[RORDEV-616] ROR ECK quickstart improvements (#971)

sscarduzio · Feb 4, 2024 · 488e872 · 488e872
1 parent 25f8dd8
commit 488e872
Show file tree

Hide file tree

Showing 20 changed files with 163 additions and 116 deletions.
diff --git a/eck/eck-ror-bootstrap.sh → docker-envs/eck/eck-ror-bootstrap.sh b/eck/eck-ror-bootstrap.sh → docker-envs/eck/eck-ror-bootstrap.sh
diff --git a/eck/eck-ror-cleanup.sh → docker-envs/eck/eck-ror-cleanup.sh b/eck/eck-ror-cleanup.sh → docker-envs/eck/eck-ror-cleanup.sh
diff --git a/eck/kind-cluster/bootstrap-eck.sh → ...er-envs/eck/kind-cluster/bootstrap-eck.sh b/eck/kind-cluster/bootstrap-eck.sh → ...er-envs/eck/kind-cluster/bootstrap-eck.sh
diff --git a/eck/kind-cluster/kind-cluster-config.yml → .../eck/kind-cluster/kind-cluster-config.yml b/eck/kind-cluster/kind-cluster-config.yml → .../eck/kind-cluster/kind-cluster-config.yml
diff --git a/eck/kind-cluster/ror/es-np.yml → docker-envs/eck/kind-cluster/ror/es-np.yml b/eck/kind-cluster/ror/es-np.yml → docker-envs/eck/kind-cluster/ror/es-np.yml
diff --git a/docker-envs/eck/kind-cluster/ror/es.yml b/docker-envs/eck/kind-cluster/ror/es.yml
@@ -0,0 +1,86 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: quickstart
+spec:
+  version: 8.11.3
+  nodeSets:
+    - name: default
+      count: 2
+      podTemplate:
+        spec:
+          securityContext:
+            runAsUser: 1000
+          containers:
+            - name: elasticsearch
+              env:
+                - name: INTERNAL_USR_PASS
+                  valueFrom:
+                    secretKeyRef:
+                      name: quickstart-es-internal-users
+                      key: elastic-internal
+                - name: INTERNAL_PROBE_PASS
+                  valueFrom:
+                    secretKeyRef:
+                      name: quickstart-es-internal-users
+                      key: elastic-internal-probe
+                - name: KIBANA_SERVICE_ACCOUNT_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: quickstart-kibana-user
+                      key: token
+                - name: ES_JAVA_OPTS
+                  value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8888
+              volumeMounts:
+                - name: elasticsearch-modules
+                  mountPath: /usr/share/elasticsearch/modules
+                - name: elasticsearch-lib
+                  mountPath: /usr/share/elasticsearch/lib
+                - name: config-ror
+                  mountPath: /usr/share/elasticsearch/config/readonlyrest.yml
+                  subPath: readonlyrest.yml
+                - name: config-log4j2
+                  mountPath: /usr/share/elasticsearch/config/log4j2.properties
+                  subPath: log4j2.properties
+          initContainers:
+            - name: sysctl
+              securityContext:
+                runAsUser: 0
+                privileged: true
+              command: [ 'sh', '-c', 'sysctl -w vm.max_map_count=262144' ]
+            - name: install-ror-es-plugin
+              securityContext:
+                allowPrivilegeEscalation: false
+                runAsUser: 0
+              command:
+                - "/bin/bash"
+                - "-c"
+                - |
+                  set -e
+                  
+                  /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch "https://api.beshu.tech/download/es?edition=es&esVersion=$ES_VERSION&email=eck-example%40readonlyrest.com"
+                  /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch
+                  
+                  cp -r /usr/share/elasticsearch/modules /target/usr/share/elasticsearch
+                  cp -r /usr/share/elasticsearch/lib /target/usr/share/elasticsearch
+              env:
+                - name: ES_VERSION
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.labels['elasticsearch.k8s.elastic.co/version']
+              volumeMounts:
+                - name: elasticsearch-modules
+                  mountPath: /target/usr/share/elasticsearch/modules
+                - name: elasticsearch-lib
+                  mountPath: /target/usr/share/elasticsearch/lib
+          volumes:
+            - name: elasticsearch-modules
+              emptyDir: { }
+            - name: elasticsearch-lib
+              emptyDir: { }
+            - name: config-ror
+              configMap:
+                name: config-readonlyrest.yml
+            - name: config-log4j2
+              configMap:
+                name: config-log4j2.properties.yml
diff --git a/eck/kind-cluster/ror/kbn-np.yml → docker-envs/eck/kind-cluster/ror/kbn-np.yml b/eck/kind-cluster/ror/kbn-np.yml → docker-envs/eck/kind-cluster/ror/kbn-np.yml
diff --git a/docker-envs/eck/kind-cluster/ror/kbn.yml b/docker-envs/eck/kind-cluster/ror/kbn.yml
@@ -0,0 +1,68 @@
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: quickstart
+spec:
+  version: 8.11.3
+  count: 2
+  elasticsearchRef:
+    name: quickstart
+  config:
+    readonlyrest_kbn.store_sessions_in_index: true
+    readonlyrest_kbn.cookiePass: "12345678901234567890123456789012345678901234567890"
+    readonlyrest_kbn.logLevel: "info"
+  podTemplate:
+    spec:
+      securityContext:
+        runAsUser: 1000
+      containers:
+        - name: kibana
+          volumeMounts:
+            - name: kibana-plugins
+              mountPath: /usr/share/kibana/plugins
+            - name: kibana-node-modules-kbn
+              mountPath: /usr/share/kibana/node_modules/@kbn
+            - name: kibana-src
+              mountPath: /usr/share/kibana/src
+            - name: kibana-xpack-plugins
+              mountPath: /usr/share/kibana/x-pack/plugins
+      initContainers:
+        - name: install-ror-kbn-plugin
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 0
+          command:
+            - "/bin/bash"
+            - "-c"
+            - |
+              set -e
+              
+              /usr/share/kibana/bin/kibana-plugin install "https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&edition=kbn_universal&email=eck-example%40readonlyrest.com"
+              /usr/share/kibana/node/bin/node /usr/share/kibana/plugins/readonlyrestkbn/ror-tools.js patch
+              
+              cp -r /usr/share/kibana/node_modules/@kbn /target/usr/share/kibana/node_modules
+              cp -r /usr/share/kibana/src /target/usr/share/kibana
+              cp -r /usr/share/kibana/x-pack/plugins /target/usr/share/kibana/x-pack
+          env:
+            - name: KBN_VERSION
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['kibana.k8s.elastic.co/version']
+          volumeMounts:
+            - name: kibana-plugins
+              mountPath: /usr/share/kibana/plugins
+            - name: kibana-node-modules-kbn
+              mountPath: /target/usr/share/kibana/node_modules/@kbn
+            - name: kibana-src
+              mountPath: /target/usr/share/kibana/src
+            - name: kibana-xpack-plugins
+              mountPath: /target/usr/share/kibana/x-pack/plugins
+      volumes:
+        - name: kibana-plugins
+          emptyDir: { }
+        - name: kibana-node-modules-kbn
+          emptyDir: { }
+        - name: kibana-src
+          emptyDir: { }
+        - name: kibana-xpack-plugins
+          emptyDir: { }
diff --git a/eck/kind-cluster/ror/log4j2.properties.yml → ...ck/kind-cluster/ror/log4j2.properties.yml b/eck/kind-cluster/ror/log4j2.properties.yml → ...ck/kind-cluster/ror/log4j2.properties.yml
@@ -4,7 +4,7 @@ data:
     status=error
     
