Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement remote connection checks for remote-reindex migrations #19879

Merged
merged 7 commits into from
Jul 15, 2024
Merged

Implement remote connection checks for remote-reindex migrations #19879

merged 7 commits into from
Jul 15, 2024

Conversation

todvora
Copy link
Contributor

@todvora todvora commented Jul 11, 2024
edited
Loading

The existing implementation has done the connection check and indices list collection from the graylog-server side. But this doesn't verify that datanodes can speak to the remote opensearch. There may be networking/routing issues, different configuration of truststores and many other problems. The real solution is to let all datanodes run the connection check and aggregate their results in the graylog server. If this check succeeds, the remote reindexing should as well.

Motivation and Context

Errors like:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Even with trust uknown certificates feature from #19775

How Has This Been Tested?

Manually

image

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (non-breaking change)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.

moesterheld
moesterheld approved these changes Jul 14, 2024
View reviewed changes
Copy link
Contributor

@moesterheld moesterheld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is an issue when using a custom CA for OS/ES during remote reindexing. I could consistently reproduce that the connection check would give a "No indices found" error, which is gone after retrying.
Seems like a possible race condition. If we want to include it like this in the alpha build, I will approve it.

@todvora todvora merged commit 2a397e0 into master Jul 15, 2024
5 checks passed
@todvora todvora deleted the datanode/remote-opensearch-connection-check branch July 15, 2024 03:21
@todvora todvora mentioned this pull request Jul 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moesterheld moesterheld moesterheld approved these changes

@vvasylenko vvasylenko Awaiting requested review from vvasylenko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@todvora @moesterheld