tzssangglass commented on code in PR #7099:
URL: https://github.com/apache/apisix/pull/7099#discussion_r907938163
##########
ci/pod/docker-compose.yml:
##########
@@ -424,6 +424,126 @@ services:
SPLUNK_HEC_TOKEN: "BD274822-96AA-4DA6-90EC-18940FB2414C"
SPLUNK_HEC_SSL: "False"
+ # Elasticsearch Single Service
+ es-setup:
+ image: elasticsearch:${STACK_VERSION}
+ volumes:
+ - certs:/usr/share/elasticsearch/config/certs
+ user: "0"
+ command: >
+ bash -c '
+ if [ x${ELASTIC_PASSWORD} == x ]; then
+ echo "Set the ELASTIC_PASSWORD environment variable in the .env
file";
+ exit 1;
+ elif [ x${KIBANA_PASSWORD} == x ]; then
+ echo "Set the KIBANA_PASSWORD environment variable in the .env file";
+ exit 1;
+ fi;
+ if [ ! -f config/certs/ca.zip ]; then
+ echo "Creating CA";
+ bin/elasticsearch-certutil ca --silent --pem -out
config/certs/ca.zip;
+ unzip config/certs/ca.zip -d config/certs;
+ fi;
+ if [ ! -f config/certs/certs.zip ]; then
+ echo "Creating certs";
+ echo -ne \
+ "instances:\n"\
+ " - name: es01\n"\
+ " dns:\n"\
+ " - es01\n"\
+ " - localhost\n"\
+ " ip:\n"\
+ " - 127.0.0.1\n"\
+ > config/certs/instances.yml;
+ bin/elasticsearch-certutil cert --silent --pem -out
config/certs/certs.zip --in config/certs/instances.yml --ca-cert
config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
+ unzip config/certs/certs.zip -d config/certs;
+ fi;
+ echo "Setting file permissions"
+ chown -R root:root config/certs;
+ find . -type d -exec chmod 750 \{\} \;;
+ find . -type f -exec chmod 640 \{\} \;;
+ echo "Waiting for Elasticsearch availability";
+ until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep
-q "missing authentication credentials"; do sleep 30; done;
+ echo "Setting kibana_system password";
+ until curl -s -X POST --cacert config/certs/ca/ca.crt -u
elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json"
https://es01:9200/_security/user/kibana_system/_password -d
"{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
+ echo "All done!";
+ '
+ healthcheck:
+ test: [ "CMD-SHELL", "[ -f config/certs/es01/es01.crt ]" ]
+ interval: 1s
+ timeout: 5s
+ retries: 120
+
+ es01:
+ depends_on:
+ es-setup:
+ condition: service_healthy
+ image: elasticsearch:${STACK_VERSION}
+ volumes:
+ - certs:/usr/share/elasticsearch/config/certs
+ - esdata:/usr/share/elasticsearch/data
+ ports:
+ - ${ES_PORT}:9200
+ environment:
+ - node.name=es01
+ - cluster.name=${CLUSTER_NAME}
+ - cluster.initial_master_nodes=es01
+ - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
+ - bootstrap.memory_lock=true
+ - xpack.security.enabled=true
+ - xpack.security.http.ssl.enabled=true
+ - xpack.security.http.ssl.key=certs/es01/es01.key
+ - xpack.security.http.ssl.certificate=certs/es01/es01.crt
+ - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
+ - xpack.security.http.ssl.verification_mode=certificate
+ - xpack.security.transport.ssl.enabled=true
+ - xpack.security.transport.ssl.key=certs/es01/es01.key
+ - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
+ - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
+ - xpack.security.transport.ssl.verification_mode=certificate
+ - xpack.license.self_generated.type=${LICENSE}
+ mem_limit: ${MEM_LIMIT}
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ healthcheck:
+ test:
+ [
+ "CMD-SHELL",
+ "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 |
grep -q 'missing authentication credentials'",
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ kibana:
Review Comment:
We don't need kibana in the CI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
