opensearch support - chef/chef-server GitHub Wiki

=> for external ES

• we dont have authentication
• so erchef can connect directly, no problem

=> for external OS

• they will provinding opensearch super user, through chef-server.rb or default.rb
• using that, we create new user using chef-secrets,
• we do our operations using the new user we created
• validation - erchef should connect to OS using the chef-secrets

https://github.com/chef/chef-server/pull/2933/files => OS changes in general

• there are some change for OS in erchef pushed to main, thats why we have some flags like 'search_auth_enabled' and usernam and password
• we need to create a new user because, we have been creating new user for postgres in erchef and bifrost and storing it in chef-secreats. we want to use the same patteren for OS also. OS is used by erchef only, so only one user is enough.
• need a flag to identify if its solar, or ES or OS (can we reuse the existing flag - 'search_provider')
• must use 'search_auth_enabled' flag for OS, for others not sure
• erchef Shahid will be handeling

=> omnibus side changes

• ommnibus need to create a new user using http requests by triggering helper.rb/create_opensearch_user
• best place to trigger the method is recepies/elasticsearch_index.rb, next best resource/elasticsearch_index.rb
• this must be triggered before creating the index - optmize if required
• optimize the helper.rb/elastic_search_major_version and resource/elasticsearch_index.rb/auth_header method
• verify - check if PrivateChef.credentials.get reads from chef-seacrets
• to create new user for OS checkout private_chef.rb file
• to get the super user password, make changes to chef-server-ctl secrets