Testing configuration without certificates

ssmarco · Feb 7, 2024 · fa335ca · fa335ca
1 parent 21eef8d
commit fa335ca
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 48 deletions.
diff --git a/docker-compose.enterprise-search.yaml b/docker-compose.enterprise-search.yaml
@@ -23,45 +23,48 @@ services:
         restart: "no"
         command: >
             bash -c '
-                if [ ! -f /usr/share/elasticsearch/config/certs/ca.zip ]; then
-                    echo "Creating CA";
-                    bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
-                    unzip config/certs/ca.zip -d config/certs;
-                fi;
+                # if [ ! -f /usr/share/elasticsearch/config/certs/ca.zip ]; then
+                #     echo "Creating CA";
+                #     bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
+                #     unzip config/certs/ca.zip -d config/certs;
+                # fi;
 
-                if [ ! -f /usr/share/elasticsearch/config/certs/certs.zip ]; then
-                    echo "Creating certs";
-                    echo -ne \
-                      "instances:\n"\
-                      "  - name: elasticsearch\n"\
-                      "    dns:\n"\
-                      "      - elasticsearch\n"\
-                      "      - localhost\n"\
-                      "    ip:\n"\
-                      "      - 127.0.0.1\n"\
-                    > config/certs/instances.yml;
-
-                    bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
-                    unzip config/certs/certs.zip -d config/certs;
-                fi;
+                # if [ ! -f /usr/share/elasticsearch/config/certs/certs.zip ]; then
+                #     echo "Creating certs";
+                #     echo -ne \
+                #       "instances:\n"\
+                #       "  - name: elasticsearch\n"\
+                #       "    dns:\n"\
+                #       "      - elasticsearch\n"\
+                #       "      - localhost\n"\
+                #       "    ip:\n"\
+                #       "      - 127.0.0.1\n"\
+                #     > config/certs/instances.yml;
+                #
+                #     bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
+                #     unzip config/certs/certs.zip -d config/certs;
+                # fi;
 
                 echo "Setting file permissions"
-                chown -R root:root config/certs;
-                find . -type d -exec chmod 755 \{\} \;;
-                find . -type f -exec chmod 644 \{\} \;;
+                #chown -R root:root config/certs;
+                #find . -type d -exec chmod 755 \{\} \;;
+                #find . -type f -exec chmod 644 \{\} \;;
 
                 echo "Listing certificates"
-                ls -la config/certs/ca/ca.crt
-                ls -la config/certs/elasticsearch/elasticsearch.crt
+                #ls -la config/certs/ca/ca.crt
+                #ls -la config/certs/elasticsearch/elasticsearch.crt
 
                 echo "Waiting for Elasticsearch availability";
-                until curl -s --cacert config/certs/ca/ca.crt -u elastic:elastic https://elasticsearch:9200; do sleep 5 && date; done;
+                #until curl -s --cacert config/certs/ca/ca.crt -u elastic:elastic https://elasticsearch:9200; do sleep 5 && date; done;
+                until curl -s -u elastic:elastic http://elasticsearch:9200; do sleep 5 && date; done;
 
                 echo "Setting kibana_system password";
-                until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:elastic -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"elastic\"}" | grep -q "^{}"; do sleep 5 && date ; done;
+                #until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:elastic -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"elastic\"}" | grep -q "^{}"; do sleep 5 && date ; done;
+                until curl -s -X POST -u elastic:elastic -H "Content-Type: application/json" http://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"elastic\"}" | grep -q "^{}"; do sleep 5 && date ; done;
 
                 echo "Testing kibana_system user";
-                until curl -s --cacert config/certs/ca/ca.crt -u kibana_system:elastic https://elasticsearch:9200; do sleep 5 && date; done;
+                #until curl -s --cacert config/certs/ca/ca.crt -u kibana_system:elastic https://elasticsearch:9200; do sleep 5 && date; done;
+                until curl -s -u kibana_system:elastic http://elasticsearch:9200; do sleep 5 && date; done;
 
