fix the bug that Opensearch can't be connected (#15)

- change the Opensearch setup params
- add the new env variables in .env
- update README.md
This commit is contained in:
Petrus Han
2024-10-30 08:43:10 +08:00
committed by GitHub
parent 6aa0623a4a
commit 60f27bde6d
8 changed files with 45 additions and 11 deletions
+5
View File
@@ -17,6 +17,11 @@ REDIS_SUBNETS=
RDS_SUBNETS=
OPENSEARCH_SUBNETS=
OPENSEARCH_ADMINNAME=
OPENSEARCH_PASSWORD=
# AWS EKS Helm chart repository URL (Version 1.8.1)
# Set this ONLY if you are using AWS China regions. Please contact us for assistance.
# For more information, visit: https://github.com/aws/eks-charts
+7 -3
View File
@@ -86,6 +86,8 @@ Deploy Dify Enterprise on AWS using CDK.
- `REDIS_SUBNETS`: Subnet IDs for Redis deployment.
- `RDS_SUBNETS`: subnet ids for RDS database. (At least 2 with different AZs)
- `OPENSEARCH_SUBNETS`: Subnet IDs for OpenSearch deployment.
- `OPENSEARCH_ADMINNAME`: OpenSearch Domain master ame.
- `OPENSEARCH_PASSWORD`: OpenSearch Domain master password.
- `AWS_EKS_CHART_REPO_URL`: (For AWS China regions ONLY) The AWS EKS Helm chart repository URL.
@@ -193,7 +195,9 @@ Deploy Dify Enterprise on AWS using CDK.
12. ### VectorDatabase Configure:
Change the Helm `values.yaml` file, modify the `externalType` section as follows, replace `{openSearch_endpont}` with aws Opensearch instant's **Domain endpoint**, remove `https://` and use the left:
Change the Helm `values.yaml` file, modify the `externalType` section as follows:
1. replace `{openSearch_endpont}` with aws Opensearch instant's **Domain endpoint**, remove `https://` and use the left.
2. replace the `<OPENSEARCH_ADMINNAME>` and `<OPENSEARCH_PASSWORD>` with the value you have set in `.env`
```yaml
vectorDB:
@@ -202,8 +206,8 @@ Deploy Dify Enterprise on AWS using CDK.
externalOpenSearch:
host: "{openSearch_endpont}"
port: 443
user: "<your_aos_username>"
password: "<your_aos_password>"
user: "<OPENSEARCH_ADMINNAME>"
password: "<OPENSEARCH_PASSWORD>"
useTLS: true
```
-3
View File
@@ -14,8 +14,5 @@ export const config: DifyCDKConfig = {
}
export const getConstructPrefix = (config: StackConfig) => {
// Generate a 6-character random string consisting of numbers and letters
const randomSuffix = Math.random().toString(36).slice(2, 8).toUpperCase();
return `${PRODUCT_NAME}-${config.environment}-${AWS_RESOURCE_SUFFIX}`;
}
+1 -1
View File
@@ -9,7 +9,7 @@ export interface ProdStackConfig extends StackConfig {
}
export const prodConfig: ProdStackConfig = {
environment: 'Production',
environment: 'Prod',
region: process.env.CDK_PROD_REGION || process.env.CDK_DEFAULT_REGION || '',
account: process.env.CDK_PROD_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT || '',
+1 -1
View File
@@ -8,7 +8,7 @@ import { S3Config } from './constructs/s3Config';
* Basic configuration for a stack
*/
export interface StackConfig {
environment: "Testing" | "Production";
environment: "Test" | "Prod";
region: string;
account: string;
+1 -1
View File
@@ -13,7 +13,7 @@ export interface TestStackConfig extends StackConfig {
}
export const testConfig: TestStackConfig = {
environment: 'Testing',
environment: 'Test',
region: process.env.CDK_TESTING_REGION || process.env.CDK_DEFAULT_REGION || '',
account: process.env.CDK_TESTING_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT || '',
+30
View File
@@ -1,6 +1,7 @@
import * as blueprints from '@aws-quickstart/eks-blueprints';
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
import { getConstructPrefix } from '../../configs';
import { DESTROY_WHEN_REMOVE } from '../../configs/constants';
@@ -14,10 +15,12 @@ interface OpenSearchProps {
export class OpensearchResourceProvider implements blueprints.ResourceProvider<opensearch.IDomain> {
private readonly config: StackConfig;
private readonly vpc: ec2.IVpc;
private readonly domainName: string;
constructor(readonly props: OpenSearchProps) {
this.vpc = props.vpc;
this.config = props.config;
this.domainName = `${getConstructPrefix(props.config)}-Domain`.toLowerCase();
}
provide(context: blueprints.ResourceContext): opensearch.IDomain {
@@ -66,9 +69,18 @@ export class OpensearchResourceProvider implements blueprints.ResourceProvider<o
"Allow OpenSearch traffic"
)
const masterUserName = process.env.OPENSEARCH_ADMINNAME;
if (!masterUserName) {
throw new Error("environment variable 'OPENSEARCH_ADMINNAME' is missing");
}
const masterUserPassword = process.env.OPENSEARCH_PASSWORD;
if (!masterUserPassword) {
throw new Error("environment variable 'OPENSEARCH_PASSWORD' is missing");
}
const domainProps: opensearch.DomainProps = {
version: opensearch.EngineVersion.OPENSEARCH_2_13,
removalPolicy: DESTROY_WHEN_REMOVE ? cdk.RemovalPolicy.DESTROY : cdk.RemovalPolicy.RETAIN,
domainName: this.domainName,
vpcSubnets: [{ subnets: selectedSubnets }],
capacity: {
...capacity,
@@ -85,6 +97,24 @@ export class OpensearchResourceProvider implements blueprints.ResourceProvider<o
enabled: multiAz.enabled,
availabilityZoneCount: multiAz.azCount,
},
nodeToNodeEncryption: true,
enforceHttps: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: masterUserName,
masterUserPassword: cdk.SecretValue.unsafePlainText(masterUserPassword),
},
accessPolicies: [
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
principals: [new iam.AnyPrincipal()],
actions: ['es:*'],
resources: [`arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${this.domainName}/*`],
}),
],
vpc: this.vpc,
};
-2
View File
@@ -1614,7 +1614,6 @@
"version": "2.148.1",
"resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.148.1.tgz",
"integrity": "sha512-wiAi4vFJ52A42PpU3zRi2gVDqbTXSBVFrqKRqEd8wYL1mqa0qMv9FR35NsgbM1RL9s7g5ZljYvl+G2tXpcp5Eg==",
"dev": true,
"bin": {
"cdk": "bin/cdk"
},
@@ -2313,7 +2312,6 @@
"version": "2.3.2",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
"integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
"dev": true,
"hasInstallScript": true,
"optional": true,
"os": [