Merge branch 'main' into 958-bug-backend-config

GenerateNU · Jun 4, 2024 · 5f29661 · 5f29661
2 parents e573f6b + cd13752
commit 5f29661
Show file tree

Hide file tree

Showing 7 changed files with 97 additions and 60 deletions.
diff --git a/backend/Dockerfile.redis b/backend/Dockerfile.redis
@@ -0,0 +1,6 @@
+FROM redis:latest
+
+COPY redis_entrypoint.sh /usr/local/bin/redis_entrypoint.sh
+RUN chmod +x /usr/local/bin/redis_entrypoint.sh
+
+ENTRYPOINT ["redis_entrypoint.sh"]
diff --git a/backend/Dockerfile → backend/Dockerfile.server b/backend/Dockerfile → backend/Dockerfile.server
diff --git a/backend/database/store/redis.go b/backend/database/store/redis.go
@@ -25,9 +25,9 @@ func NewStores(limiter LimiterInterface, blacklist BlacklistInterface, activeTok
 
 func ConfigureRedis(settings config.Settings) *Stores {
 	stores := NewStores(
-		NewLimiter(NewRedisClient(settings.RedisLimiter.Username, settings.RedisLimiter.Host, settings.RedisLimiter.Port, settings.RedisLimiter.Password, settings.RedisLimiter.DB)),
-		NewBlacklist(NewRedisClient(settings.RedisBlacklist.Username, settings.RedisBlacklist.Host, settings.RedisBlacklist.Port, settings.RedisBlacklist.Password, settings.RedisBlacklist.DB)),
-		NewActiveToken(NewRedisClient(settings.RedisActiveTokens.Username, settings.RedisActiveTokens.Host, settings.RedisActiveTokens.Port, settings.RedisActiveTokens.Password, settings.RedisActiveTokens.DB)),
+		NewLimiter(NewRedisClient(settings.RedisLimiter.Username, settings.RedisLimiter.Password, settings.RedisLimiter.Host, settings.RedisLimiter.Port, settings.RedisLimiter.DB)),
+		NewBlacklist(NewRedisClient(settings.RedisBlacklist.Username, settings.RedisBlacklist.Password, settings.RedisBlacklist.Host, settings.RedisBlacklist.Port, settings.RedisBlacklist.DB)),
+		NewActiveToken(NewRedisClient(settings.RedisActiveTokens.Username, settings.RedisActiveTokens.Password, settings.RedisActiveTokens.Host, settings.RedisActiveTokens.Port, settings.RedisActiveTokens.DB)),
 	)
 
 	MustEstablishConn()

diff --git a/backend/database/store/store.go b/backend/database/store/store.go
@@ -26,15 +26,16 @@ type RedisClient struct {
 	client *redis.Client
 }
 
-func NewRedisClient(username, host string, port uint, password *m.Secret[string], db int) *RedisClient {
+func NewRedisClient(username string, password *m.Secret[string], host string, port uint, db int) *RedisClient {
 	client := redis.NewClient(&redis.Options{
-		Username:       username,
-		Addr:           fmt.Sprintf("%s:%d", host, port),
-		Password:       password.Expose(),
-		DB:             db,
-		PoolSize:       10 * runtime.GOMAXPROCS(0),
-		MaxActiveConns: constants.REDIS_MAX_OPEN_CONNECTIONS,
-		MaxIdleConns:   constants.REDIS_MAX_IDLE_CONNECTIONS,
+		Username:              username,
+		Password:              password.Expose(),
+		Addr:                  fmt.Sprintf("%s:%d", host, port),
+		DB:                    db,
+		PoolSize:              10 * runtime.GOMAXPROCS(0),
+		MaxActiveConns:        constants.REDIS_MAX_OPEN_CONNECTIONS,
+		MaxIdleConns:          constants.REDIS_MAX_IDLE_CONNECTIONS,
+		ContextTimeoutEnabled: true,
 	})
 
