Migrate to OpenSearch (#186)

* Migrate to OpenSearch

* opensearch security is stupid

* forgor

---------

Co-authored-by: byte[] <byteslice@airmail.cc>

config/runtime.exs

@@ -15,7 +15,7 @@ config :philomena,
   anonymous_name_salt: System.fetch_env!("ANONYMOUS_NAME_SALT"),
   hcaptcha_secret_key: System.fetch_env!("HCAPTCHA_SECRET_KEY"),
   hcaptcha_site_key: System.fetch_env!("HCAPTCHA_SITE_KEY"),
-  elasticsearch_url: System.get_env("ELASTICSEARCH_URL", "http://localhost:9200"),
+  opensearch_url: System.get_env("OPENSEARCH_URL", "https://admin:admin@localhost:9200"),
   advert_file_root: System.fetch_env!("ADVERT_FILE_ROOT"),
   avatar_file_root: System.fetch_env!("AVATAR_FILE_ROOT"),
   badge_file_root: System.fetch_env!("BADGE_FILE_ROOT"),
@@ -91,6 +91,10 @@ config :philomena, :s3_secondary_options,
 
 config :philomena, :s3_secondary_bucket, System.get_env("ALT_S3_BUCKET")
 
+# Don't bail on OpenSearch's self-signed certificate
+config :elastix,
+  httpoison_options: [ssl: [verify: :verify_none]]
+
 config :ex_aws, :hackney_opts,
   timeout: 180_000,
   recv_timeout: 180_000,

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 volumes:
   postgres_data: {}
-  elastic_data: {}
+  opensearch_data: {}
   app_cargo_data: {}
   app_build_data: {}
   app_deps_data: {}
@@ -31,7 +31,7 @@ services:
       - IMAGE_URL_ROOT=/img
       - BADGE_URL_ROOT=/badge-img
       - TAG_URL_ROOT=/tag-img
-      - ELASTICSEARCH_URL=http://elasticsearch:9200
+      - OPENSEARCH_URL=http://opensearch:9200
       - REDIS_HOST=valkey
       - DATABASE_URL=ecto://postgres:postgres@postgres/philomena_dev
       - CDN_HOST=localhost
@@ -54,7 +54,7 @@ services:
       - app_native_data:/srv/philomena/priv/native
     depends_on:
       - postgres
-      - elasticsearch
+      - opensearch
       - valkey
     ports:
       - '5173:5173'
@@ -68,14 +68,13 @@ services:
     logging:
       driver: "none"
 
-  elasticsearch:
+  opensearch:
-    image: elasticsearch:7.9.3
+    image: opensearchproject/opensearch:2.14.0
     volumes:
-      - elastic_data:/usr/share/elasticsearch/data
+      - opensearch_data:/usr/share/opensearch/data
+      - ./docker/opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
     logging:
       driver: "none"
-    environment:
-      - discovery.type=single-node
     ulimits:
       nofile:
         soft: 65536

docker/app/run-development

@@ -34,11 +34,11 @@ npm install
 # Always install mix dependencies
 (cd /srv/philomena && mix deps.get)
 
-# Sleep to allow Elasticsearch to finish initializing
+# Sleep to allow OpenSearch to finish initializing
 # if it's not done doing whatever it does yet
-echo -n "Waiting for Elasticsearch"
+echo -n "Waiting for OpenSearch"
 
-until wget -qO - elasticsearch:9200; do
+until wget --no-check-certificate -qO - http://opensearch:9200; do
   echo -n "."
   sleep 2
 done

docker/opensearch/opensearch.yml

@@ -0,0 +1,15 @@
+---
+cluster.name: docker-cluster
+
+# Bind to all interfaces because we don't know what IP address Docker will assign to us.
+network.host: 0.0.0.0
+
+# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
+discovery.type: single-node
+
+# Disable security. We don't need it for dev environment.
+# Also, whoever thought it's a GREAT IDEA TO ENFORCE SECURITY FEATURES
+# BY DEFAULT IN A FREAKING DOCKER CONTAINER should be forced to play
+# the password game every time they would like to create a new account
+# anywhere whatsoever.
+plugins.security.disabled: true

lib/philomena/elasticsearch.ex

@@ -30,7 +30,7 @@ defmodule Philomena.Elasticsearch do
   defp index_for(Filter), do: FilterIndex
 
   defp elastic_url do
-    Application.get_env(:philomena, :elasticsearch_url)
+    Application.get_env(:philomena, :opensearch_url)
   end
 
   def create_index!(module) do