Make multi-tenant support optional and disabled by default.

horizon/scripts/onms-core-init.sh

@@ -261,14 +261,17 @@ mkdir -p ${CONFIG_DIR_OVERLAY}/opennms.properties.d ${CONFIG_DIR_OVERLAY}/featur
 # Apply common OpenNMS configuration settings
 # Configure the instance ID
 # Required when having multiple OpenNMS backends sharing a Kafka cluster or an Elasticsearch cluster.
-if [[ ${OPENNMS_INSTANCE_ID} ]]; then
+if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
   echo "Creating ${CONFIG_DIR_OVERLAY}/opennms.properties.d/instanceid.properties with our instance ID '${OPENNMS_INSTANCE_ID}'"
   cat <<EOF > ${CONFIG_DIR_OVERLAY}/opennms.properties.d/instanceid.properties
 # Used for Kafka Topics and Elasticsearch Index Prefixes
 org.opennms.instance.id=${OPENNMS_INSTANCE_ID}
 EOF
 else
-  OPENNMS_INSTANCE_ID="OpenNMS"
+  if [[ -e "${CONFIG_DIR}/opennms.properties.d/instanceid.properties" ]]; then
+    echo "Found ${CONFIG_DIR}/opennms.properties.d/instanceid.properties, we are going to remove it."
+    rm "${CONFIG_DIR}/opennms.properties.d/instanceid.properties"
+  fi
 fi
 
 # Disable data choices (optional)
@@ -393,8 +396,10 @@ readTimeoutInMs=${CORTEX_READ_TIMEOUT}
 metricCacheSize=${CORTEX_METRIC_CACHE_SIZE}
 externalTagsCacheSize=${CORTEX_EXTERNAL_TAGS_CACHE_SIZE}
 bulkheadMaxWaitDuration=${CORTEX_BULKHEAD_MAX_WAIT_DURATION}
-organizationId=${OPENNMS_INSTANCE_ID}
 EOF
+  if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+    echo "organizationId=${OPENNMS_INSTANCE_ID}" >> ${CONFIG_DIR_OVERLAY}/org.opennms.plugins.tss.cortex.cfg
+  fi
 
   mkdir -p ${CONFIG_DIR_OVERLAY}/featuresBoot.d
 
@@ -440,15 +445,19 @@ EOF
 # Configure Elasticsearch to allow Helm/Grafana to access Flow data
 if [[ -v ELASTICSEARCH_SERVER ]]; then
   echo "Configuring Elasticsearch for Flows..."
-  PREFIX=$(echo ${OPENNMS_INSTANCE_ID} | tr '[:upper:]' '[:lower:]')-
   echo "Creating ${CONFIG_DIR_OVERLAY}/org.opennms.features.flows.persistence.elastic.cfg"
   cat <<EOF > ${CONFIG_DIR_OVERLAY}/org.opennms.features.flows.persistence.elastic.cfg
 elasticUrl=https://${ELASTICSEARCH_SERVER}
 globalElasticUser=${ELASTICSEARCH_USER}
 globalElasticPassword=${ELASTICSEARCH_PASSWORD}
 elasticIndexStrategy=${ELASTICSEARCH_INDEX_STRATEGY_FLOWS}
+EOF
+  if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+    PREFIX=$(echo ${OPENNMS_INSTANCE_ID} | tr '[:upper:]' '[:lower:]')-
+    cat <<EOF >> ${CONFIG_DIR_OVERLAY}/org.opennms.features.flows.persistence.elastic.cfg
 indexPrefix=${PREFIX}
 EOF
+  fi
 fi
 
 
@@ -478,11 +487,6 @@ fi
 
 # Configure Sink and RPC to use Kafka, and the Kafka Producer.
 if [[ -v KAFKA_BOOTSTRAP_SERVER ]]; then
-  if [[ ${OPENNMS_INSTANCE_ID} == "" ]]; then
-    echo >&2 "OPENNMS_INSTANCE_ID cannot be empty. Aborting."
-    exit 1
-  fi
-
   echo "Configuring Kafka for IPC..."
 
   echo "Creating ${CONFIG_DIR_OVERLAY}/opennms.properties.d/amq.properties"
@@ -500,16 +504,19 @@ EOF
 