 	return &RedisClient{

diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml
@@ -1,35 +1,88 @@
 services:
   redis-active-tokens:
-    image: redis/redis-stack-server:latest
+    build:
+      context: .
+      dockerfile: Dockerfile.redis
     container_name: redis_active_tokens
     ports:
       - 6379:6379
     environment:
-      - REDIS_PASSWORD=redispassword!#1
+      - REDIS_USERNAME=redis_active_tokens
+      - REDIS_PASSWORD=redis_active_tokens!#1
+      - REDIS_DISABLE_DEFAULT_USER="true"
     volumes:
       - redis-active-data:/data
 
   redis-blacklist:
-    image: redis/redis-stack-server:latest
+    build:
+      context: .
+      dockerfile: Dockerfile.redis
     container_name: redis_blacklist
     ports:
       - 6380:6379
     environment:
-      - REDIS_PASSWORD=redispassword!#2
+      - REDIS_USERNAME=redis_blacklist
+      - REDIS_PASSWORD=redis_blacklist!#2
+      - REDIS_DISABLE_DEFAULT_USER="true"
     volumes:
       - redis-blacklist-data:/data
 
   redis-limiter:
-    image: redis/redis-stack-server:latest
+    build:
+      context: .
+      dockerfile: Dockerfile.redis
     container_name: redis_limiter
     ports:
       - 6381:6379
     environment:
-      - REDIS_PASSWORD=redispassword!#3
+      - REDIS_USERNAME=redis_limiter
+      - REDIS_PASSWORD=redis_limiter!#3
+      - REDIS_DISABLE_DEFAULT_USER="true"
     volumes:
       - redis-limiter-data:/data
 
+  opensearch-node1:
+    image: opensearchproject/opensearch:latest
+    container_name: opensearch-node1
+    environment:
+      - cluster.name=opensearch-cluster
+      - node.name=opensearch-node1
+      - discovery.type=single-node
+      - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
+      - DISABLE_SECURITY_PLUGIN=true #
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
+        hard: 65536
+    volumes:
+      - opensearch-data1:/usr/share/opensearch/data
+    ports:
+      - 9200:9200
+      - 9600:9600 # required for Performance Analyzer
+    networks:
+      - opensearch-net
+  opensearch-dashboards:
+    image: opensearchproject/opensearch-dashboards:latest
+    container_name: opensearch-dashboards
+    ports:
+      - 5601:5601
+    expose:
+      - "5601"
+    environment:
+      OPENSEARCH_HOSTS: '["http://opensearch-node1:9200"]'
+      DISABLE_SECURITY_DASHBOARDS_PLUGIN: true
+    networks:
+      - opensearch-net
+
 volumes:
   redis-active-data:
   redis-blacklist-data:
   redis-limiter-data:
+  opensearch-data1:
+
+networks:
+  opensearch-net:
diff --git a/backend/redis_entrypoint.sh b/backend/redis_entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# set up redis configuration directory
+mkdir -p /usr/local/etc/redis
+
+# dynamically generate redis configuration and ACL files here, using environment variables
+echo "aclfile /usr/local/etc/redis/custom_aclfile.acl" > /usr/local/etc/redis/redis.conf
+
+# generate ACL file using environment variables
+if [ -n ${REDIS_USERNAME} ] && [ -n ${REDIS_PASSWORD} ]; then
+    echo "user ${REDIS_USERNAME} on allkeys allchannels allcommands >${REDIS_PASSWORD} " > /usr/local/etc/redis/custom_aclfile.acl
+fi
+
+# disable default user
+if [ $(echo ${REDIS_DISABLE_DEFAULT_USER}) == "true" ]; then
+    echo "user default off nopass nocommands" >> /usr/local/etc/redis/custom_aclfile.acl
+fi
+
+# call the original docker entrypoint script with redis-server and the path to the custom redis configuration
+exec docker-entrypoint.sh redis-server /usr/local/etc/redis/redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml