABLE_SHARED_ELASTICSEARCH %} -ELASTICSEARCH_INDEX_PREFIX = "{{ELASTICSEARCH_INDEX_PREFIX}}" -ELASTIC_SEARCH_CONFIG = [{ - "use_ssl": True, - "host": "elasticsearch-master.{{K8S_HARMONY_NAMESPACE}}.svc.cluster.local", - "verify_certs": False, - "port": 9200, - "http_auth": "{{ ELASTICSEARCH_HTTP_AUTH }}" + "http_auth": "{{ HARMONY_SEARCH_HTTP_AUTH }}" }] {% endif %} diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-dockerfile-post-python-requirements b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-dockerfile-post-python-requirements deleted file mode 100644 index e7efbda..0000000 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/patches/openedx-dockerfile-post-python-requirements +++ /dev/null @@ -1,7 +0,0 @@ -{% if K8S_HARMONY_ENABLE_SHARED_ELASTICSEARCH or K8S_HARMONY_ENABLE_SHARED_OPENSEARCH %} -# This is needed otherwise the previously installed edx-search -# package doesn't get replaced. Once the below branch is merged -# upstream it will no longer be needed. -RUN pip uninstall -y edx-search -RUN pip install --upgrade git+https://github.com/open-craft/edx-search.git@keith/prefixed-index-names -{% endif %} diff --git a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/plugin.py b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/plugin.py index 813a4de..9de94ca 100644 --- a/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/plugin.py +++ b/tutor-contrib-harmony-plugin/tutor_k8s_harmony_plugin/plugin.py @@ -21,8 +21,7 @@ # The workaround is to manually add a list of hosts to be routed to the caddy # instance. "INGRESS_HOST_LIST": [], - "ENABLE_SHARED_ELASTICSEARCH": False, - "ENABLE_SHARED_OPENSEARCH": False, + "ENABLE_SHARED_HARMONY_SEARCH": False, }, "overrides": { # Don't use Caddy as a per-instance external web proxy, but do still use it @@ -32,10 +31,8 @@ "ENABLE_HTTPS": True, }, "unique": { - "ELASTICSEARCH_HTTP_AUTH": "{{K8S_NAMESPACE}}:{{ 24|random_string }}", - "ELASTICSEARCH_INDEX_PREFIX": "{{K8S_NAMESPACE}}-{{ 4|random_string|lower }}-", - "OPENSEARCH_HTTP_AUTH": "{{K8S_NAMESPACE}}:{{ 24|random_string }}", - "OPENSEARCH_INDEX_PREFIX": "{{K8S_NAMESPACE}}-{{ 4|random_string|lower }}-", + "HARMONY_SEARCH_HTTP_AUTH": "{{K8S_NAMESPACE}}:{{ 24|random_string }}", + "HARMONY_SEARCH_INDEX_PREFIX": "{{K8S_NAMESPACE}}-{{ 4|random_string|lower }}-", }, }