 # TWIN
 org.opennms.core.ipc.twin.kafka.bootstrap.servers=${KAFKA_BOOTSTRAP_SERVER}
+EOF
+    if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+      cat <<EOF >> ${CONFIG_DIR_OVERLAY}/opennms.properties.d/kafka.properties
 org.opennms.core.ipc.twin.kafka.group.id=${OPENNMS_INSTANCE_ID}-Core-Twin
 EOF
+    fi
   fi
 
   cat <<EOF >> ${CONFIG_DIR_OVERLAY}/opennms.properties.d/kafka.properties
 
 # SINK
 org.opennms.core.ipc.sink.initialSleepTime=60000
 org.opennms.core.ipc.sink.kafka.bootstrap.servers=${KAFKA_BOOTSTRAP_SERVER}
-org.opennms.core.ipc.sink.kafka.group.id=${OPENNMS_INSTANCE_ID}-Core-Sink
 
 # SINK Consumer (verify Kafka broker configuration)
 org.opennms.core.ipc.sink.kafka.session.timeout.ms=30000
@@ -519,7 +526,6 @@ org.opennms.core.ipc.sink.kafka.max.poll.records=50
 org.opennms.core.ipc.rpc.kafka.bootstrap.servers=${KAFKA_BOOTSTRAP_SERVER}
 org.opennms.core.ipc.rpc.kafka.ttl=30000
 org.opennms.core.ipc.rpc.kafka.single-topic=true
-org.opennms.core.ipc.rpc.kafka.group.id=${OPENNMS_INSTANCE_ID}-Core-RPC
 
 # RPC Consumer (verify Kafka broker configuration)
 org.opennms.core.ipc.rpc.kafka.request.timeout.ms=30000
@@ -532,6 +538,15 @@ org.opennms.core.ipc.rpc.kafka.acks=0
 org.opennms.core.ipc.rpc.kafka.linger.ms=5
 EOF
 
+  if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+    cat <<EOF >> ${CONFIG_DIR_OVERLAY}/opennms.properties.d/kafka.properties
+
+# org.opennms.instance.id-prefixed groups for multi-tenant operation
+org.opennms.core.ipc.sink.kafka.group.id=${OPENNMS_INSTANCE_ID}-Core-Sink
+org.opennms.core.ipc.rpc.kafka.group.id=${OPENNMS_INSTANCE_ID}-Core-RPC
+EOF
+  fi
+
   MODULES="rpc sink"
   if [[ "$USE_TWIN" == "true" ]]; then
     MODULES="twin $MODULES"

horizon/scripts/onms-sentinel-init.sh

@@ -66,16 +66,12 @@ OVERLAY_DIR=/opt/sentinel-etc-overlay
 
 # Configure the instance ID and Interface-to-Node cache
 # Required when having multiple OpenNMS backends sharing a Kafka cluster or an Elasticsearch cluster.
-CUSTOM_PROPERTIES=${OVERLAY_DIR}/custom.system.properties
-if [[ ${OPENNMS_INSTANCE_ID} ]]; then
-  cat <<EOF >> ${CUSTOM_PROPERTIES}
+if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+  cat <<EOF >> ${OVERLAY_DIR}/custom.system.properties
 # Used for Kafka Topics
 org.opennms.instance.id=${OPENNMS_INSTANCE_ID}
 # Refresh Interface-to-Node cache every 2 hours
 org.opennms.interface-node-cache.refresh-timer=7200000
-EOF
-else
-  OPENNMS_INSTANCE_ID="OpenNMS"
 fi
 
 cat <<EOF > ${OVERLAY_DIR}/org.opennms.netmgt.distributed.datasource.cfg
@@ -122,17 +118,22 @@ adapters.0.class-name=org.opennms.netmgt.telemetry.protocols.netflow.adapter.net
 queue.threads=${NUM_LISTENER_THREADS}
 EOF
 
-  PREFIX=$(echo ${OPENNMS_INSTANCE_ID} | tr '[:upper:]' '[:lower:]')-
   cat <<EOF > ${OVERLAY_DIR}/org.opennms.features.flows.persistence.elastic.cfg
 elasticUrl=https://${ELASTICSEARCH_SERVER}
 globalElasticUser=${ELASTICSEARCH_USER}
 globalElasticPassword=${ELASTICSEARCH_PASSWORD}
 elasticIndexStrategy=${ELASTICSEARCH_INDEX_STRATEGY_FLOWS}
-indexPrefix=${PREFIX}
 # The following settings should be consistent with your ES cluster
 settings.index.number_of_shards=${ELASTICSEARCH_NUM_SHARDS}
 settings.index.number_of_replicas=${ELASTICSEARCH_REPLICATION_FACTOR}
 EOF
+
+  if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+    PREFIX=$(echo ${OPENNMS_INSTANCE_ID} | tr '[:upper:]' '[:lower:]')-
+    cat <<EOF >> ${OVERLAY_DIR}/org.opennms.features.flows.persistence.elastic.cfg
+indexPrefix=${PREFIX}
+EOF
+  fi
 fi
 
 if [[ -v KAFKA_BOOTSTRAP_SERVER ]]; then
@@ -149,11 +150,16 @@ EOF
 
   cat <<EOF > ${FILE_PREFIX}.consumer.cfg
 # Consumers
-group.id=${OPENNMS_INSTANCE_ID}_Sentinel
 bootstrap.servers=${KAFKA_BOOTSTRAP_SERVER}
 max.partition.fetch.bytes=5000000
 EOF
 
