Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broker a stock Solr image for SolrCloud #3068

Closed
4 tasks
mogul opened this issue Apr 1, 2021 · 4 comments
Closed
4 tasks

Broker a stock Solr image for SolrCloud #3068

mogul opened this issue Apr 1, 2021 · 4 comments
Labels
component/ssb

Comments

@mogul
Copy link
Contributor

mogul commented Apr 1, 2021

User Story

In order to minimize the potential for custom-built images to cause requests for overcompensating mitigations on the compliance front, the data.gov team wants to broker Solr without building a custom Solr image.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

  • GIVEN [a contextual precondition]
    [AND optionally another precondition]
    WHEN [a triggering event] happens
    THEN [a verifiable outcome]
    [AND optionally another verifiable outcome]

Background

[Any helpful contextual notes or links to artifacts/evidence, if needed]

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]

  • create an ssb brokered solr service use the {"solrImageTag": "6.6.6-slim"} parameter to specify a known good version of solr.
  • The CKAN schema and solr config is not pre-installed like it is on our custom docker images. Work around this.
  • SolrCloud might be a little different than a stand alone Solr instance (collections vs cores). Work around this.
@adborden adborden mentioned this issue Apr 1, 2021
Closed
@mogul
Copy link
Contributor Author

mogul commented Jul 2, 2021

The solr-operator is adding the ability to specify config and schema when creating a SolrCloud CRD. We can expose this capability through the broker provisioning configuration options.

@mogul mogul moved this to Icebox in data.gov team board Dec 3, 2021
@nickumia-reisys
Copy link
Contributor

Most of this work is complete. The only thing preventing us from using a stock solr image are some security vulnerabilities. If we make a PR upstream and it gets merged, the only concerns about the Solr image are these lines,

# Giving ownership to user 'solr'
RUN mkdir -p /opt/solr/server/solr/$SOLR_CORE/data/index
RUN chown -R $SOLR_USER:$SOLR_USER /opt/solr/server/solr/

@nickumia-reisys
Copy link
Contributor

This no longer seems feasible with our current Solr on ECS design. There is quite a bit of customization that we do to setup storage permissions, ckan core, solr authentication and other solr options, that we can't be on the default Solr image. See the following for more information

@nickumia-reisys
Copy link
Contributor

I'm really glad that @jbrown-xentity closed this. It might be possible, but if there's no external pressure to change this, there is little to no benefit from doing this. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/ssb
Projects
data.gov team board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mogul @jbrown-xentity @nickumia-reisys