Details about this thread
  • State Not Answered
  • Replies 2 replies
  • Subscribers 314 subscribers
  • Views 2284 views
  • Users 0 members are here
Related content from around SugarClub

Configuring SugarCRM to use ElasticSearch with AWS Auth

John Hoffmann

After a bit of searching I didn't see this posted anywhere, and the official Sugar docs specify that the only allowed 'transport' values are 'http' or 'https'.

$sugar_config['full_text_engine']['Elastic'] = [
    'host' => '<host>',
    'port' => '9200',
    'transport' => 'AwsAuthV4',
    'aws_region' => '<region>', // Ex. us-east-1
    'aws_access_key_id' => '<key id>',
    'aws_secret_access_key' => '<access key>'
];

Verified to connect on Sugar Enterprise 8.0.x which ships with Elastica 6.0.1.

Parents
  • 0

    Hey John,

    I've been working with a new AWS ElasticSearch Service domain recently–you're right. The documentation is pretty much non-existent.

    After reading through the Elastica source code, it looks like it operates on one of `80` or `443` depending upon an SSL configuration option. SugarCRM is wrapping Elastica and I believe `port` is entirely ignored. Unfortunately, I believe `ssl` is also ignored at this time, and it forces operation on `80` only. I'm waiting to here back from support on this limitation:

    // This configuration only works for an AWS Search Domain Configured without SSL
    $sugar_config['full_text_engine']['Elastic'] = [
        'host' => '<host>', // Ex. vpc-your-es-domain-xxxxxyyyyyzzzzz.us-east-1.es.amazon.com
        'transport' => 'AwsAuthV4',
        'aws_region' => '<region>', // Ex. us-east-1
        'aws_access_key_id' => '<key id>',
        'aws_secret_access_key' => '<access key>'
    ];

    Initially, I was also running into a problem by copying the full host from AWS when the host here must not have a protocol attached, that is do not include 'http://' or 'https://', which I believe goes for all Elastic systems, but it was just too tempting to copy and paste from the AWS Console.

  • 0 in reply to Michael Burling

    You're right, with AwsAuthV4 it ignores 'port' and forces it to 80 or 443 depending on the 'ssl' option, which Sugar is dropping.  It's still an issue in 11.0.2, so I'm opening a Case to hopefully get this addressed.

    The following works if I add 'ssl' to the connAllowedConfig array in src/Elasticsearch/Adapter/Client.php.  I didn't discover this until recently when I tried to 'Require HTTPS Traffic', googled, and came across my own post ...

    $sugar_config['full_text_engine']['Elastic'] = [
    'host' => 'search-xxxxxx.es.amazonaws.com',
    'transport' => 'AwsAuthV4',
    'ssl' => true,
    'aws_region' => 'xx-xxxx-x',
    'aws_access_key_id' => 'AXXXXXX',
    'aws_secret_access_key' => 'XXXXXXX'
];

    BUG-87469 was opened in June 2021 to address this, so hopefully it can be addressed soon as it's just a 1 line change.

Reply
  • 0 in reply to Michael Burling

    You're right, with AwsAuthV4 it ignores 'port' and forces it to 80 or 443 depending on the 'ssl' option, which Sugar is dropping.  It's still an issue in 11.0.2, so I'm opening a Case to hopefully get this addressed.

    The following works if I add 'ssl' to the connAllowedConfig array in src/Elasticsearch/Adapter/Client.php.  I didn't discover this until recently when I tried to 'Require HTTPS Traffic', googled, and came across my own post ...

    $sugar_config['full_text_engine']['Elastic'] = [
    'host' => 'search-xxxxxx.es.amazonaws.com',
    'transport' => 'AwsAuthV4',
    'ssl' => true,
    'aws_region' => 'xx-xxxx-x',
    'aws_access_key_id' => 'AXXXXXX',
    'aws_secret_access_key' => 'XXXXXXX'
];

    BUG-87469 was opened in June 2021 to address this, so hopefully it can be addressed soon as it's just a 1 line change.

Children
No Data