Loading .gitlab-ci.yml +41 −1 Original line number Diff line number Diff line Loading @@ -62,7 +62,7 @@ container-scanning: artifacts: paths: [gl-sast-container-report.json] deploy-supporting-branch-develop: deploy-es6-1-supporting-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: Loading Loading @@ -110,6 +110,46 @@ deploy-supporting-branch-develop: - master when: manual deploy-es6-2-supporting-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: SSH_REMOTE: ${DEV_SSH_REMOTE} STACK: elastic SERVICES_TO_CHECK: elastic_es6-2 IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-2.tmpl.yml:docker-compose.es6-2.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} NODE_PEM: ${DEV_NODE_2_PEM} NODE_KEY: ${DEV_NODE_2_KEY} NODE_CSR: ${DEV_NODE_2_CSR} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: - branches except: - master when: manual deploy-stable-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest Loading deploy/docker-compose.es6-2.dev.yml 0 → 100644 +14 −0 Original line number Diff line number Diff line version: '3.5' services: es6-2: environment: - cluster.name=${ES_CLUSTER_NAME:-es_dev} - discovery.zen.minimum_master_nodes=${ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES:-1} volumes: es-data-vol: name: "${ES_DATA_VOL_NAME:-es6-2-vol}" es-conf-vol: name: "${ES_CONF_VOL_NAME:-es6-2-conf-vol}" deploy/docker-compose.es6-2.tmpl.yml +76 −8 Original line number Diff line number Diff line Loading @@ -12,12 +12,56 @@ services: - path.data=${ES_PATH_DATA} - network.host=${ES_NETWORK_HOST} - bootstrap.memory_lock=${ES_BOOTSTRAP_MEMORY_LOCK} - xpack.security.enabled=false - searchguard.nodes_dn.0=${SG_NODE_1_DN} - searchguard.nodes_dn.1=${SG_NODE_2_DN} - searchguard.nodes_dn.2=${SG_NODE_3_DN} - searchguard.ssl.transport.pemcert_filepath=certs/node.pem - searchguard.ssl.transport.pemkey_filepath=certs/node.key - searchguard.ssl.transport.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.ssl.transport.enforce_hostname_verification=false - searchguard.ssl.transport.resolve_hostname=false - searchguard.ssl.http.enabled=false - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.enable_snapshot_restore_privilege=true - S3_ACCESS_KEY - S3_SECRET_KEY networks: elastic6-net: elastic-net: aliases: - es6-2 - ${ELASTIC_NET_ALIAS:-es6-2} metric-net: volumes: - es-vol:${ES_PATH_DATA} - es-data-vol:${ES_PATH_DATA} - es-conf-vol:/usr/share/elasticsearch/config secrets: - source: ca-pem target: /usr/share/elasticsearch/config/certs/root-ca.pem mode: 0600 uid: '1000' gid: '1000' - source: ca-key target: /usr/share/elasticsearch/config/certs/root-ca.key mode: 0600 uid: '1000' gid: '1000' - source: node-pem target: /usr/share/elasticsearch/config/certs/node.pem mode: 0600 uid: '1000' gid: '1000' - source: node-key target: /usr/share/elasticsearch/config/certs/node.key mode: 0600 uid: '1000' gid: '1000' - source: node-csr target: /usr/share/elasticsearch/config/certs/node.csr mode: 0600 uid: '1000' gid: '1000' deploy: mode: replicated replicas: 1 Loading @@ -31,13 +75,37 @@ services: reservations: memory: 1639M healthcheck: test: curl --fail --silent localhost:${PORT}/_cluster/health test: curl --silent localhost:${PORT}/_searchguard/health timeout: 10s retries: 3 start_period: 2m networks: elastic6-net: name: elastic6-net driver: overlay attachable: true elastic-net: name: ${ELASTIC_NET_NAME:-elastic6-net} external: true metric-net: name: ${METRIC_NET_NAME:-metric-net} external: true secrets: ca-pem: name: ${CA_PEM_NAME:-ca-pem} external: true ca-key: name: ${CA_KEY_NAME:-ca-key} external: true node-pem: name: ${NODE_PEM_NAME:-node-pem} file: ./certs/node.pem node-key: name: ${NODE_KEY_NAME:-node-key} file: ./certs/node.key node-csr: name: ${NODE_CSR_NAME:-node-csr} file: ./certs/node.csr Loading
.gitlab-ci.yml +41 −1 Original line number Diff line number Diff line Loading @@ -62,7 +62,7 @@ container-scanning: artifacts: paths: [gl-sast-container-report.json] deploy-supporting-branch-develop: deploy-es6-1-supporting-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: Loading Loading @@ -110,6 +110,46 @@ deploy-supporting-branch-develop: - master when: manual deploy-es6-2-supporting-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: SSH_REMOTE: ${DEV_SSH_REMOTE} STACK: elastic SERVICES_TO_CHECK: elastic_es6-2 IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-2.tmpl.yml:docker-compose.es6-2.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} NODE_PEM: ${DEV_NODE_2_PEM} NODE_KEY: ${DEV_NODE_2_KEY} NODE_CSR: ${DEV_NODE_2_CSR} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: - branches except: - master when: manual deploy-stable-branch-develop: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest Loading
deploy/docker-compose.es6-2.dev.yml 0 → 100644 +14 −0 Original line number Diff line number Diff line version: '3.5' services: es6-2: environment: - cluster.name=${ES_CLUSTER_NAME:-es_dev} - discovery.zen.minimum_master_nodes=${ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES:-1} volumes: es-data-vol: name: "${ES_DATA_VOL_NAME:-es6-2-vol}" es-conf-vol: name: "${ES_CONF_VOL_NAME:-es6-2-conf-vol}"
deploy/docker-compose.es6-2.tmpl.yml +76 −8 Original line number Diff line number Diff line Loading @@ -12,12 +12,56 @@ services: - path.data=${ES_PATH_DATA} - network.host=${ES_NETWORK_HOST} - bootstrap.memory_lock=${ES_BOOTSTRAP_MEMORY_LOCK} - xpack.security.enabled=false - searchguard.nodes_dn.0=${SG_NODE_1_DN} - searchguard.nodes_dn.1=${SG_NODE_2_DN} - searchguard.nodes_dn.2=${SG_NODE_3_DN} - searchguard.ssl.transport.pemcert_filepath=certs/node.pem - searchguard.ssl.transport.pemkey_filepath=certs/node.key - searchguard.ssl.transport.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.ssl.transport.enforce_hostname_verification=false - searchguard.ssl.transport.resolve_hostname=false - searchguard.ssl.http.enabled=false - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.enable_snapshot_restore_privilege=true - S3_ACCESS_KEY - S3_SECRET_KEY networks: elastic6-net: elastic-net: aliases: - es6-2 - ${ELASTIC_NET_ALIAS:-es6-2} metric-net: volumes: - es-vol:${ES_PATH_DATA} - es-data-vol:${ES_PATH_DATA} - es-conf-vol:/usr/share/elasticsearch/config secrets: - source: ca-pem target: /usr/share/elasticsearch/config/certs/root-ca.pem mode: 0600 uid: '1000' gid: '1000' - source: ca-key target: /usr/share/elasticsearch/config/certs/root-ca.key mode: 0600 uid: '1000' gid: '1000' - source: node-pem target: /usr/share/elasticsearch/config/certs/node.pem mode: 0600 uid: '1000' gid: '1000' - source: node-key target: /usr/share/elasticsearch/config/certs/node.key mode: 0600 uid: '1000' gid: '1000' - source: node-csr target: /usr/share/elasticsearch/config/certs/node.csr mode: 0600 uid: '1000' gid: '1000' deploy: mode: replicated replicas: 1 Loading @@ -31,13 +75,37 @@ services: reservations: memory: 1639M healthcheck: test: curl --fail --silent localhost:${PORT}/_cluster/health test: curl --silent localhost:${PORT}/_searchguard/health timeout: 10s retries: 3 start_period: 2m networks: elastic6-net: name: elastic6-net driver: overlay attachable: true elastic-net: name: ${ELASTIC_NET_NAME:-elastic6-net} external: true metric-net: name: ${METRIC_NET_NAME:-metric-net} external: true secrets: ca-pem: name: ${CA_PEM_NAME:-ca-pem} external: true ca-key: name: ${CA_KEY_NAME:-ca-key} external: true node-pem: name: ${NODE_PEM_NAME:-node-pem} file: ./certs/node.pem node-key: name: ${NODE_KEY_NAME:-node-key} file: ./certs/node.key node-csr: name: ${NODE_CSR_NAME:-node-csr} file: ./certs/node.csr