+  if [ -n "${OPENNMS_INSTANCE_ID}" ]; then
+    cat <<EOF >> ${FILE_PREFIX}.consumer.cfg
+group.id=${OPENNMS_INSTANCE_ID}_Sentinel
+EOF
+  fi
+
   for f in ${FILE_PREFIX}.cfg ${FILE_PREFIX}.consumer.cfg; do
     cat <<EOF >> $f
 # Security

horizon/templates/_helpers.tpl

@@ -97,8 +97,7 @@ server:
   http_listen_port: 9080
   grpc_listen_port: 0
 clients:
-- tenant_id: {{ .Release.Name }}
-  url: {{ printf "%s://%s:%d/loki/api/v1/push" $scheme ((.Values.dependencies).loki).hostname (((.Values.dependencies).loki).port | int) }}
+- url: {{ printf "%s://%s:%d/loki/api/v1/push" $scheme ((.Values.dependencies).loki).hostname (((.Values.dependencies).loki).port | int) }}
   {{- if and ((.Values.dependencies).loki).username ((.Values.dependencies).loki).password }}
   basic_auth:
     username: {{ .Values.dependencies.loki.username }}
@@ -108,6 +107,9 @@ clients:
   tls_config:
     ca_file: /etc/jks/loki-ca.cert
   {{- end }}
+  {{- if .Values.multiTenant }}
+  tenant_id: {{ .Release.Name }}
+  {{- end }}
   external_labels:
     {{ include "namespace" . }}
 scrape_configs:

horizon/templates/app-settings.configmap.yaml

@@ -19,9 +19,17 @@ data:
   ENABLE_CORTEX: {{ ((.Values.core).configuration).enableCortex | quote }}
   ENABLE_TSS_DUAL_WRITE: {{ ((.Values.core).configuration).enableTssDualWrite | quote }}
   ENABLE_GRAFANA: {{ if gt ((.Values.grafana).replicaCount|int) 0 }}"true"{{ else }}"false"{{ end }}
+  {{- if .Values.multiTenant }}
   OPENNMS_INSTANCE_ID: {{ .Release.Name | quote }}
+  {{- else }}
+  OPENNMS_INSTANCE_ID: ""
+  {{- end }}
   OPENNMS_SERVER: {{ include "namespace" . | printf "onms-core.%s.svc" | quote }}
+  {{- if .Values.multiTenant }}
   OPENNMS_DBNAME: {{ printf "%s_opennms" .Release.Name | quote }}
+  {{- else }}
+  OPENNMS_DBNAME: "opennms"
+  {{- end }}
   {{- if ((.Values.core).configuration).rras }}
   OPENNMS_RRAS: {{ join ";" .Values.core.configuration.rras }}
   {{- end }}
@@ -56,7 +64,11 @@ data:
   GF_SERVER_ROOT_URL: "/"
   {{- end }}
   GF_DATABASE_TYPE: "postgres"
+  {{- if .Values.multiTenant }}
   GF_DATABASE_NAME: {{ printf "%s_grafana" .Release.Name | quote }}
+  {{- else }}
+  GF_DATABASE_NAME: "grafana"
+  {{- end }}
   GF_DATABASE_SSL_MODE: {{ (((.Values.grafana).configuration).database).sslmode | default "disable" | quote }}
   GF_DATABASE_CA_CERT_PATH: "/etc/java/jks/postgresql-ca.crt"
   GF_SESSION_PROVIDER: "postgres"

horizon/values.schema.json

@@ -284,6 +284,11 @@
             "title": "Install resource objects into namespace named for the Helm release",
             "default": false
         },
+        "multiTenant": {
+            "type": "boolean",
+            "title": "Enable multi-tenant mode",
+            "default": false
+        },
         "imagePullSecrets": {
             "type": "array",
             "title": "Image Pull Secrets",

horizon/values.yaml

@@ -5,6 +5,9 @@
 timezone: America/New_York
 domain: example.com  # The common domain for the Ingress resource.
 
+# -- Enable multi-tenant mode. This will use the release name as the per-tenant identifier for the OpenNMS instance ID, databases, Kakfa topics, ElasticSearch indices, and Prometheus organization ID.
+multiTenant: false
+
 # -- Install resource objects into namespace named for the Helm release. See also createNamespace.
 releaseNamespace: false