diff --git a/coolify-demo/.dockerignore b/coolify-demo/.dockerignore new file mode 100644 index 0000000..466949b --- /dev/null +++ b/coolify-demo/.dockerignore @@ -0,0 +1,3 @@ +.env +readme.md +docker-compose.* diff --git a/coolify-demo/.gitignore b/coolify-demo/.gitignore new file mode 100644 index 0000000..2eea525 --- /dev/null +++ b/coolify-demo/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file diff --git a/coolify-demo/build_starter.sh b/coolify-demo/build_starter.sh new file mode 100644 index 0000000..d6fb046 --- /dev/null +++ b/coolify-demo/build_starter.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +echo "🏃🏿‍♂️‍➡️ build_starter: installing dependencies" +# coolify-helper image uses Alpine +apk update && apk add jq curl + +echo "🏃🏿‍♂️‍➡️ build_starter: setting up environment variables" +source set_env_vars.sh + +echo "🏃🏿‍♂️‍➡️ build_starter: starting the 🐳 build" +docker compose build diff --git a/coolify-demo/conf/es/ca.crt b/coolify-demo/conf/es/ca.crt new file mode 100644 index 0000000..a663472 --- /dev/null +++ b/coolify-demo/conf/es/ca.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIUXHtIhBOyU0vug0Jd0kjUZntK6e8wDQYJKoZIhvcNAQEL +BQAwbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMB4XDTI0MTIyMjA3MTk1N1oXDTM0MTIyMDA3MTk1 +N1owbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAhE1ezdFslIwiGNTXr1Vbh0ar6W1l7l2fPnSxsZmGW+Pp/OwD03INeUVrsAU9 +CWMCjFUt/yKqpm48lZrAUyI7cUDEGl90XtaZ5MdlEIhIg6Az6bRD7YA0Xfb2k0EJ +HbNvDZ9mMX6mwuxqgrbpkuavvull8qxV6MAES1Ts6owTgQI4KhQ7Y8Q/5093MgxY +qgnPZzrOPa6alizu+q7Rr9zHmpKqSIK/JB8LlmPLbJMNAWyp8iiRHzt4LmlrNQF2 +3A+gvNVllnUn3zFAz6c+yKtfJcsj67+JFhLvloy7rqrOTf5/+jpEogQal8J5qqIs +I0Kex7l+gR9EFCOdCNbzBvmYBGyow7Rl3zWH3gWiiOdcN6Vdq9sREwd39L+3BT2d +S2RdLAu8kRGrlw/KJsXJUrRRRhDasxsz5XKXWUB64jxDdHjzNx3N2FHuH3yc/Kbq +Qsc3q6pVnysc14MtPtwKHA7eCyjalsh+Vq6njoKJlF6ptSPop0poU9kCfH5WE5wp +F0Xz8pA6cmjuGs5KoIYPN/36aLQ8QcPTtgZPFOBUrZUTTp+Bbd7W3vG/nWG6nRqR +ml0I6jTF6xq9AoJFemk6aXKvyZHKs2nH79aod9hSKRNrtZNJY/ZSsFbXbvSq9qri +SP5Hgdh1QUHgJjy4ohRDIUhuyDqCiPIG/KM9/9Vh90r+gRkCAwEAAaNTMFEwHQYD +VR0OBBYEFM+STMzYeJ3os3MlrPDbb4+NgpQEMB8GA1UdIwQYMBaAFM+STMzYeJ3o +s3MlrPDbb4+NgpQEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB +ABW1XECYHw+Prlwic+ZCpnF9jMsiy1ALzkE90l9Rkmi68ruJBAsZDkQKRXVTkOYO +RsS7bgZo7CavWKcuEaw/JbMH5D4TNvbziKhX6EuAR3GpdZZxGT2N4uasaCHPcAeT +JoLxOuzSsjSN3aPWXyNzis3z9aeJuYjbfzp0R7Gz/bTHSYV7hMNnEazE8itF4iQx +6/NkmL6twHOv1kPicpAXpjLswWPyUWZCj9TI9BpREJ1txyInhwBEKOgYBnQ2iwCU +RVE2OQjlSavkgf6wxkFQaiZJavB+ckO6aJTw5kcjB1wtZEUj+Ykg9v26LBiUzYPF +I0gQR7hcl8ku3mj5ujNbm/Tmi+P8sEq+l3MbrIVNipHQFxjSq6lfG4VXVdwurWl0 +8q0b4sVGvL+lowOne/NgAUmXJROWBu1/KkUIADpv74h8I2vdYDic4YM6wMPvTOGj +nrwLWiI0H4L2AqA5oTEdQOpqGHpierlgiy3etcjBwItjc5yqZioG3m70BSX21J6m +pDF2WkGoJArGVr6Y78oZqp01vYFRprfocmvcGm5fZZn0H8RnnEu47c5r3g3AG6sD +Q9BwmMDm9Xjz84OAGAcheZWHRZ856znzL3oUJIGskFX3U/Z6O6WjIVrwJodxUydr +2yLDrf3XKKQYY9d61GCjWI5o6VPpR+42lXuQWAMtaU9K +-----END CERTIFICATE----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.crt b/coolify-demo/conf/es/elasticsearch.crt new file mode 100644 index 0000000..3ee71e0 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5zCCAs+gAwIBAgIUBuxS2b5y2Q4NfK+HlNZ9FeNx+nEwDQYJKoZIhvcNAQEL +BQAwbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMB4XDTI0MTIyMjA3MjIxNFoXDTM0MTIyMDA3MjIx +NFowXTELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxDzANBgNVBAMMBmVzLXJv +cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/yBwMeUvUOA8Y7UAB8 +i94KkVnusNGLIO29SQzjfdzs9AjHZYdkwZw9KgtPs2oC/+WYdiqKn5IKWdl5iKqk +2knb+7bZROzeXnkdcNS6N9DUPsub4/a6iqJjN+FqadhkIaYaClRktE2oxjmt7iVu +5XUyXFO9McLRw48KULRE/RIUsqaOpfK6jeSOivI38Sam2R3aXUG+yF67MDNUWITp +ily3tOGUX9Bnn/S52bvXwc6ubwclE86WnCwDGrl0mG4cxTlJo/DkKiVTyJs/pskD +gSgzNMNrvjFjg30GsGNiTCH0UfQWR8tPq7E6lDCClalwHbn1USGn3gurz6V9bvTE +sE0CAwEAAaOBjTCBijAcBgNVHREEFTATggZlcy1yb3KCCWxvY2FsaG9zdDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgOoMB0GA1UdDgQW +BBTv2iDvnAwcJryknoX7wZjzUhFFvTAfBgNVHSMEGDAWgBTPkkzM2Hid6LNzJazw +22+PjYKUBDANBgkqhkiG9w0BAQsFAAOCAgEAdwKOiTPJbPu8H2vYng/r+w496sqZ +SOkKhrAk6dkcry5CxeopOKOrxGHUqRWnBRauM6MxXwWCKdb1rkIns3nXbJqkGge2 +DGJSlVTfUDGifUS2JTfwhb4eiQR9s902jP8nSOsNpk5IK78973jsias1OtW/geoP +a3kDQgaKUKEsplMBOq4DI8ijtGRP9npyeGr4gpPxpYaUDrC6JqPZnprEen+fafwx +kMlKPT420Re8U8KKq1hwLJ5xi5I5mmAXIncDLaxRPappEs8GXuaz/Fqh6mmgqTWk +vU2950ulsM+eI8bp/7NuTFoFVKhKvjXBb27jGafmFv66jn1nupUDXL7JH8waIeud +w5XyXHlAmm+8ZTSyBXiR5J/v+odTT8QHnNmoP48ZDMQgYy6i3mbKgXfuP/7G5Vfh +cUs+XkN2GNRRbkWBgdFSovBDmDZaf7aihBGOu1AX/4Oxz6/dZTCRuo6GGwf0tuJl +SiWz/XUDmVs4M+eAiKVl3Emkb01SgD6HS9fS0uuyrEahya4FAWrjzxTf9cD1IEOL +YhVFPTQH4l0gkEaO9582LVDcSmtwKVl56AvXU/vU0UaXLTbfcNYZDusAlUHrYg+R +hnS8TGNoN6NXZuqg8NEiDM+6HinIwZ1cCaxugThIWVpDq9+2FNYlW3/QQ1sP+Nko +V4yBt5pes2mUbbA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.key b/coolify-demo/conf/es/elasticsearch.key new file mode 100644 index 0000000..aef8f68 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/8gcDHlL1DgPG +O1AAfIveCpFZ7rDRiyDtvUkM433c7PQIx2WHZMGcPSoLT7NqAv/lmHYqip+SClnZ +eYiqpNpJ2/u22UTs3l55HXDUujfQ1D7Lm+P2uoqiYzfhamnYZCGmGgpUZLRNqMY5 +re4lbuV1MlxTvTHC0cOPClC0RP0SFLKmjqXyuo3kjoryN/Emptkd2l1BvsheuzAz +VFiE6Ypct7ThlF/QZ5/0udm718HOrm8HJRPOlpwsAxq5dJhuHMU5SaPw5ColU8ib +P6bJA4EoMzTDa74xY4N9BrBjYkwh9FH0FkfLT6uxOpQwgpWpcB259VEhp94Lq8+l +fW70xLBNAgMBAAECggEAHkKt0FQLiA65kZrwNeNsuYi4+ZCj16Uzf8eDqMCEqzvA +DVJCM2IzE8qgwj/CbUgjx7KNjo9kMMXo/Fwoq55pu5Muz9jZAO7dvgJiM2dYPVf4 +vmjJO7CVApzZxnPcU/0VQPaCAmQN+OBOv/EnxkcBbcSOwbTmD2y6g+aAaqslqp/K +Wc1ci/+H4iaevj5MrUAq7PelLzsMk+fZKfjipOgQMW9oxQ030XuDi4pR41qAvVO3 +YFvagoKweBAZ6vVMf2x3EFOtJTKk6aBL/VqsvVVVRURwmLqRsr5QvuJQgypS34QV +a3iqh70cR4GZ/WTCnotHZ1p0MjLMBT4EnG1L6lLXEQKBgQD5TkFQxswdUms5D3fR +FLmcJUUnqdY/0V6OmxtRY4VBIrFBIYaZHlv/xrJH6yGNTOBwbwTxKLNInGdosoFe +6f/0JWVfJ/qHrurnk0EAqB8R+PwCPswhpXbYQcAjBHjtGpCLtwuUdMpIpSE9t5mp +Yvap3GaJdjmSinoEAH/YvgcCbwKBgQDFGXlHdfbd8jZTpfhyPjUv9aUc2AbEPfbr +FrwicLYfkEKn+DMecIzwL0WTqCqOs3J/u214BZkeXruoopJPGqLZrjyJ8Q6mONUq +bjWztM/BSCYas+texNAjUpbx7iddAEeapCnFdwmynfEP7mK6cL9GzfOV5oZsNbi8 +nk2PSRtnAwKBgDUhj1v2siOBoCZN/JwLja8QZleYo3eAWGWN+tlym0CRczNNQNE7 +HiI5p18aZlEl1CNCFcyLfwH3izZN7LJcrlbK7XrFG2h1R8zIni7UpaJ/7L1RwtFc +4SIfiSItXtQxOCL+hLJD3aRzxMzRZycpVyZGOXgMQSLQ7kYSES0Q+o9zAoGATkpA +ElKZLK/5RGC4vyhWmCZK35ovlePHILp3IHcE4KS81VuRcpXiZcVhLbWuseA1qucY +JISUvauDfwiUdTdvWGgNQ/2sg/ovMht02V0I6Q1vlUvCQnKK+nzj2FVw7VAfIR30 +Oat+/qQeDOXz8Xq3f7hu+SwIWRM9vi5jQHcZm2ECgYEApIVmSxeLk4Rd20O/+qfU +h7R8twf66tY/fREockSyr70sfLI8tVFn3bBgK40iWRAdKNU2lv9i0TqZ54EujrB0 +e9y2GkzYWYzU+79eAlzjdgZ3warnTTGRbp0NloV4wIHB6mUGykVB53kXKIDyjvQG +Swi56SGrTE/zmC8gl25EgHc= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.yml b/coolify-demo/conf/es/elasticsearch.yml new file mode 100644 index 0000000..e723ed4 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.yml @@ -0,0 +1,33 @@ +cluster.name: ror-cluster +node.name: ror-es01 +network.host: 0.0.0.0 + +path.repo: /tmp/repositories + +# XPACK SSL +xpack.security.enabled: true +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.key: elasticsearch.key +xpack.security.http.ssl.certificate: elasticsearch.crt +xpack.security.http.ssl.certificate_authorities: ca.crt +xpack.security.http.ssl.verification_mode: certificate +xpack.security.http.ssl.client_authentication: optional +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.key: elasticsearch.key +xpack.security.transport.ssl.certificate: elasticsearch.crt +xpack.security.transport.ssl.certificate_authorities: ca.crt +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.client_authentication: optional + +# ROR SSL +#xpack.security.enabled: false +#http.type: ssl_netty4 +#readonlyrest.ssl.enable: true +#readonlyrest.ssl.keystore_file: "ror-keystore.jks" +#readonlyrest.ssl.keystore_pass: readonlyrest +#readonlyrest.ssl.key_pass: readonlyrest +#transport.type: ror_ssl_internode +#readonlyrest.ssl_internode.enable: true +#readonlyrest.ssl_internode.keystore_file: "ror-keystore.jks" +#readonlyrest.ssl_internode.keystore_pass: readonlyrest +#readonlyrest.ssl_internode.key_pass: readonlyrest diff --git a/coolify-demo/conf/es/readonlyrest.yml b/coolify-demo/conf/es/readonlyrest.yml new file mode 100644 index 0000000..b758e21 --- /dev/null +++ b/coolify-demo/conf/es/readonlyrest.yml @@ -0,0 +1,58 @@ +readonlyrest: + + audit: + enabled: true + outputs: [index] + + access_control_rules: + + - name: "KIBANA" + type: allow + auth_key: kibana:kibana + verbosity: error + + - name: "Admins" + groups: [Administrators] + kibana: + access: admin + + - name: "End users" + groups: ["EndUsers"] + indices: ["*-frontend-*", "kibana_sample_data_*"] + kibana: + index: .kibana_end_@{user} + access: rw + hide_apps: ["Security", "Observability"] + + - name: "Business users" + groups: ["BusinessUsers"] + indices: ["*-business-*", "kibana_sample_data_*"] + kibana: + index: .kibana_business_@{user} + access: ro + hide_apps: ["Security", "Observability"] + + users: + - username: admin + auth_key: admin:admin + groups: + - id: "Administrators" + name: "Administrators" + - id: "EndUsers" + name: "End Users" + - id: "BusinessUsers" + name: "Business Users" + + - username: user1 + auth_key: user1:test + groups: + - id: "EndUsers" + name: "End Users" + - id: "BusinessUsers" + name: "Business Users" + + - username: user2 + auth_key: user2:test + groups: + - id: "EndUsers" + name: "End Users" diff --git a/coolify-demo/conf/kbn/kibana.yml b/coolify-demo/conf/kbn/kibana.yml new file mode 100644 index 