Skip to content

Support Opensearch #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support Opensearch #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions manifests/config.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,15 @@
],
}

file { "${bitbucket::webappdir}/elasticsearch/config-template/elasticsearch.yml":
content => template('bitbucket/elasticsearch.yml.erb'),
if versioncmp($version, '7.21') >= 0 {
$search_config = "${bitbucket::webappdir}/opensearch/config/opensearch.yml"
$search_config_template = 'bitbucket/opensearch.yml.erb'
} else {
$search_config = "${bitbucket::webappdir}/elasticsearch/config-template/elasticsearch.yml"
$search_config_template = 'bitbucket/elasticsearch.yml.erb'
}
file { $search_config:
content => template($search_config_template),
mode => '0640',
require => [
Class['bitbucket::install'],
Expand Down
38 changes: 38 additions & 0 deletions templates/opensearch.yml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
cluster.name: bitbucket_search
node:
name: bitbucket_bundled

network.host: _local_
discovery.type: single-node

path:
logs: <%= scope.lookupvar('bitbucket::logdir') %>/search
data: ${BITBUCKET_HOME}/shared/search/data

action.auto_create_index: false

http.port: 7992
transport.tcp.port: 7993

# The OpenSearch security plugin stores its configuration in an index in the cluster itself. On startup if the
# security index doesn't exist yet, sitting this to true will cause the security plugin to read the yml files and
# configure the index using the contents of the files.
plugins.security.allow_default_init_securityindex: true

# Using the yml files with default initialisation, we create a bitbucket user and give it the all_access in-built role.
# However, access to the REST API is disabled by default even for the all_access role so we need to explicitly give
# it permission here so that the bitbucket user can access the OpenSearch REST API.
plugins.security.restapi.roles_enabled: ["all_access"]

# Mandatory TLS setup for transport layer
plugins.security.authcz.admin_dn:
- CN=BITBUCKET
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.pemcert_filepath: bitbucket.pem
plugins.security.ssl.transport.pemkey_filepath: bitbucket-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem

# Logs audit events to bitbucket_search_server.json
plugins.security.audit.type: log4j
plugins.security.audit.config.log4j.logger_name: audit
plugins.security.audit.config.log4j.level: INFO