Commit 9d169686 authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Merge branch 'dev' into 'master' 

Corrige seguridad, vol y entrypoint en dev

See merge request redmic-project/elastic/elasticsearch!43
parents 4d0e14a3 7e4f6132

.gitlab-ci.yml

+13 −30
Original line number Diff line number Diff line
@@ -10,6 +10,9 @@ services: 


variables:

  DOCKER_DRIVER: overlay2

  AWS_ACCESS_KEY_ID: ${S3_ACCESS_KEY}

  AWS_SECRET_ACCESS_KEY: ${S3_SECRET_KEY}

  ES_PLUGINS: repository-s3



docker-build-commit-non-master-branches:

  stage: package
@@ -71,36 +74,9 @@ container-scanning: 
  artifacts:

    paths: [gl-sast-container-report.json]



deploy-dev:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  variables:

    SSH_REMOTE: ${DEV_SSH_REMOTE}

    STACK: elastic

    SERVICES_TO_CHECK: elastic_${CI_PROJECT_NAME}-1

    IMAGE_NAME: ${CI_REGISTRY_IMAGE}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.${CI_PROJECT_NAME}-1.tmpl.yml:docker-compose.${CI_PROJECT_NAME}-1.dev.yml

    OLD_ELASTIC_ADMIN_PASS: ${DEV_OLD_ELASTIC_ADMIN_PASS}

    ELASTIC_ADMIN_PASS: ${DEV_ELASTIC_ADMIN_PASS}

    ELASTIC_USER: ${DEV_ELASTIC_USER}

    ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS}

    ELASTIC_USER_ROLE: ${DEV_ELASTIC_USER_ROLE}

  script:

    - create-nets.sh elastic-net

    - >

      deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE}

      OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS}

      ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE}

  environment:

    name: dev

  only:

    - dev

  when: manual



deploy-supporting-branch:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy

  image: ${DOCKER_DEPLOY_IMAGE_NAME}:${DOCKER_DEPLOY_IMAGE_TAG}

  variables:

    SSH_REMOTE: ${DEV_SSH_REMOTE}

    STACK: elastic
@@ -118,18 +94,19 @@ deploy-supporting-branch: 
      deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE}

      OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS}

      ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE}

      ES_PLUGINS=${ES_PLUGINS} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}

      AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}

  environment:

    name: dev

  only:

    - branches

  except:

    - master

    - dev

  when: manual



deploy-pro:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  image: ${DOCKER_DEPLOY_IMAGE_NAME}:${DOCKER_DEPLOY_IMAGE_TAG}

  variables:

    SSH_REMOTE: ${PRO_SSH_REMOTE}

    STACK: elastic
@@ -150,6 +127,8 @@ deploy-pro: 
      AWS_REGION=${AWS_REGION} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS}

      ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER}

      ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE}

      ES_PLUGINS=${ES_PLUGINS} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}

      AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}

    - >

      export SERVICES_TO_CHECK=elastic_${CI_PROJECT_NAME}-2

        COMPOSE_FILE=docker-compose.${CI_PROJECT_NAME}-2.tmpl.yml:docker-compose.${CI_PROJECT_NAME}-2.prod.yml
@@ -158,6 +137,8 @@ deploy-pro: 
      AWS_REGION=${AWS_REGION} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS}

      ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER}

      ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE}

      ES_PLUGINS=${ES_PLUGINS} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}

      AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}

    - >

      export SERVICES_TO_CHECK=elastic_${CI_PROJECT_NAME}-3

        COMPOSE_FILE=docker-compose.${CI_PROJECT_NAME}-3.tmpl.yml:docker-compose.${CI_PROJECT_NAME}-3.prod.yml
@@ -166,6 +147,8 @@ deploy-pro: 
      AWS_REGION=${AWS_REGION} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS}

      ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER}

      ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE}

      ES_PLUGINS=${ES_PLUGINS} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}

      AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}

  environment:

    name: pro

  only:

deploy/.env

+2 −0
Original line number Diff line number Diff line
@@ -2,3 +2,5 @@ PORT1=9200 
PORT2=9300

ELASTIC_USER=user

ELASTIC_USER_PASS=pass

ES_PLUGINS=repository-s3

ES_XPACK_SECURITY_ENABLED=false

deploy/docker-compose.elasticsearch-1.dev.yml

+2 −14
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ services: 
      - ES_NODE_NAME=node-1

      - ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES=1

      - ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=elasticsearch-1

      - ES_XPACK_SECURITY_ENABLED=true

    ports:

      - target: ${PORT1}

        published: ${PORT1}
@@ -15,20 +16,7 @@ services: 
      - target: ${PORT2}

        published: ${PORT2}

        mode: host

    deploy:

      mode: replicated

      replicas: 1

      restart_policy:

        condition: on-failure

        delay: 1m

        window: 3m

      resources:

        limits:

          cpus: '1'

          memory: 1G

        reservations:

          memory: 820M



volumes:

  elasticsearch-vol:

    name: elasticsearch-vol
 
    name: ${ELASTICSEARCH_VOL_NAME:-elasticsearch-reloaded-vol}

deploy/docker-compose.elasticsearch-1.prod.yml

+6 −12
Original line number Diff line number Diff line
@@ -8,23 +8,17 @@ services: 
      - ES_NODE_NAME={{.Service.Name}}

      - ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=['elasticsearch-1', 'elasticsearch-2', 'elasticsearch-3']

      - USER_MANAGEMENT_DELAY=200

      - ES_XPACK_SECURITY_ENABLED

    healthcheck:

      test: curl --silent localhost:${PORT}/_cluster/health

      timeout: 10s

      retries: 3

      start_period: 2m

    deploy:

      mode: replicated

      replicas: 1

      placement:

        constraints:

          - node.role == worker

          - engine.labels.availability_zone == ${AWS_REGION}a

      restart_policy:

        condition: on-failure

        delay: 1m

        window: 3m

      resources:

        limits:

          cpus: '1'

          memory: 2G

        reservations:

          memory: 1639M



volumes:

  elasticsearch-vol:

deploy/docker-compose.elasticsearch-1.tmpl.yml

+15 −7
Original line number Diff line number Diff line
@@ -17,13 +17,21 @@ services: 
      - ELASTIC_USER

      - ELASTIC_USER_PASS

      - ELASTIC_USER_ROLE

    #healthcheck:

      #test: >

        #status=$$(curl --write-out %{http_code} --silent --output /dev/null -u "${ELASTIC_USER}:${ELASTIC_USER_PASS}" localhost:${PORT1}/_cluster/health);

        #[ "$${status}" -eq "200" ] || [ "$${status}" -eq "401" ]

      #timeout: 10s

      #retries: 3

      #start_period: 2m

      - AWS_ACCESS_KEY_ID

      - AWS_SECRET_ACCESS_KEY

    deploy:

      mode: replicated

      replicas: 1

      restart_policy:

        condition: on-failure

        delay: 1m

        window: 3m

      resources:

        limits:

          cpus: '1'

          memory: 1G

        reservations:

          memory: 820M



networks:

  elastic-net: