At UAMx (OpenEdx for Universidad Autónoma de Madrid) we are running an instance of OpenEdx through tutor, with the databases as services installed natively in another server.
The problem is that I cannot connect to ElasticSearch through SSL from within a docker instance, because we need to pass ssl credentials and I don’t know how to pass them to docker.
In edx-platform, all connections to Elasticsearch happen through the edx-search package. This package creates an Elasticsearch client based on the ELASTIC_SEARCH_CONFIG setting.
Thus, you need to modify the ELASTIC_SEARCH_CONFIG setting to load the certificates from somewhere. If you run Open edX with tutor local, then you should bind-mount the certificates in the lms, cms, lms-worker and cms-worker containers. To do so, you should create a docker-compose.override.yml file.
I haven’t actually implemented this myself, but in theory it should work.
Thanks @regis for your quick response. I am trying to set the ELASTIC_SEARCH_CONFIG through a tutor plugin with the openedx-common-settings patch, but it seems to be overriden with the settings in config.yml
I have to make some more tests, as this is my first approach. I will keep my advances posted here
I finally managed to connect to an external ElasticSearch removing the SSL security, and as the servers are encapsulated in a secure environent it is perfectly valid. So, no need to modify the ELASTIC_SEARCH_CONFIG or the docker-compose.override.yml
Althought I had to install exactly the same ElasticSearch version as the docker container. With the last ES version tutor fail creating indexes.