Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.9.0
-
None
-
None
Description
Why?
While doing some resiliency tests (PRA: Activity Recovery Plan) we noticed that it is compulsory to have the OpenSearch cluster online in order to start James.
However, in case of disaster, I should be able to start James without having an OpenSearch cluster online. Indeed, search is a (very) nice to have feature but not an absolute necessity for sending / receiving mails. And restauring an OpenSearch service could take significant time. Being able to start without the OpenSearch cluster would thus allow to significantly accelerate the recovery plan.
Today one could start even the distributed server in scanning mode, so without OpenSearch but this is not a good idea for two reasons:
- The search would thus be implemented by scanning entire mailbox thus a few user doing search could have significant impacts thus worsening the incident.
- The documents to index would be lost and some sorts of full reindexing would also be needed when coming back online.
Expectations
I expect the following:
- being able to start without OpenSearch
- Search operations hitting the search index fails. But SearchOverrides would succeed, offering a minimal search service for non search operations eg imap resynchronisation...
- No index attempt is performed but events would be stored in the right place in event dead letter to eventually get replayed...
How?
Provide a `opensearch_disabled` search index implementation:
- reject search not satisfied by search overrides
- save events into event dead letter for later processing
Definition of done
Integration tests matching the expectations.
Attachments
Issue Links
- links to
