Some time ago, we told you about our experience of solving complex problems with the help of Elasticsearch. It was a story about a sausage where we developed a search in a database of at least 50,000 documents, which allows you to search for ingredients in the composition of products and automatically generate product descriptions based on them.
Recently, an interesting project requiring the use of Elasticsearch came to our company again. This time we were faced with the task of deploying ES to work in an application on the Chinese cloud-based platform Alibaba Cloud. Here, in addition to technical problems, we encountered such an unexpected thing as the Chinese mentality.
This article will focus solely on our personal experience with Alibaba Cloud, and not on the interface or standard options. You will hear what we managed to find out in communication with representatives of the Elasticsearch and Alibaba Cloud platforms, and how we used it in solving our problem.
Hit at China
At the beginning of the project, the customer said that the first launch of the application would be in China. This made the task much more difficult: Chinese law causes quite a lot of inconvenience to developers and site owners. Just getting a domain due to local bureaucracy stretches for three months. What if the app is hosted outside of China? – you can ask. And in return, I wish you good luck with launching it in the Chinese zone because such tricks are practically illegal there.
We were given access to the client’s server on Alibaba Cloud and asked to deploy docker-containers with the application on it. This was the first but not the main problem. We forwarded access from the container to the file system in order to have access to the project files at the server level, and here the problem was that there was nothing on the server itself other than docker: neither git, nor nginx, nor php. Everything was executed at the container level, and the server was only a data store. So a simple git pull turned into this:
docker exec -it b33aee747c5e git pull
We had to write a bash script for each container due to this, for example, with a name git:
docker exec -it b33aee747c5e git $@
From there, the adventure only got more complicated: we had to install ES on it somehow. Through the Alibaba Cloud management console, we installed the Elasticsearch 6.0.0 image and…
…And after a while we started capturing bugs. Either the X-Pack access control system will “swear” that in 28 days our license expires or the RAM will run out when indexing some 500 documents. It didn’t “go off”.
All this time, we thought that the X-Pack was the reason for the failure, that it was the one which was preventing us from working properly.
“Oh well,” said the customer, after listening to our version. – So, we will buy the X-Pack license. Write to Elasticsearch, maybe they will advise something. So we wrote to the account service, and the consultant from the Dutch office, Driton Khalili, answered.
The consultant told me about the X-Pack license payment system and asked where we were hosted.
— China, I replied.
— “That’s a problem,” he muttered. — Your customer needs to write to our Chinese branch to get help with this problem.
— Any other options? I asked.
— Try contacting Alibaba Cloud. The fact is that we recently entered into a partnership agreement with them, and now they provide Elasticsearch as a service.
— So we are hosted with them, – I said in surprise.
— “Then why are you bothering with the container instead of taking it directly from them?!”
Having finished the conversation, I retold all this to the customer.
— How is that, does Alibaba really have Elasticsearch as a Service ?! — the indignation of the client knew no bounds. After that, he went to talk with his “Chinese colleagues”, and the next day he told the following:
— “These people said I was “lǎowài” and I was not supposed to have Elasticsearch on my “lǎowài” account.
Lǎowài, as you might guess, is the Chinese word for foreigners often used in a derogatory sense. In Chinese, it’s kind of a “bridge-and-tunnel crowd.”
— Hadn’t they too much puer to drink?
— I don’t know about puer but after my inspiring speech on how they are somewhat wrong and for what they receive money at all, I was given a “secret” link to Elasticsearch, which will now be displayed in our cloud console. Set up and we’ll move on.
What to do in order it to «go off»
Three weeks later, a link to Alibaba Cloud Elasticsearch appeared in the management console menu (in the DTplus section, at the very bottom).
Based on this, we can conclude that if the Chinese give you a link after all, you will have to wait for access for some time (I can’t say for sure about the price, in my opinion, this did not increase the cost of the subscription to us).
And one more thing: you, of course, will be given access to the settings, a normal URL, and Kibana for monitoring. But when you try to reach ES from somewhere else, you will get 505.
How this problem was solved?
By default, Alibaba Cloud Console’s Elasticsearch is available only from Kibana and proxies calls from it to 127.0.0.1 inside the server where ES itself is located. Then a thought popped up: what IP addresses do we have inside between containers? We go into the settings and see that all of them are spinning in the fairly familiar 192.168.0.* subnet. I was not completely sure, so I wrote down a couple more addresses for myself in case it wouldn’t “go off”.
I also thought about what would happen if I myself needed to send requests to ES from my workplace, so I also wrote down my IP address on a piece of paper.
Next, you need to do the following.
Go to Alibaba Cloud Console, open Cluster -> Manage -> Network and Snapshots -> Cluster Network Settings section -> Public IP Address Whitelist -> Update. And we save here all the addresses that are useful – both personal and public. After that, you can already work and knock on ES from containers with the application, and from other resources.
The move took less than two hours. True, I have been paranoid for another week about the fact that everything can fall, but so far nothing has fallen. It’s been three months now without a hitch.
In total, we spent about three weeks trying to solve a problem that does not exist. It’s just that the Chinese are very cunning and do not want to give access to their services to any “lǎowài”. A person with a Western mentality might find this strange, but anyway, we coped with this problem, and it was quite an experience!
Thanks for your attention!