From cf4f9689a6cbff23578a52fe61a977ddca6634d5 Mon Sep 17 00:00:00 2001 From: Marco Hermo Date: Thu, 8 Feb 2024 09:41:59 +1300 Subject: [PATCH] Cleanup w/o certs --- README.md | 5 +- docker-compose.enterprise-search.yaml | 71 ++++----------------------- enterprise-search/config.yml | 1 - enterprise-search/elasticsearch.yml | 12 +---- enterprise-search/kibana.yml | 5 -- 5 files changed, 14 insertions(+), 80 deletions(-) diff --git a/README.md b/README.md index c0a9a7f..123e1db 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ ddev-enterprise-search is the un-official implementation of Elastic Enterprise S Enterprise Search is an additional Elastic service that adds APIs and UIs to those already provided by Elasticsearch and Kibana. -Currently sitting at version 8.12.0, part of the implementation as a service for DDEV includes Elastic Search and Kibana containers. -This means that to use this service, existing Elastic and Kibana servies needs to be uninstalled in your project. +Currently sitting at version 8.12.0, part of the implementation as a service for DDEV includes Kibana container. +This means that to use this service, existing Kibana service needs to be uninstalled in your project and should install the supported Elastic Search from DDEV. From your DDEV project, install this by running `ddev get ssmarco/ddev-enterprise-search` then `ddev restart`. This will take up to 30 minutes or so due when downloading the required docker containers (Elastic Search, Kibana and Enterprise Search). @@ -26,6 +26,7 @@ This will take up to 30 minutes or so due when downloading the required docker c 1. In the DDEV project directory launch the command: ``` +ddev get ddev/ddev-elasticsearch ddev get ssmarco/ddev-enterprise-search ``` diff --git a/docker-compose.enterprise-search.yaml b/docker-compose.enterprise-search.yaml index 10e6f78..de3f159 100644 --- a/docker-compose.enterprise-search.yaml +++ b/docker-compose.enterprise-search.yaml @@ -23,47 +23,13 @@ services: restart: "no" command: > bash -c ' - # if [ ! -f /usr/share/elasticsearch/config/certs/ca.zip ]; then - # echo "Creating CA"; - # bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; - # unzip config/certs/ca.zip -d config/certs; - # fi; - - # if [ ! -f /usr/share/elasticsearch/config/certs/certs.zip ]; then - # echo "Creating certs"; - # echo -ne \ - # "instances:\n"\ - # " - name: elasticsearch\n"\ - # " dns:\n"\ - # " - elasticsearch\n"\ - # " - localhost\n"\ - # " ip:\n"\ - # " - 127.0.0.1\n"\ - # > config/certs/instances.yml; - # - # bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; - # unzip config/certs/certs.zip -d config/certs; - # fi; - - echo "Setting file permissions" - #chown -R root:root config/certs; - #find . -type d -exec chmod 755 \{\} \;; - #find . -type f -exec chmod 644 \{\} \;; - - echo "Listing certificates" - #ls -la config/certs/ca/ca.crt - #ls -la config/certs/elasticsearch/elasticsearch.crt - echo "Waiting for Elasticsearch availability"; - #until curl -s --cacert config/certs/ca/ca.crt -u elastic:elastic https://elasticsearch:9200; do sleep 5 && date; done; until curl -s -u elastic:elastic http://elasticsearch:9200; do sleep 5 && date; done; echo "Setting kibana_system password"; - #until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:elastic -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"elastic\"}" | grep -q "^{}"; do sleep 5 && date ; done; until curl -s -X POST -u elastic:elastic -H "Content-Type: application/json" http://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"elastic\"}" | grep -q "^{}"; do sleep 5 && date ; done; echo "Testing kibana_system user"; - #until curl -s --cacert config/certs/ca/ca.crt -u kibana_system:elastic https://elasticsearch:9200; do sleep 5 && date; done; until curl -s -u kibana_system:elastic http://elasticsearch:9200; do sleep 5 && date; done; echo "Exit in 5 minutes" @@ -75,33 +41,23 @@ services: elasticsearch: depends_on: - elastic-config - # Name of container using standard ddev convention - container_name: ddev-${DDEV_SITENAME}-elasticsearch - hostname: ${DDEV_SITENAME}-elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + image: elasticsearch:8.12.0 volumes: - - ".:/mnt/ddev_config" - ./enterprise-search/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - elastic-certs:/usr/share/elasticsearch/config/certs - - elastic-data:/usr/share/elasticsearch/data - # These labels ensure this service is discoverable by ddev. - labels: - com.ddev.site-name: ${DDEV_SITENAME} - com.ddev.approot: $DDEV_APPROOT + - elasticsearch:/usr/share/elasticsearch/data environment: - - ELASTIC_PASSWORD=elastic + - cluster.name=docker-cluster + - discovery.type=single-node + - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - VIRTUAL_HOST=$DDEV_HOSTNAME - HTTP_EXPOSE=9200:9200 - HTTPS_EXPOSE=9201:9200 - - cluster.name=docker-cluster - - discovery.type=single-node - - bootstrap.memory_lock=true - mem_limit: 1073741824 - ulimits: - memlock: - soft: -1 - hard: -1 + - ELASTIC_PASSWORD=elastic + - KIBANA_PASSWORD=elastic + healthcheck: + disable: true kibana: depends_on: @@ -141,7 +97,6 @@ services: enterprisesearch: depends_on: - #- kibana - elasticsearch container_name: ddev-${DDEV_SITENAME}-enterprisesearch hostname: ${DDEV_SITENAME}-enterprisesearch @@ -160,14 +115,6 @@ services: - SERVERNAME=enterprisesearch - ELASTIC_PASSWORD=elastic - KIBANA_PASSWORD=elastic - - secret_management.encryption_keys=[thequickbrownfoxjumpsoverthelazydog1cozylummoxgivessmartsquidwho] - - allow_es_settings_modification=true - - elasticsearch.host=https://elasticsearch:9200 - - elasticsearch.username=elastic - - elasticsearch.password=elastic - - elasticsearch.ssl.enabled=true - - elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt - - kibana.external_url=http://kibana:5601 mem_limit: 1073741824 healthcheck: test: diff --git a/enterprise-search/config.yml b/enterprise-search/config.yml index a51fe96..d733fb2 100644 --- a/enterprise-search/config.yml +++ b/enterprise-search/config.yml @@ -15,4 +15,3 @@ ent_search.listen_port: 3002 secret_management.encryption_keys: [thequickbrownfoxjumpsoverthelazydog1cozylummoxgivessmartsquidwho] -# elasticsearch.ssl.certificate_authority: /usr/share/enterprise-search/config/certs/ca/ca.crt diff --git a/enterprise-search/elasticsearch.yml b/enterprise-search/elasticsearch.yml index 7e1b036..5cb48c1 100644 --- a/enterprise-search/elasticsearch.yml +++ b/enterprise-search/elasticsearch.yml @@ -8,28 +8,20 @@ cluster.name: "docker-cluster" node.name: elasticsearch discovery.type: "single-node" +bootstrap.memory_lock: true # https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#network.host network.host: 0.0.0.0 http.host: 0.0.0.0 transport.host: 0.0.0.0 http.port: 9200 + # Disable security features # https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#general-security-settings - xpack.security.enabled: true xpack.security.enrollment.enabled: true xpack.security.authc.api_key.enabled: true xpack.security.autoconfiguration.enabled: true -bootstrap.memory_lock: true xpack.security.http.ssl.enabled: false -# xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key -# xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt -# xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt -# xpack.security.http.ssl.verification_mode: certificate xpack.security.transport.ssl.enabled: false -# xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key -# xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt -# xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt -# xpack.security.transport.ssl.verification_mode: certificate xpack.license.self_generated.type: basic diff --git a/enterprise-search/kibana.yml b/enterprise-search/kibana.yml index 749be80..85cb941 100644 --- a/enterprise-search/kibana.yml +++ b/enterprise-search/kibana.yml @@ -19,11 +19,6 @@ elasticsearch.hosts: ["http://elasticsearch:9200"] enterpriseSearch.host: "http://enterprisesearch:3002" server.publicBaseUrl: "http://elasticsearch:9200" -# Enables you to specify a path to the PEM file for the certificate -# authority for your Elasticsearch instance. -#elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"] -#enterpriseSearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"] - # To disregard the validity of SSL certificates, change this setting's value to 'none'. elasticsearch.ssl.verificationMode: none enterpriseSearch.ssl.verificationMode: none