     logger.action.name=org.elasticsearch.action
-    logger.action.level=debug
+    logger.action.level=info
     appender.console.type=Console
     appender.console.name=console
     appender.console.layout.type=PatternLayout
@@ -19,7 +19,7 @@ data:
     appender.rolling.policies.time.type=TimeBasedTriggeringPolicy
     appender.rolling.policies.time.interval=1
     appender.rolling.policies.time.modulate=true
-    rootLogger.level=debug
+    rootLogger.level=info
     rootLogger.appenderRef.console.ref=console
     rootLogger.appenderRef.rolling.ref=rolling
     appender.deprecation_rolling.type=RollingFile
@@ -72,4 +72,4 @@ data:
 
 kind: ConfigMap
 metadata:
-  name: log4j2-config
+  name: config-log4j2.properties.yml
diff --git a/eck/kind-cluster/ror/ror-initial-config.yml → ...k/kind-cluster/ror/ror-initial-config.yml b/eck/kind-cluster/ror/ror-initial-config.yml → ...k/kind-cluster/ror/ror-initial-config.yml
@@ -26,8 +26,9 @@ data:
          type: allow
          auth_key: "user1:test"
          indices: ["kibana_sample*"]
-         kibana_access: ro
+         kibana:
+           access: ro
 
 kind: ConfigMap
 metadata:
-  name: ror-config
+  name: config-readonlyrest.yml
diff --git a/eck/readme.md → docker-envs/eck/readme.md b/eck/readme.md → docker-envs/eck/readme.md
diff --git a/eck/images/Dockerfile-es b/eck/images/Dockerfile-es
diff --git a/eck/images/Dockerfile-kbn b/eck/images/Dockerfile-kbn
diff --git a/eck/images/build-ror-es-image.sh b/eck/images/build-ror-es-image.sh
diff --git a/eck/images/build-ror-kbn-image.sh b/eck/images/build-ror-kbn-image.sh
diff --git a/eck/kind-cluster/ror/es-debug-service.yml b/eck/kind-cluster/ror/es-debug-service.yml
diff --git a/eck/kind-cluster/ror/es.yml b/eck/kind-cluster/ror/es.yml
diff --git a/eck/kind-cluster/ror/kbn.yml b/eck/kind-cluster/ror/kbn.yml
diff --git a/eck/todo.md b/eck/todo.md
diff --git a/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala b/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala
@@ -25,6 +25,9 @@ import scala.util.Try
 
 object RorToolsApp {
 
+  // todo:
+  // 1. option: return success when already patched/unpatched
+  // 2. restore backup when fails to patch
   def main(args: Array[String]): Unit = {
     OParser
       .parse(parser, args, Config(Command.Verify(None)))