Skip to content

Commit

Permalink
propagate the security index intitialized through the peercluster rel…
Browse files Browse the repository at this point in the history 
…ation data
  • Loading branch information
@skourta
skourta committed Dec 5, 2024
1 parent 453fb0e commit 03186e8
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 2 deletions.
1 change: 1 addition & 0 deletions lib/charms/opensearch/v0/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ class PeerClusterRelData(Model):
cm_nodes: List[Node]
credentials: PeerClusterRelDataCredentials
deployment_desc: Optional[DeploymentDescription]
security_index_initialised: bool = False


class PeerClusterRelErrorData(Model):
Expand Down
16 changes: 15 additions & 1 deletion lib/charms/opensearch/v0/opensearch_base_charm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,7 @@ def cleanup():
# when "data" node joins -> start cluster-manager via _on_peer_cluster_relation_changed
# cluster-manager notifies "data" node via refresh of peer cluster relation data
# "data" node starts and initializes security index
logger.info(f"Deployment description at on start: {deployment_desc}")
if (
deployment_desc.typ == DeploymentType.MAIN_ORCHESTRATOR
and not deployment_desc.start == StartMode.WITH_GENERATED_ROLES
Expand Down Expand Up @@ -1062,6 +1063,9 @@ def _post_start_init(self, event: _StartOpenSearch): # noqa: C901
"""Initialization post OpenSearch start."""
# initialize the security index if needed (and certs written on disk etc.)
# this happens only on the first data node to join the cluster
logger.debug(
f"is_leader: {self.unit.is_leader()}, security_index_initialised: {self.peers_data.get(Scope.APP, 'security_index_initialised')}, roles: {self.opensearch_peer_cm.deployment_desc().config.roles}, start: {self.opensearch_peer_cm.deployment_desc().start}"
)
if (
self.unit.is_leader()
and not self.peers_data.get(Scope.APP, "security_index_initialised")
Expand All @@ -1074,7 +1078,8 @@ def _post_start_init(self, event: _StartOpenSearch): # noqa: C901
admin_secrets = self.secrets.get_object(Scope.APP, CertType.APP_ADMIN.val)
try:
self._initialize_security_index(admin_secrets)
self.peers_data.put(Scope.APP, "security_index_initialised", True)
self.put_or_update_security_index_initialized(event)

except OpenSearchCmdError as e:
logger.debug(f"Error when initializing the security index: {e.out}")
event.defer()
Expand Down Expand Up @@ -1721,6 +1726,15 @@ def handle_joining_data_node(self) -> None:
else:
self._start_opensearch_event.emit(ignore_lock=True)

def put_or_update_security_index_initialized(self, event: EventBase) -> None:
"""Set the security index initialized flag."""
self.peers_data.put(Scope.APP, "security_index_initialised", True)
if self.opensearch_peer_cm.deployment_desc().typ == DeploymentType.MAIN_ORCHESTRATOR:
self.peer_cluster_provider.refresh_relation_data(event)
else:
# notify the main orchestrator that the security index is initialized
self.peer_cluster_requirer.set_security_index_initialised()

@property
def unit_ip(self) -> str:
"""IP address of the current unit."""
Expand Down
38 changes: 37 additions & 1 deletion lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,7 @@ def _rel_data(
s3=self._s3_credentials(deployment_desc),
),
deployment_desc=deployment_desc,
security_index_initialised=self._get_security_index_initialised(),
)
except OpenSearchHttpError:
return PeerClusterRelErrorData(
Expand Down Expand Up @@ -519,6 +520,22 @@ def _fetch_local_cm_nodes(self, deployment_desc: DeploymentDescription) -> List[
if node.is_cm_eligible() and node.app.id == deployment_desc.app.id
]

def _get_security_index_initialised(self) -> bool:
"""Check if the security index is initialised."""
if self.charm.peers_data.get(Scope.APP, "security_index_initialised", False):
return True

# check all other clusters if they have initialised the security index
all_relation_ids = [
rel.id for rel in self.charm.model.relations[self.relation_name] if len(rel.units) > 0
]

for rel_id in all_relation_ids:
if self.get_from_rel("security_index_initialised", rel_id=rel_id, remote_app=True):
return True

return False


class OpenSearchPeerClusterRequirer(OpenSearchPeerClusterRelation):
"""Peer cluster relation requirer class."""
Expand Down Expand Up @@ -598,6 +615,9 @@ def _on_peer_cluster_relation_changed(self, event: RelationChangedEvent): # noq
# register main and failover cm app names if any
self.charm.peers_data.put_object(Scope.APP, "orchestrators", orchestrators.to_dict())

if data.security_index_initialised:
self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)

# let the charm know this is an already bootstrapped cluster
self.charm.peers_data.put(Scope.APP, "bootstrapped", True)

Expand Down Expand Up @@ -643,7 +663,8 @@ def _set_security_conf(self, data: PeerClusterRelData) -> None:
)

self.charm.peers_data.put(Scope.APP, "admin_user_initialized", True)
if self.charm.alt_hosts:
logger.debug(f"PeerClusterRelData: {data.to_dict()}")
if data.security_index_initialised:
self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)

if s3_creds := data.credentials.s3:
Expand Down Expand Up @@ -680,6 +701,21 @@ def _orchestrators(

return PeerClusterOrchestrators.from_dict(local_orchestrators)

def set_security_index_initialised(self) -> None:
"""Set the security index as initialised."""
# get the MAIN orchestrator
orchestrators = PeerClusterOrchestrators.from_dict(
self.charm.peers_data.get_object(Scope.APP, "orchestrators") or {}
)

if not orchestrators:
return

# set the security index as initialised in the unit data bag with the main orchestrator
self.put_in_rel(
data={"security_index_initialised": "true"}, rel_id=orchestrators.main_rel_id
)

def _put_current_app(
self, event: RelationEvent, deployment_desc: DeploymentDescription
) -> None:
Expand Down

0 comments on commit 03186e8

Please sign in to comment.