-
Notifications
You must be signed in to change notification settings - Fork 45
Testing Elasticsearch for release
Jonathan Meyer edited this page Mar 28, 2019
·
3 revisions
- Test deploy without
ELASTICSEARCH_URL
set. Elasticsearch 5 should be deployed. - Test deploy with
ELASTICSEARCH_URL
set to previously created. Use VIP. - Update Elasticsearch to enforce auth. Test deploy with
ELASTICSEARCH_URL
set to a X-Pack Security protected cluster. Use VIP for HTTP, MLB VHOST for HTTPS.
Sample Marathon JSON deployment for testing secured Elasticsearch:
{
"env": {
"ES_JAVA_OPTS": "-Xms512m -Xmx512m",
"xpack.security.enabled": "true"
},
"labels": {
"HAPROXY_GROUP": "external",
"HAPROXY_0_VHOST": "es-secure.omega.aisohio.net"
},
"id": "/scale-elasticsearch-secure",
"backoffFactor": 1.15,
"backoffSeconds": 1,
"container": {
"portMappings": [
{
"containerPort": 9200,
"hostPort": 0,
"labels": {
"VIP_0": "//scale-elasticsearch-secure:9200"
},
"protocol": "tcp",
"servicePort": 0
}
],
"type": "DOCKER",
"volumes": [],
"docker": {
"image": "elasticsearch:6.6.2",
"forcePullImage": false,
"privileged": false,
"parameters": []
}
},
"cpus": 1,
"disk": 0,
"healthChecks": [
{
"gracePeriodSeconds": 300,
"intervalSeconds": 60,
"maxConsecutiveFailures": 3,
"timeoutSeconds": 20,
"delaySeconds": 15,
"protocol": "COMMAND",
"command": {
"value": "curl -XPOST localhost:9200/_xpack/license/start_trial?acknowledge=true && bin/elasticsearch-setup-passwords auto -b || true"
}
}
],
"instances": 1,
"maxLaunchDelaySeconds": 3600,
"mem": 1024,
"gpus": 0,
"networks": [
{
"mode": "container/bridge"
}
],
"requirePorts": false,
"upgradeStrategy": {
"maximumOverCapacity": 1,
"minimumHealthCapacity": 1
},
"killSelection": "YOUNGEST_FIRST",
"unreachableStrategy": {
"inactiveAfterSeconds": 0,
"expungeAfterSeconds": 0
},
"fetch": [],
"constraints": []
}
Just look in the stderr output to find the password for the elastic user.
Now you can test without HTTPS using ELASTICSEARCH_URL=http://elastic:<password>@scale-elasticsearch-secure.marathon.l4lb.thisdcos.directory:9200
. Assuming your Marathon LB is configured with DNS to point to the public agents where it runs HTTPS can be tested like so ELASTICSEARCH_URL=https://elastic:<password>@scale.omega.aisohio.net
.
- Home
- What's New
-
In-depth Topics
- Enable Scale to run CUDA GPU optimized algorithms
- Enable Scale to store secrets securely
- Test Scale's scan capability on the fly
- Test Scale's workspace broker capability on the fly
- Scale Performance Metrics
- Private docker repository configuration
- Setting up Automated Snapshots for Elasticsearch
- Setting up Cluster Monitoring
- Developer Notes