From 43716a84adb7b5e9a9bb4ff1169e81075d8120a7 Mon Sep 17 00:00:00 2001 From: Antoine Cotten Date: Wed, 3 May 2023 18:10:54 +0200 Subject: [PATCH] feat: make execution of 'setup' container manual Closes #798 --- .github/workflows/ci.yml | 4 +++- README.md | 20 ++------------------ docker-compose.yml | 19 +++++++++++++------ setup/.dockerignore | 3 --- setup/.gitignore | 1 - setup/Dockerfile | 9 --------- setup/entrypoint.sh | 15 --------------- 7 files changed, 18 insertions(+), 53 deletions(-) delete mode 100644 setup/.gitignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 437779a4ee..a90a28ac19 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,7 +64,9 @@ jobs: ########################################################## - name: Run the stack - run: docker compose up -d + run: | + docker compose up setup + docker compose up -d - name: Execute core test suite run: .github/workflows/scripts/run-tests-core.sh diff --git a/README.md b/README.md index 2bf039e4ba..ea7ae548e1 100644 --- a/README.md +++ b/README.md @@ -91,14 +91,9 @@ own_. [sherifabdlnaby/elastdocker][elastdocker] is one example among others of p ### Host setup * [Docker Engine][docker-install] version **18.06.0** or newer -* [Docker Compose][compose-install] version **1.26.0** or newer (including [Compose V2][compose-v2]) +* [Docker Compose][compose-install] version **1.28.0** or newer (including [Compose V2][compose-v2]) * 1.5 GB of RAM -> **Warning** -> While Compose versions between **1.22.0** and **1.25.5** can technically run this stack as well, these versions have a -> [known issue](https://github.com/deviantony/docker-elk/pull/678#issuecomment-1055555368) which prevents them from -> parsing quoted values properly inside `.env` files. - > **Note** > Especially on Linux, make sure your user has the [required permissions][linux-postinstall] to interact with the Docker > daemon. @@ -357,21 +352,10 @@ Follow the instructions from the Wiki: [Scaling out Elasticsearch](https://githu ### How to re-execute the setup To run the setup container again and re-initialize all users for which a password was defined inside the `.env` file, -delete its volume and "up" the `setup` Compose service again manually: - -```console -$ docker-compose rm -f setup - ⠿ Container docker-elk-setup-1 Removed -``` - -```console -$ docker volume rm docker-elk_setup -docker-elk_setup -``` +simply "up" the `setup` Compose service again: ```console $ docker-compose up setup - ⠿ Volume "docker-elk_setup" Created ⠿ Container docker-elk-elasticsearch-1 Running ⠿ Container docker-elk-setup-1 Created Attaching to docker-elk-setup-1 diff --git a/docker-compose.yml b/docker-compose.yml index 66c96fe4ad..99dced1b1f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,12 +4,21 @@ services: # The 'setup' service runs a one-off script which initializes users inside # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the - # values of the passwords defined in the '.env' file. + # values of the passwords defined in the '.env' file. It also creates the + # roles required by some of these users. # - # This task is only performed during the *initial* startup of the stack. On all - # subsequent runs, the service simply returns immediately, without performing - # any modification to existing users. + # This task only needs to be performed once, during the *initial* startup of + # the stack. Any subsequent run will reset the passwords of existing users to + # the values defined inside the '.env' file, and the built-in roles to their + # default permissions. + # + # By default, it is excluded from the services started by 'docker compose up' + # due to the non-default profile it belongs to. To run it, either provide the + # '--profile=setup' CLI flag to Compose commands, or "up" the service by name + # such as 'docker compose up setup'. setup: + profiles: + - setup build: context: setup/ args: @@ -19,7 +28,6 @@ services: - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z - ./setup/lib.sh:/lib.sh:ro,Z - ./setup/roles:/roles:ro,Z - - setup:/state:Z environment: ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-} LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-} @@ -103,5 +111,4 @@ networks: driver: bridge volumes: - setup: elasticsearch: diff --git a/setup/.dockerignore b/setup/.dockerignore index 02f2244078..c5dd1c85ad 100644 --- a/setup/.dockerignore +++ b/setup/.dockerignore @@ -7,6 +7,3 @@ Dockerfile # Ignore Git files .gitignore - -# Ignore setup state -state/ diff --git a/setup/.gitignore b/setup/.gitignore deleted file mode 100644 index a27475ad10..0000000000 --- a/setup/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/state/ diff --git a/setup/Dockerfile b/setup/Dockerfile index 5365a99d1d..1cb7538995 100644 --- a/setup/Dockerfile +++ b/setup/Dockerfile @@ -3,13 +3,4 @@ ARG ELASTIC_VERSION # https://www.docker.elastic.co/ FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} -USER root - -RUN set -eux; \ - mkdir /state; \ - chmod 0775 /state; \ - chown elasticsearch:root /state - -USER elasticsearch:root - ENTRYPOINT ["/entrypoint.sh"] diff --git a/setup/entrypoint.sh b/setup/entrypoint.sh index ec1e1ff411..ac79321a86 100755 --- a/setup/entrypoint.sh +++ b/setup/entrypoint.sh @@ -43,18 +43,6 @@ roles_files=( # -------------------------------------------------------- -echo "-------- $(date --rfc-3339=seconds) --------" - -state_file="${BASH_SOURCE[0]%/*}"/state/.done -if [[ -e "$state_file" ]]; then - declare state_birthtime - state_birthtime="$(stat -c '%Y' "$state_file")" - state_birthtime="$(date --rfc-3339=seconds --date="@${state_birthtime}")" - - log "Setup has already run successfully on ${state_birthtime}. Skipping" - exit 0 -fi - log 'Waiting for availability of Elasticsearch. This can take several minutes.' declare -i exit_code=0 @@ -129,6 +117,3 @@ for user in "${!users_passwords[@]}"; do create_user "$user" "${users_passwords[$user]}" "${users_roles[$user]}" fi done - -mkdir -p "${state_file%/*}" -touch "$state_file"