From 03186e82f11c687eff61b5424feac56226061170 Mon Sep 17 00:00:00 2001
From: Smail KOURTA <smail.kourta@canonical.com>
Date: Thu, 5 Dec 2024 06:49:32 +0000
Subject: [PATCH 1/3] propagate the security index intitialized through the
 peercluster relation data

---
 lib/charms/opensearch/v0/models.py            |  1 +
 .../opensearch/v0/opensearch_base_charm.py    | 16 +++++++-
 .../v0/opensearch_relation_peer_cluster.py    | 38 ++++++++++++++++++-
 3 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/lib/charms/opensearch/v0/models.py b/lib/charms/opensearch/v0/models.py
index 5474fded8..dc55ead4a 100644
--- a/lib/charms/opensearch/v0/models.py
+++ b/lib/charms/opensearch/v0/models.py
@@ -326,6 +326,7 @@ class PeerClusterRelData(Model):
     cm_nodes: List[Node]
     credentials: PeerClusterRelDataCredentials
     deployment_desc: Optional[DeploymentDescription]
+    security_index_initialised: bool = False
 
 
 class PeerClusterRelErrorData(Model):
diff --git a/lib/charms/opensearch/v0/opensearch_base_charm.py b/lib/charms/opensearch/v0/opensearch_base_charm.py
index 65a1402f2..35dc16c79 100644
--- a/lib/charms/opensearch/v0/opensearch_base_charm.py
+++ b/lib/charms/opensearch/v0/opensearch_base_charm.py
@@ -403,6 +403,7 @@ def cleanup():
         # when "data" node joins -> start cluster-manager via _on_peer_cluster_relation_changed
         # cluster-manager notifies "data" node via refresh of peer cluster relation data
         # "data" node starts and initializes security index
+        logger.info(f"Deployment description at on start: {deployment_desc}")
         if (
             deployment_desc.typ == DeploymentType.MAIN_ORCHESTRATOR
             and not deployment_desc.start == StartMode.WITH_GENERATED_ROLES
@@ -1062,6 +1063,9 @@ def _post_start_init(self, event: _StartOpenSearch):  # noqa: C901
         """Initialization post OpenSearch start."""
         # initialize the security index if needed (and certs written on disk etc.)
         # this happens only on the first data node to join the cluster
+        logger.debug(
+            f"is_leader: {self.unit.is_leader()}, security_index_initialised: {self.peers_data.get(Scope.APP, 'security_index_initialised')}, roles: {self.opensearch_peer_cm.deployment_desc().config.roles}, start: {self.opensearch_peer_cm.deployment_desc().start}"
+        )
         if (
             self.unit.is_leader()
             and not self.peers_data.get(Scope.APP, "security_index_initialised")
@@ -1074,7 +1078,8 @@ def _post_start_init(self, event: _StartOpenSearch):  # noqa: C901
             admin_secrets = self.secrets.get_object(Scope.APP, CertType.APP_ADMIN.val)
             try:
                 self._initialize_security_index(admin_secrets)
-                self.peers_data.put(Scope.APP, "security_index_initialised", True)
+                self.put_or_update_security_index_initialized(event)
+
             except OpenSearchCmdError as e:
                 logger.debug(f"Error when initializing the security index: {e.out}")
                 event.defer()
@@ -1721,6 +1726,15 @@ def handle_joining_data_node(self) -> None:
         else:
             self._start_opensearch_event.emit(ignore_lock=True)
 
+    def put_or_update_security_index_initialized(self, event: EventBase) -> None:
+        """Set the security index initialized flag."""
+        self.peers_data.put(Scope.APP, "security_index_initialised", True)
+        if self.opensearch_peer_cm.deployment_desc().typ == DeploymentType.MAIN_ORCHESTRATOR:
+            self.peer_cluster_provider.refresh_relation_data(event)
+        else:
+            # notify the main orchestrator that the security index is initialized
+            self.peer_cluster_requirer.set_security_index_initialised()
+
     @property
     def unit_ip(self) -> str:
         """IP address of the current unit."""
diff --git a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
index 39193d694..9b2a6c57d 100644
--- a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
+++ b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
@@ -418,6 +418,7 @@ def _rel_data(
                     s3=self._s3_credentials(deployment_desc),
                 ),
                 deployment_desc=deployment_desc,
+                security_index_initialised=self._get_security_index_initialised(),
             )
         except OpenSearchHttpError:
             return PeerClusterRelErrorData(
@@ -519,6 +520,22 @@ def _fetch_local_cm_nodes(self, deployment_desc: DeploymentDescription) -> List[
             if node.is_cm_eligible() and node.app.id == deployment_desc.app.id
         ]
 
+    def _get_security_index_initialised(self) -> bool:
+        """Check if the security index is initialised."""
+        if self.charm.peers_data.get(Scope.APP, "security_index_initialised", False):
+            return True
+
+        # check all other clusters if they have initialised the security index
+        all_relation_ids = [
+            rel.id for rel in self.charm.model.relations[self.relation_name] if len(rel.units) > 0
+        ]
+
+        for rel_id in all_relation_ids:
+            if self.get_from_rel("security_index_initialised", rel_id=rel_id, remote_app=True):
+                return True
+
+        return False
+
 
 class OpenSearchPeerClusterRequirer(OpenSearchPeerClusterRelation):
     """Peer cluster relation requirer class."""
@@ -598,6 +615,9 @@ def _on_peer_cluster_relation_changed(self, event: RelationChangedEvent):  # noq
         # register main and failover cm app names if any
         self.charm.peers_data.put_object(Scope.APP, "orchestrators", orchestrators.to_dict())
 
+        if data.security_index_initialised:
+            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
+
         # let the charm know this is an already bootstrapped cluster
         self.charm.peers_data.put(Scope.APP, "bootstrapped", True)
 
@@ -643,7 +663,8 @@ def _set_security_conf(self, data: PeerClusterRelData) -> None:
         )
 
         self.charm.peers_data.put(Scope.APP, "admin_user_initialized", True)
-        if self.charm.alt_hosts:
+        logger.debug(f"PeerClusterRelData: {data.to_dict()}")
+        if data.security_index_initialised:
             self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
 
         if s3_creds := data.credentials.s3:
@@ -680,6 +701,21 @@ def _orchestrators(
 
         return PeerClusterOrchestrators.from_dict(local_orchestrators)
 
+    def set_security_index_initialised(self) -> None:
+        """Set the security index as initialised."""
+        # get the MAIN orchestrator
+        orchestrators = PeerClusterOrchestrators.from_dict(
+            self.charm.peers_data.get_object(Scope.APP, "orchestrators") or {}
+        )
+
+        if not orchestrators:
+            return
+
+        # set the security index as initialised in the unit data bag with the main orchestrator
+        self.put_in_rel(
+            data={"security_index_initialised": "true"}, rel_id=orchestrators.main_rel_id
+        )
+
     def _put_current_app(
         self, event: RelationEvent, deployment_desc: DeploymentDescription
     ) -> None:

From 94ccde134e5805e9adbc895d8b674514558d4533 Mon Sep 17 00:00:00 2001
From: Smail KOURTA <smail.kourta@canonical.com>
Date: Thu, 5 Dec 2024 12:59:59 +0000
Subject: [PATCH 2/3] remove logs and redundant setting of the flag

---
 lib/charms/opensearch/v0/opensearch_base_charm.py            | 4 ----
 lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py | 3 ---
 2 files changed, 7 deletions(-)

diff --git a/lib/charms/opensearch/v0/opensearch_base_charm.py b/lib/charms/opensearch/v0/opensearch_base_charm.py
index 35dc16c79..6aecebfc0 100644
--- a/lib/charms/opensearch/v0/opensearch_base_charm.py
+++ b/lib/charms/opensearch/v0/opensearch_base_charm.py
@@ -403,7 +403,6 @@ def cleanup():
         # when "data" node joins -> start cluster-manager via _on_peer_cluster_relation_changed
         # cluster-manager notifies "data" node via refresh of peer cluster relation data
         # "data" node starts and initializes security index
-        logger.info(f"Deployment description at on start: {deployment_desc}")
         if (
             deployment_desc.typ == DeploymentType.MAIN_ORCHESTRATOR
             and not deployment_desc.start == StartMode.WITH_GENERATED_ROLES
@@ -1063,9 +1062,6 @@ def _post_start_init(self, event: _StartOpenSearch):  # noqa: C901
         """Initialization post OpenSearch start."""
         # initialize the security index if needed (and certs written on disk etc.)
         # this happens only on the first data node to join the cluster
-        logger.debug(
-            f"is_leader: {self.unit.is_leader()}, security_index_initialised: {self.peers_data.get(Scope.APP, 'security_index_initialised')}, roles: {self.opensearch_peer_cm.deployment_desc().config.roles}, start: {self.opensearch_peer_cm.deployment_desc().start}"
-        )
         if (
             self.unit.is_leader()
             and not self.peers_data.get(Scope.APP, "security_index_initialised")
diff --git a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
index 9b2a6c57d..1506577e8 100644
--- a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
+++ b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
@@ -663,9 +663,6 @@ def _set_security_conf(self, data: PeerClusterRelData) -> None:
         )
 
         self.charm.peers_data.put(Scope.APP, "admin_user_initialized", True)
-        logger.debug(f"PeerClusterRelData: {data.to_dict()}")
-        if data.security_index_initialised:
-            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
 
         if s3_creds := data.credentials.s3:
             self.charm.secrets.put_object(Scope.APP, "s3-creds", s3_creds.to_dict(by_alias=True))

From 6a1c83428184506367a9c991fce2103efed5511d Mon Sep 17 00:00:00 2001
From: Smail KOURTA <smail.kourta@canonical.com>
Date: Thu, 5 Dec 2024 14:20:24 +0000
Subject: [PATCH 3/3] provider also adds flag to peer relation

---
 lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
index 1506577e8..f31906c15 100644
--- a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
+++ b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
@@ -160,6 +160,9 @@ def _on_peer_cluster_relation_changed(self, event: RelationChangedEvent):
         if not (data := event.relation.data.get(event.app)):
             return
 
+        if self._get_security_index_initialised():
+            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
+
         # get list of relations with this orchestrator
         target_relation_ids = [
             rel.id for rel in self.charm.model.relations[self.relation_name] if len(rel.units) > 0