search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.02k stars 892 forks source link

Allow to bypass engine version validation for AWS default compatibility mode #6102

Closed leetn00b closed 6 months ago

leetn00b commented 6 months ago

Description

When setting the env variable ELASTICSEARCH__ENGINE_SELECTOR to opensearch, the error shown below surfaces and the platform crashes repeatedly. It is my understanding that this error shouldn’t surface, considering that I’m telling it that the DB is OpenSearch, and not using “auto” for the environment variable. I have seen other comments in the Filigran Slack that it is because OpenSearch now enables compatibility mode by default, however the only way to disable that is via an obscure POST request to the OpenSearch domain. This of course cannot be automated with terraform for the aws_opensearch_domain resource, so I am looking for a solution here involving changes in the OpenCTI code base. Note, this error didn’t surface when we were on 5.11.X.

{"category":"APP","errors":[{"attributes":{"configured":"opensearch","detected":"elk","genre":"TECHNICAL","http_status":500},"message":"Invalid
 Search engine 
selector","name":"CONFIGURATION_ERROR","stack":"CONFIGURATION_ERROR: 
Invalid Search engine selector\n    at error 
(/opt/opencti/build/src/config/errors.js:8:10)\n    at 
ConfigurationError (/opt/opencti/build/src/config/errors.js:70:53)\n    
at searchEngineInit (/opt/opencti/build/src/database/engine.js:262:13)\n
    at processTicksAndRejections 
(node:internal/process/task_queues:95:5)\n    at checkSystemDependencies
 (/opt/opencti/build/src/initialization.js:30:3)\n    at platformStart 
(/opt/opencti/build/src/boot.js:13:5)"}],"level":"error","message":"Invalid
 Search engine 
selector","timestamp":"2024-02-23T22:30:07.924Z","version":"5.12.33"}

Environment

  1. OS (where OpenCTI server runs): Amazon Linux 2
  2. OpenCTI version: 5.12.33

Temporary Solution

I was able to temporarily fix the issue by removing the if statement I have referenced below.. it seems this check is unnecessary. I can also see the “Search engine” entry until the “TOOLS” paper in settings shows “elk - 7.10.2" and everything is now working as it should.

https://github.com/OpenCTI-Platform/opencti/blob/e278eec9a46690b6f2b3a4381f3efce60b7c93c3/opencti-platform/opencti-graphql/src/database/engine.js#L268

richard-julien commented 6 months ago

I understand the pain about this. I dont want to completely remove this check as its valid for 99% of the cluster. However in order to ease your process, a new version to disable the check will be available in the next version. The option that represent the version check will be default to true but you will be able to change it for you needs.

ELASTICSEARCH__ENGINE_CHECK=false