adding chained aws credentials support
Allows you to run inside AWS and resolve credentials in order
- static credentials (access keys from ELASTIC_CONNECTION_INFO)
- EC2 role credentials
Other methods of resolution (Shared and Environment) have been omitted as static credentials are sent from the rails app or they will be resolved from the ec2 instance profile.
Merge request reports
Activity
@nick.thomas FYI
added 1 commit
- 4aad5213 - add comments on aws credential resolution order
- Resolved by Nick Thomas
added 1 commit
- a255ec06 - remove environment and shared credential resolution
- Resolved by Nick Thomas
- Resolved by Matt Gresko
- Resolved by Matt Gresko
Thanks @mgresko, a few more comments. cc me on the Rails side when you want me to take a look at it!
FYI running this in conjunction with rails changes I am getting "no Elasticsearch node available" when connecting to AWS ES 5.3 cluster. Going to look into this tomorrow. (rails is working fine)
This looks useful... https://github.com/olivere/elastic/wiki/Using-with-AWS-Elasticsearch-Service
Edited by Matt Gresko@mgresko "no Elasticsearch node available" is due to
elastic.SetSniff
, I think.@mgresko I wonder if it's due to this code segment: https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer/blob/master/elastic/client.go#L72
I don't recall explicitly testing this on AWS; perhaps setting the scheme like this forces the sniffing to be enabled, despite the later call to
elastic.SetSniff(false)
If so, it's a pre-existing bug in the indexer, so this is a bit of a long shot as I assume it's working for you at the moment?
@nick.thomas that is possible. I am going to poke at it today. Definitely does not work for me on AWS. I had to flip back to the ruby indexer to get things going in my test env.
@nick.thomas ok this is not an issue. The problem was the omnibus package somehow built with master vs my branch. I updated the binary on my test environment and it is working perfect. sigh. sorry for the fire drill.
assigned to @nick.thomas
mentioned in issue omnibus-gitlab#2458 (closed)
@nick.thomas FYI https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2020 has been merged
@mgresko yes, we're just waiting for omnibus-gitlab#2458 (closed) to be resolved before merging this.
mentioned in commit 7e39268d