Help:Toolforge/Elasticsearch: Difference between revisions
Line 31: | Line 31: | ||
== Write access == |
== Write access == |
||
Elasticsearch does not offer multi-tenant access control in |
Elasticsearch does not offer multi-tenant access control in its open source version. |
||
Write access to the indices is only loosely protected. PUT, POST, or DELETE requests sent to the Elasticsearch servers require HTTP Basic Authentication using a username and password specific to each tool. |
Write access to the indices is only loosely protected. PUT, POST, or DELETE requests sent to the Elasticsearch servers require HTTP Basic Authentication using a username and password specific to each tool. |
Revision as of 23:15, 8 January 2020
Overview
This page contains information about Elasticsearch services.
About Elasticsearch
Elasticsearch is a full-text search system built on Apache Lucene. It can be used to index and search data stored as JSON documents.
Elasticsearch is the technology used to power Wikimedia's CirrusSearch system.
Elasticsearch for Toolforge
An Elasticsearch cluster for all tools is available on tools-elastic-0[123]
, on the non-standard port 80
.
This Elasticsearch cluster is a shared resource. All documents indexed in it can be read by anonymous users from within Toolforge. Write access is needed to create new indexes, and a password is needed to store or update documents.
Read-only access
The Elasticsearch servers allow anyone to read any of the indexes that it contains. This access is limited to other hosts in the Toolforge project (e.g. the OGE job grid, Kubernetes containers, and the bastion servers).
The Elasticsearch service is available on port 80 on the following servers:
http://tools-elastic-01.tools.eqiad.wmflabs/
http://tools-elastic-02.tools.eqiad.wmflabs/
http://tools-elastic-03.tools.eqiad.wmflabs/
Note: The default Elasticsearch port (9200) is not used.
Write access
Elasticsearch does not offer multi-tenant access control in its open source version.
Write access to the indices is only loosely protected. PUT, POST, or DELETE requests sent to the Elasticsearch servers require HTTP Basic Authentication using a username and password specific to each tool.
Requests for write access are made by filing this Phabricator task.
When credentials have been created they will be placed in /data/project/$TOOL/.elasticsearch.ini
. Access requests are currently processed manually and may take a few days to be fulfilled.
Communication and support
Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:
- Chat in real time in the IRC channel #wikimedia-cloud connect or the bridged Telegram group
- Discuss via email after you have subscribed to the cloud@ mailing list
- Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
- Read the News wiki page
Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself
Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)