-
Notifications
You must be signed in to change notification settings - Fork 106
Elasticsearch 7.x.0 service and private s3 bucket setup on 'space'
Jun Li edited this page Dec 21, 2020
·
19 revisions
cf create-service aws-elasticsearch <service_plan_name> <fec_instance_name>
on prod: cf create-service aws-elasticsearch es-medium fec-api-elasticsearch
on stage: cf create-service aws-elasticsearch es-medium fec-api-elasticsearch
on dev: cf create-service aws-elasticsearch es-dev fec-api-elasticsearch
Ref: https://cloud.gov/docs/services/aws-elasticsearch/#managing-backups
- Create private s3 bucket (It will store the ES snapshot files)
cf create-service s3 basic <s3_bucket_instance_name>
ex:cf create-service s3 basic fec-s3-snapshot
- Get S3 bucket name
a)Create a service key to access S3 credentialscf create-service-key <service_instance_name> <service_key_name>
ex:cf create-service-key fec-s3-snapshot fec-s3-snapshot-key
b)Get s3 credentialscf service-key <service_instance_name> <service_key_name>
ex:cf service-key fec-s3-snapshot fec-s3-snapshot-key
c)Install jq(Lightweight command-line JSON processor) to get s3 bucket name (keep in same terminal)brew list
brew install jq
s3_credentials=$(cf service-key fec-s3-snapshot fec-s3-snapshot-key | tail -n +3)
check env s3_credentials value:echo "${s3_credentials}"
s3_bucket=$(echo "${s3_credentials}" | jq -r '.bucket')
check env s3_bucket value:echo "${s3_bucket}"
d)Connect to new S3 bucket :
aws configure
and enter the bucket creds
Create a cors.json on local and copy below rules into cors.json. Upload the CORS policy to private s3 bucket.{"CORSRules": [
{
"AllowedOrigins": ["*"],
"AllowedHeaders": ["*"],
"AllowedMethods": ["HEAD", "GET"],
"ExposeHeaders": ["ETag"]
}
]
}
upload to s3 bucket on space
['dev' space]:
aws s3 ls s3://cg-55a0b774-46d0-41ca-bdbd-39c931854856/
aws s3api put-bucket-cors --bucket cg-55a0b774-46d0-41ca-bdbd-39c931854856 --cors-configuration file://cors.json --profile s3-dev-snapshot
['stage' space]:
aws s3 ls s3://cg-52c16ed3-879b-4163-951a-50b1c8b79f8b/
aws s3api put-bucket-cors --bucket cg-52c16ed3-879b-4163-951a-50b1c8b79f8b --cors-configuration file://cors.json --profile s3-stage-snapshot
['feature' space]:
aws s3 ls s3://cg-1a47b3a6-7351-4414-9ad8-cbe8a8949569/
aws s3api put-bucket-cors --bucket cg-1a47b3a6-7351-4414-9ad8-cbe8a8949569 --cors-configuration file://cors.json --profile s3-feature-snapshot
['prod' space]:
aws s3 ls s3://cg-a779d3fe-b4a5-4f36-ac11-704d858e0032/
aws s3api put-bucket-cors --bucket cg-a779d3fe-b4a5-4f36-ac11-704d858e0032 --cors-configuration file://cors.json --profile s3-prod-snapshot
- Assign the new s3 bucket to Elasticsearch instance (keep in the same terminal)
a)run:export s3_bucket=<bucket_name>
on dev:export s3_bucket=cg-55a0b774-46d0-41ca-bdbd-39c931854856
on stage:export s3_bucket=cg-52c16ed3-879b-4163-951a-50b1c8b79f8b
on prod:export s3_bucket=cg-a779d3fe-b4a5-4f36-ac11-704d858e0032
on feature:export s3_bucket=cg-1a47b3a6-7351-4414-9ad8-cbe8a8949569
b)run:cf create-service-key <fec_es_instance_name> <fec_es_instance_name_key> -c '{"bucket":"${s3_bucket}"}'
ex:cf create-service-key fec-api-elasticsearch fec-api-elasticsearch-key -c '{"bucket":"${s3_bucket}"}'
- Get service key for fec es instance
cf service-key <fec_es_instance_name> <fec_es_instance_name_key>
ex:cf service-key fec-api-elasticsearch fec-api-elasticsearch-key
- Get Elasticsearch service snapshotRoleARN from step (2)
- Add/Update 'ES_SNAPSHOT_ROLE_ARN' env variable on
follow this instruction: Switch out cf environment variables
follow this:Elasticsearch 7.x.0 management instruction
- Re-name s3 service
cf rename-service <org_instance_name> <new_instance_name>
ex(maybe need type commend manually):cf rename-service fec-s3-api fec-s3-dev
- Rebuild the latest api to circleci
this will bind-service api, celery-beat, celery-worker to fec-api-search56
- unbind app from ES74 (manually)
cf unbind-service api <fec_es_instance_name>
ex:cf unbind-service api fec-api-elasticsearch
ex:cf unbind-service celery-beat fec-api-elasticsearch
ex:cf unbind-service celery-worker fec-api-elasticsearch
- Delete ES7 service
Check service key:cf service-keys <fec_es_instance_name>
ex:cf service-keys fec-api-elasticsearch <br />
cf delete-service-key <fec_es_instance_name> <fec_es_instance_key><br />ex:
cf delete-service-key fec-api-elasticsearch fec-api-elasticsearch-key<br />ex:
cf delete-service fec-api-elasticsearch`