0000000..950d128 --- /dev/null +++ b/coolify-demo/conf/kbn/kibana.yml @@ -0,0 +1,13 @@ +server.name: kibana-ror +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +server.ssl.enabled: false + +xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" + +readonlyrest_kbn.logLevel: info +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' diff --git a/coolify-demo/docker-compose.local.yaml b/coolify-demo/docker-compose.local.yaml new file mode 100644 index 0000000..4993251 --- /dev/null +++ b/coolify-demo/docker-compose.local.yaml @@ -0,0 +1,17 @@ +services: + + es-ror: + networks: + - es-ror-network + + kbn-ror: + networks: + - es-ror-network + + initializer: + networks: + - es-ror-network + +networks: + es-ror-network: + driver: bridge diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml new file mode 100644 index 0000000..e265b1d --- /dev/null +++ b/coolify-demo/docker-compose.yaml @@ -0,0 +1,82 @@ +services: + + es-ror: + container_name: es-ror + env_file: ".env" + build: + context: . + dockerfile: images/es/Dockerfile + args: + ES_VERSION: ${ES_VERSION:-9.0.1} + ROR_ES_VERSION: ${ROR_ES_VERSION:-1.64.1} + ports: + - "19200:9200" + - "19300:9300" + - "5000:5000" + environment: + - cluster.name=ror-es-cluster + - node.name=es-ror-single + - discovery.type=single-node + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5000" + healthcheck: + test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "https://localhost:9200/_cluster/health" ] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + ulimits: + memlock: + soft: -1 + hard: -1 + + kbn-ror: + container_name: kbn-ror + env_file: ".env" + build: + context: . + dockerfile: images/kbn/Dockerfile + args: + KBN_VERSION: ${KBN_VERSION:-9.0.1} + ROR_KBN_VERSION: ${ROR_KBN_VERSION:-1.64.1} + depends_on: + es-ror: + condition: service_healthy + ports: + - "15601:5601" + environment: + ELASTICSEARCH_HOSTS: https://es-ror:9200 + ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY + healthcheck: + test: [ "CMD", "curl", "--fail", "-u", "kibana:kibana", "http://localhost:5601/api/status" ] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + ulimits: + memlock: + soft: -1 + hard: -1 + + initializer: + container_name: initializer + build: + context: . + dockerfile: images/cluster-initializer/Dockerfile + depends_on: + es-ror: + condition: service_healthy + kbn-ror: + condition: service_healthy + environment: + ELASTICSEARCH_ADDRESS: https://es-ror:9200 + ELASTICSEARCH_USER: kibana + ELASTICSEARCH_PASSWORD: kibana + healthcheck: + test: "test -f /tmp/init_done || exit 1" + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + volumes: + - ./init-scripts:/scripts:ro diff --git a/coolify-demo/images/cluster-initializer/Dockerfile b/coolify-demo/images/cluster-initializer/Dockerfile new file mode 100644 index 0000000..f93a723 --- /dev/null +++ b/coolify-demo/images/cluster-initializer/Dockerfile @@ -0,0 +1,10 @@ +FROM ubuntu:24.04 + +COPY images/cluster-initializer/entrypoint.sh /entrypoint.sh + +RUN chmod +x /entrypoint.sh && \ + apt-get update --fix-missing && \ + apt-get install -y jq curl && \ + rm -rf /var/lib/apt/lists/* + +ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file diff --git a/coolify-demo/images/cluster-initializer/entrypoint.sh b/coolify-demo/images/cluster-initializer/entrypoint.sh new file mode 100755 index 0000000..c3277df --- /dev/null +++ b/coolify-demo/images/cluster-initializer/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash -e + +cd /scripts + +for script in *.sh; do + if [ -f "$script" ]; then + echo "Running $script..." + bash "$script" + echo "--------------------------------" + fi +done + +touch /tmp/init_done +tail -f /dev/null diff --git a/coolify-demo/images/es/Dockerfile b/coolify-demo/images/es/Dockerfile new file mode 100644 index 0000000..7d338aa --- /dev/null +++ b/coolify-demo/images/es/Dockerfile @@ -0,0 +1,15 @@ +ARG ES_VERSION="please_set_ES_VERSION_arg" +ARG ROR_ES_VERSION="please_set_ROR_ES_VERSION_arg" + +FROM beshultd/elasticsearch-readonlyrest:${ES_VERSION}-ror-${ROR_ES_VERSION} + +USER root +COPY conf/es/readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml +COPY conf/es/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml +COPY conf/es/ca.crt /usr/share/elasticsearch/config/ca.crt +COPY conf/es/elasticsearch.crt /usr/share/elasticsearch/config/elasticsearch.crt +COPY conf/es/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key +RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config + +ENV I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes +# stay as root — official image's entrypoint patches ES then drops to elasticsearch user diff --git a/coolify-demo/images/kbn/Dockerfile b/coolify-demo/images/kbn/Dockerfile new file mode 100644 index 0000000..abcf237 --- /dev/null +++ b/coolify-demo/images/kbn/Dockerfile @@ -0,0 +1,12 @@ +ARG KBN_VERSION="please_set_KBN_VERSION_arg" +ARG ROR_KBN_VERSION="please_set_ROR_KBN_VERSION_arg" + +FROM beshultd/kibana-readonlyrest:${KBN_VERSION}-ror-${ROR_KBN_VERSION} + +USER root +COPY conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml +RUN chown -R kibana:kibana /usr/share/kibana/config \ + && chmod 664 /usr/share/kibana/config/kibana.yml + +ENV I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +# stay as root — official image's entrypoint patches Kibana then drops to kibana user diff --git a/coolify-demo/init-scripts/init.sh b/coolify-demo/init-scripts/init.sh new file mode 100644 index 0000000..545d6ee --- /dev/null +++ b/coolify-demo/init-scripts/init.sh @@ -0,0 +1,13 @@ +#!/bin/bash -ex + +set -o pipefail + +cd "$(dirname "$0")" + +source utils/lib.sh + +createDataStream "logs-frontend-dev" && generate_log_documents 100 | putDocument "logs-frontend-dev" +createDataStream "logs-business-dev" && generate_log_documents 100 | putDocument "logs-business-dev" +createDataStream "logs-system-dev" && generate_log_documents 100 | putDocument "logs-system-dev" + +createIndex "data-business-index" && generate_log_documents 100 | putDocument "data-business-index" \ No newline at end of file diff --git a/coolify-demo/init-scripts/utils/lib.sh b/coolify-demo/init-scripts/utils/lib.sh new file mode 100644 index 0000000..bde4c3a --- /dev/null +++ b/coolify-demo/init-scripts/utils/lib.sh @@ -0,0 +1,173 @@ +#!