                 echo "Exit in 5 minutes"
                 for i in {1..5}; do date && sleep 60; done
@@ -87,6 +90,13 @@ services:
             com.ddev.approot: $DDEV_APPROOT
         environment:
             - ELASTIC_PASSWORD=elastic
+            - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+            - VIRTUAL_HOST=$DDEV_HOSTNAME
+            - HTTP_EXPOSE=9200:9200
+            - HTTPS_EXPOSE=9201:9200
+            - cluster.name=docker-cluster
+            - discovery.type=single-node
+            - bootstrap.memory_lock=true
         mem_limit: 1073741824
         ulimits:
             memlock:
@@ -131,7 +141,7 @@ services:
 
     enterprisesearch:
         depends_on:
-            - kibana
+            #- kibana
             - elasticsearch
         container_name: ddev-${DDEV_SITENAME}-enterprisesearch
         hostname: ${DDEV_SITENAME}-enterprisesearch
@@ -174,3 +184,4 @@ volumes:
     elastic-data:
     elastic-kibana:
     enterprise-data:
+    elasticsearch:
diff --git a/enterprise-search/config.yml b/enterprise-search/config.yml
@@ -3,8 +3,8 @@
 
 elasticsearch.username: elastic
 elasticsearch.password: elastic
-elasticsearch.host: https://elasticsearch:9200
-elasticsearch.ssl.enabled: true
+elasticsearch.host: http://elasticsearch:9200
+elasticsearch.ssl.enabled: false
 kibana.host: http://kibana:5601
 kibana.external_url: http://kibana:5601
 skip_read_only_check: true
@@ -15,4 +15,4 @@ ent_search.listen_port: 3002
 
 secret_management.encryption_keys:
   [thequickbrownfoxjumpsoverthelazydog1cozylummoxgivessmartsquidwho]
-elasticsearch.ssl.certificate_authority: /usr/share/enterprise-search/config/certs/ca/ca.crt
+# elasticsearch.ssl.certificate_authority: /usr/share/enterprise-search/config/certs/ca/ca.crt
diff --git a/enterprise-search/elasticsearch.yml b/enterprise-search/elasticsearch.yml
@@ -22,14 +22,14 @@ xpack.security.enrollment.enabled: true
 xpack.security.authc.api_key.enabled: true
 xpack.security.autoconfiguration.enabled: true
 bootstrap.memory_lock: true
-xpack.security.http.ssl.enabled: true
-xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
-xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
-xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
-xpack.security.http.ssl.verification_mode: certificate
-xpack.security.transport.ssl.enabled: true
-xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key
-xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt
-xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
-xpack.security.transport.ssl.verification_mode: certificate
+xpack.security.http.ssl.enabled: false
+# xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
+# xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
+# xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
+# xpack.security.http.ssl.verification_mode: certificate
+xpack.security.transport.ssl.enabled: false
+# xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key
+# xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt
+# xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
+# xpack.security.transport.ssl.verification_mode: certificate
 xpack.license.self_generated.type: basic
diff --git a/enterprise-search/kibana.yml b/enterprise-search/kibana.yml
@@ -15,16 +15,14 @@ server.port: 5601
 elasticsearch.username: kibana_system
 elasticsearch.password: elastic
 
-elasticsearch.hosts: ["https://elasticsearch:9200"]
+elasticsearch.hosts: ["http://elasticsearch:9200"]
 enterpriseSearch.host: "http://enterprisesearch:3002"
-server.publicBaseUrl: "https://elasticsearch:9200"
+server.publicBaseUrl: "http://elasticsearch:9200"
 
 # Enables you to specify a path to the PEM file for the certificate
 # authority for your Elasticsearch instance.
-elasticsearch.ssl.certificateAuthorities:
-  ["/usr/share/kibana/config/certs/ca/ca.crt"]
-enterpriseSearch.ssl.certificateAuthorities:
-  ["/usr/share/kibana/config/certs/ca/ca.crt"]
+#elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"]
+#enterpriseSearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"]
 
 # To disregard the validity of SSL certificates, change this setting's value to 'none'.
 elasticsearch.ssl.verificationMode: none