search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.68k stars 3.93k forks source link

(opensearchservice): example in the doc doesn't work, error received-`You must configure zone awareness settings if you turn on zone awareness.` #31583

Open jwoehrle opened 1 month ago

jwoehrle commented 1 month ago

Describe the bug

I'm trying to follow the documentation quick-start to create a dev-domain.

For a dev-domain my expectations are that there is only a single AZ used.

This is my stack:

export class OpensearchDashboardAuthStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);
    const devDomain = new os.Domain(this, 'Domain', {
      version: os.EngineVersion.OPENSEARCH_2_15
    });
  }
}

Deployment fails with:

❌ OpensearchDashboardAuthStack failed: Error: The stack named OpensearchDashboardAuthStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Invalid request provided: You must configure zone awareness settings if you turn on zone awareness. (Service: OpenSearch, Status Code: 400, Request ID: 370df696-de86-4e9a-aaf3-7e319dcff87e)" (RequestToken: d312ed64-2872-6a1a-3172-d10a3a95348d, HandlerErrorCode: InvalidRequest)

Regression Issue

Last Known Working CDK Version

No response

Expected Behavior

creation succeeds with a domain in a single AZ.

Current Behavior

creation fails with

❌ OpensearchDashboardAuthStack failed: Error: The stack named OpensearchDashboardAuthStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Invalid request provided: You must configure zone awareness settings if you turn on zone awareness. (Service: OpenSearch, Status Code: 400, Request ID: 370df696-de86-4e9a-aaf3-7e319dcff87e)" (RequestToken: d312ed64-2872-6a1a-3172-d10a3a95348d, HandlerErrorCode: InvalidRequest)

Reproduction Steps

run cdk deploy with this stack:

export class OpensearchDashboardAuthStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);
    const devDomain = new os.Domain(this, 'Domain', {
      version: os.EngineVersion.OPENSEARCH_2_15
    });
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.160.0 (build 7a8ae02)

Framework Version

No response

Node.js Version

v20.9.0

OS

macOS 14.7

Language

TypeScript

Language Version

~5.6.2

Other information

No response

khushail commented 1 month ago

Hi @jwoehrle , thanks for reaching out.

This issue is reproducible . however what I observed while running the code -

    const devDomain = new Domain(this, 'Domain', {
      version: EngineVersion.OPENSEARCH_2_15,
    });

    new cdk.CfnOutput(this, 'DomainEndpoint', { value: devDomain.domainEndpoint });
  }

the synthesized template has this zoneAwareness set to false which makes sense as its not mandatory-

"Resources": {
  "Domain66AC69E0": {
   "Type": "AWS::OpenSearchService::Domain",
   "Properties": {
    "ClusterConfig": {
     "DedicatedMasterEnabled": false,
     "InstanceCount": 1,
     "InstanceType": "r5.large.search",
     "MultiAZWithStandbyEnabled": true,
     "ZoneAwarenessEnabled": false
    },
    "DomainEndpointOptions": {
     "EnforceHTTPS": false,
     "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07"
    },
    "EBSOptions": {
     "EBSEnabled": true,
     "VolumeSize": 10,
     "VolumeType": "gp2"
    },
    "EncryptionAtRestOptions": {
     "Enabled": false
    },
    "EngineVersion": "OpenSearch_2.15",
    "LogPublishingOptions": {},
    "NodeToNodeEncryptionOptions": {
     "Enabled": false
    }
   },
   "UpdateReplacePolicy": "Retain",
   "DeletionPolicy": "Retain",
   "Metadata": {
    "aws:cdk:path": "OpenSearchIssueStack/Domain/Resource"
   }
  },

I found previous similar issue -https://github.com/aws/aws-cdk/issues/29346 where a workaround has been suggested -https://github.com/aws/aws-cdk/issues/29346#issuecomment-1977124206

Could you please check and confirm if this reported issue is similar and proposed workaround is working for you?

Thanks

jwoehrle commented 1 month ago

Hi @khushail ,

thanks for reaching out. Yes, #29346 is similar, however it seems like in #29346 multiple subnets might be specified which will not work with zone awareness. Also the particular issue here is, that I'm trying to follow an example directly from the documentation which shouldn't fail.

I can confirm, that manually configuring the dataNodes as 1 and the masterNodes with 0 is a valid workaround.

Here's my complete version:

const devDomain = new os.Domain(this, 'Domain', {
      version: os.EngineVersion.OPENSEARCH_2_15,
      enableVersionUpgrade: true,
      enableAutoSoftwareUpdate: true,
      nodeToNodeEncryption: true,
      enforceHttps: true,
      encryptionAtRest: { enabled: true },
      ebs: {
        volumeSize: 30,
        volumeType: ec2.EbsDeviceVolumeType.GP3,
        throughput: 125,
        iops: 3000,
      },
      capacity: {
        dataNodeInstanceType: 'm6g.large.search',
        multiAzWithStandbyEnabled: false,
        masterNodes: 0,
        dataNodes: 1,
      },
      zoneAwareness: {
        enabled: false,
      },
     ...
      },
    });
khushail commented 1 month ago

thanks for the confirmation @jwoehrle . Since this issue is similar to https://github.com/aws/aws-cdk/issues/29346, I would be marking current one as documentation enhancement and would keep the original past issue as main for bug resolution.

Hope that makes sense! if you would like to add any information to https://github.com/aws/aws-cdk/issues/29346, please feel free to do so. Let me know if you any further questions.