/bin/bash -ex + +function pick_randomly() { + local OPTIONS=("$@") + local COUNT=${#OPTIONS[@]} + local RANDOM_INDEX=$((RANDOM % COUNT)) + echo "${OPTIONS[$RANDOM_INDEX]}" +} + +function createIndex() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One parameter required: 1) index name" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + INDEX_NAME=$1 + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \ + -H "Content-Type: application/json" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create index [$INDEX_NAME]. HTTP status: $http_status, response body: $response_body" + return 5 + fi + + return 0 +} + +function createDataStream() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One parameter required: 1) data stream name" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + STREAM_NAME=$1 + TEMPLATE_NAME="${STREAM_NAME}-template" + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/_index_template/$TEMPLATE_NAME" \ + -H "Content-Type: application/json" -d "{ + \"index_patterns\": [\"$STREAM_NAME\"], + \"data_stream\": {}, + \"priority\": 500 + }" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create index template for data stream [$STREAM_NAME]. HTTP status: $http_status, response body: $response_body" + return 5 + fi + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/_data_stream/$STREAM_NAME" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create data stream [$STREAM_NAME]. HTTP status: $http_status, response body: $response_body" + return 6 + fi + + return 0 +} + +function putDocument() { + if [ "$#" -lt 1 ] || [ "$#" -gt 2 ]; then + echo "ERROR: Required: 1) index name, optionally 2) document JSON string (or via stdin)" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + INDEX_NAME=$1 + + if [ "$#" -eq 2 ]; then + putSingleDocument "$INDEX_NAME" "$2" + else + while IFS= read -r DOCUMENT_CONTENT; do + putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT" || return $? + done + fi +} + +function putSingleDocument() { + INDEX_NAME=$1 + DOCUMENT_CONTENT=$2 + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X POST "$ELASTICSEARCH_ADDRESS/$INDEX_NAME/_doc/" \ + -H "Content-Type: application/json" -d "$DOCUMENT_CONTENT" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]] ; then + echo "ERROR: Cannot add document [$DOCUMENT_CONTENT] to index=[$INDEX_NAME].\nHTTP status: $http_status, response body: $response_body" + return 5 + fi + + return 0 +} + +function generate_log_documents() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One required: 1) number of documents to generate" + return 1 + fi + + N=$1 + + for ((i = 1; i <= N; i++)); do + user_id=$((RANDOM % 10000 + 1)) + timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + log_message="User $user_id login successful" + level="$(pick_randomly "INFO" "WARN" "ERROR" "DEBUG")" + + echo "{ \"message\": \"$log_message\", \"level\": \"$level\", \"@timestamp\": \"$timestamp\", \"user_id\": \"$user_id\" }" + done +} \ No newline at end of file diff --git a/coolify-demo/readme.md b/coolify-demo/readme.md new file mode 100644 index 0000000..18e75d8 --- /dev/null +++ b/coolify-demo/readme.md @@ -0,0 +1,53 @@ +# Deploying ROR Playground cluster to Coolify + +## Coolify deployment instructions + +1. Add a new Resource +- Git Based / Public Repository +``` +https://github.com/beshu-tech/ror-sandbox +``` + +2. Please set "Build Pack" => **Docker Compose** + +3. Set the "Base Directory": +``` +/coolify-demo +``` + +4. You may see an error message "fatal: Remote branch main not found in upstream origin" +- go to the "Sources" (inner left menu) and choose `master` as your Branch +- Save the changes and go to General => Reload Compose File +- if this doesn't work; reload the page with F5, make sure the "Sources" are set properly and try again' + +5. Add the domain in "General/Domains": +- fill the "Domains for Kbn Ror" with whatever domain you want to use e.g. `https://ror-demo.anaphora.it` + +6. Set the following in "General/Build": +- use *Custom Build Command* as follows: +``` +chmod +x coolify-demo/build_starter.sh && cd coolify-demo && ./build_starter.sh +``` +And the *Custom Start Command*: +``` +cd coolify-demo && docker compose up --no-build -d +``` +- please also check ☑️ "Preserve Repository During Deployment" option + +7. Save the changes and hit the ▶️ Deploy button + +8. Wait until the deployment is finished, open the URL you've entered in your browser and use the demo credentials: +- `admin` as a username and password + +Enjoy! 🚀 + +## Local development instructions + +To start the stack locally, please use the following command in current directory: +```shell +docker compose -f docker-compose.yaml -f docker-compose.local.yaml up --build -d +``` +- please note that you'll need to run the pre-deployment script one time to create dotenv file: +```shell +chmod +x set_env_vars.sh && ./set_env_vars.sh +``` diff --git a/coolify-demo/set_env_vars.sh b/coolify-demo/set_env_vars.sh new file mode 100644 index 0000000..5abf777 --- /dev/null +++ b/coolify-demo/set_env_vars.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if ! command -v jq &> /dev/null +then + echo -e "jq is required:\n\nsudo apt-get update && sudo apt-get install jq" + exit 1 +fi + +response=$(curl -s https://api.beshu.tech/list_es_versions) +pluginVersion=$(echo "$response" | jq -r '.pluginVersion') +esVersion=$(echo "$response" | jq -r '.es[0]') +kbnVersion=$(echo "$response" | jq -r '.kbn_universal[0]') + +# instead of exporting, we should add .env file we'll map in docker-compose services +output_file=".env" +mkdir -p "$(dirname "$output_file")" +{ + echo "ROR_ES_VERSION=\"$pluginVersion\"" + echo "ROR_KBN_VERSION=\"$pluginVersion\"" + echo "ES_VERSION=\"$esVersion\"" + echo "KBN_VERSION=\"$kbnVersion\"" +} > "$output_file" + +echo "Environment variables have been written to: $output_file" +cat "$output_file" diff --git a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml index de0b5d6..497d712 100644 --- a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml @@ -13,3 +13,4 @@ server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 xpack.security.enabled: false +xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" \ No newline at end of file