From ea85b066dad1744e2316123cae184554fbd7f535 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 10:58:48 +0700 Subject: [PATCH 01/23] feat: docker-compose stack to deploy the cluster to Coolify --- coolify-demo/.dockerignore | 4 ++ coolify-demo/.gitignore | 1 + coolify-demo/Dockerfile-KBN-noSSL | 30 ++++++++++ coolify-demo/build_starter.sh | 11 ++++ coolify-demo/docker-compose.local.yaml | 17 ++++++ coolify-demo/docker-compose.yaml | 83 ++++++++++++++++++++++++++ coolify-demo/set_env_vars.sh | 25 ++++++++ 7 files changed, 171 insertions(+) create mode 100644 coolify-demo/.dockerignore create mode 100644 coolify-demo/.gitignore create mode 100644 coolify-demo/Dockerfile-KBN-noSSL create mode 100644 coolify-demo/build_starter.sh create mode 100644 coolify-demo/docker-compose.local.yaml create mode 100644 coolify-demo/docker-compose.yaml create mode 100644 coolify-demo/set_env_vars.sh diff --git a/coolify-demo/.dockerignore b/coolify-demo/.dockerignore new file mode 100644 index 0000000..01ff9ab --- /dev/null +++ b/coolify-demo/.dockerignore @@ -0,0 +1,4 @@ +.env +readme.md +docker-compose.* +Dockerfile* \ No newline at end of file diff --git a/coolify-demo/.gitignore b/coolify-demo/.gitignore new file mode 100644 index 0000000..2eea525 --- /dev/null +++ b/coolify-demo/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL new file mode 100644 index 0000000..e828e04 --- /dev/null +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -0,0 +1,30 @@ +ARG KBN_VERSION=8.14.3 +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION +ARG ROR_VERSION=1.60.0 + +WORKDIR . + +USER root +RUN apt-get update && apt-get install -y bash sed && rm -rf /var/lib/apt/lists/* + +COPY ./ror-demo-cluster /ror-demo-cluster +WORKDIR /ror-demo-cluster + +# disabling SSL in Kibana config +RUN sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/ror-newplatform-kibana.yml +RUN sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/ror-oldplatform-kibana.yml + +RUN cp ./conf/kbn/ror-newplatform-kibana.yml /usr/share/kibana/config/ && \ + cp ./conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ && \ + # at least .key is required even without SSL enabled ssl_config will be run @ startup + cp ./conf/kbn/kibana.crt /usr/share/kibana/config/ && \ + cp ./conf/kbn/kibana.key /usr/share/kibana/config/ && \ + cp ./images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh + +WORKDIR /usr/share/kibana +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/coolify-demo/build_starter.sh b/coolify-demo/build_starter.sh new file mode 100644 index 0000000..d6fb046 --- /dev/null +++ b/coolify-demo/build_starter.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +echo "🏃🏿‍♂️‍➡️ build_starter: installing dependencies" +# coolify-helper image uses Alpine +apk update && apk add jq curl + +echo "🏃🏿‍♂️‍➡️ build_starter: setting up environment variables" +source set_env_vars.sh + +echo "🏃🏿‍♂️‍➡️ build_starter: starting the 🐳 build" +docker compose build diff --git a/coolify-demo/docker-compose.local.yaml b/coolify-demo/docker-compose.local.yaml new file mode 100644 index 0000000..4993251 --- /dev/null +++ b/coolify-demo/docker-compose.local.yaml @@ -0,0 +1,17 @@ +services: + + es-ror: + networks: + - es-ror-network + + kbn-ror: + networks: + - es-ror-network + + initializer: + networks: + - es-ror-network + +networks: + es-ror-network: + driver: bridge diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml new file mode 100644 index 0000000..d29f77f --- /dev/null +++ b/coolify-demo/docker-compose.yaml @@ -0,0 +1,83 @@ +services: + + es-ror: + container_name: es-ror + env_file: ".env" + build: + context: ../ror-demo-cluster + dockerfile: images/es/Dockerfile-use-ror-binaries-from-api + args: + ES_VERSION: ${ES_VERSION:-8.14.3} + ROR_VERSION: ${ROR_ES_VERSION:-1.60.0} + ports: + - "19200:9200" + - "19300:9300" + - "5000:5000" + environment: + - cluster.name=ror-es-cluster + - node.name=es-ror-single + - discovery.type=single-node + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5000" + - ES_VERSION=${ES_VERSION:-8.14.3} + healthcheck: + test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "https://localhost:9200/_cluster/health" ] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + ulimits: + memlock: + soft: -1 + hard: -1 + + kbn-ror: + container_name: kbn-ror + env_file: ".env" + build: + context: .. + dockerfile: coolify-demo/Dockerfile-KBN-noSSL + args: + KBN_VERSION: ${KBN_VERSION:-8.14.3} + ROR_VERSION: ${ROR_KBN_VERSION:-1.60.0} + depends_on: + es-ror: + condition: service_healthy + ports: + - "15601:5601" + environment: + ELASTICSEARCH_HOSTS: https://es-ror:9200 + ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY + healthcheck: + test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "http://localhost:5601/api/features" ] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + ulimits: + memlock: + soft: -1 + hard: -1 + + initializer: + container_name: initializer + build: + context: ../ror-demo-cluster + dockerfile: images/cluster-initializer/Dockerfile + depends_on: + es-ror: + condition: service_healthy + kbn-ror: + condition: service_healthy + environment: + ELASTICSEARCH_ADDRESS: https://es-ror:9200 + ELASTICSEARCH_USER: kibana + ELASTICSEARCH_PASSWORD: kibana + healthcheck: + test: "test -f /tmp/init_done || exit 1" + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + volumes: + - ../ror-demo-cluster/init-scripts:/scripts:ro diff --git a/coolify-demo/set_env_vars.sh b/coolify-demo/set_env_vars.sh new file mode 100644 index 0000000..5abf777 --- /dev/null +++ b/coolify-demo/set_env_vars.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if ! command -v jq &> /dev/null +then + echo -e "jq is required:\n\nsudo apt-get update && sudo apt-get install jq" + exit 1 +fi + +response=$(curl -s https://api.beshu.tech/list_es_versions) +pluginVersion=$(echo "$response" | jq -r '.pluginVersion') +esVersion=$(echo "$response" | jq -r '.es[0]') +kbnVersion=$(echo "$response" | jq -r '.kbn_universal[0]') + +# instead of exporting, we should add .env file we'll map in docker-compose services +output_file=".env" +mkdir -p "$(dirname "$output_file")" +{ + echo "ROR_ES_VERSION=\"$pluginVersion\"" + echo "ROR_KBN_VERSION=\"$pluginVersion\"" + echo "ES_VERSION=\"$esVersion\"" + echo "KBN_VERSION=\"$kbnVersion\"" +} > "$output_file" + +echo "Environment variables have been written to: $output_file" +cat "$output_file" From 302057fc50594a099b0bd197fb8a17888212ccd6 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 11:25:38 +0700 Subject: [PATCH 02/23] feat: deployment instructions --- coolify-demo/readme.md | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 coolify-demo/readme.md diff --git a/coolify-demo/readme.md b/coolify-demo/readme.md new file mode 100644 index 0000000..9a9861b --- /dev/null +++ b/coolify-demo/readme.md @@ -0,0 +1,52 @@ +# Deploying ROR Playground cluster to Coolify + +## Coolify deployment instructions + +1. Add a new Resource +- Git Based / Public Repository +``` +https://github.com/beshu-tech/ror-sandbox +``` + +2. Please set "Build Pack" => **Docker Compose** + +3. Set the "Base Directory": +``` +/coolify-demo +``` + +4. You may see an error message "fatal: Remote branch main not found in upstream origin" +- go to the "Sources" (inner left menu) and choose `master` as your Branch +- Save the changes and go to General => Reload Compose File +- if this doesn't work; reload the page with F5, make sure the "Sources" are set properly and try again' + +5. Add the domain in "General/Domains": +- fill the "Domains for Kbn Ror" with whatever domain you want to use e.g. `https://ror-demo.anaphora.it` + +6. Set the following in "General/Build": +- use *Custom Build Command* as follows: +``` +chmod +x coolify-demo/build_starter.sh && cd coolify-demo && ./build_starter.sh +``` +And the *Custom Start Command*: +``` +cd coolify-demo && docker compose up --no-build -d +``` + +7. Save the changes and hit the ▶️ Deploy button + +8. Wait until the deployment is finished, open the URL you've entered in your browser and use the demo credentials: +- `admin` as a username and password + +Enjoy! 🚀 + +## Local development instructions + +To start the stack locally, please use the following command in current directory: +```shell +docker compose -f docker-compose.yaml -f docker-compose.local.yaml up --build -d +``` +- please note that you'll need to run the pre-deployment script one time to create dotenv file: +```shell +chmod +x set_env_vars.sh && ./set_env_vars.sh +``` From 44836d336860e44d47d55d222d8b7daba050c214 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 11:38:03 +0700 Subject: [PATCH 03/23] fix: Coolify deployment instructions --- coolify-demo/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/coolify-demo/readme.md b/coolify-demo/readme.md index 9a9861b..18e75d8 100644 --- a/coolify-demo/readme.md +++ b/coolify-demo/readme.md @@ -32,6 +32,7 @@ And the *Custom Start Command*: ``` cd coolify-demo && docker compose up --no-build -d ``` +- please also check ☑️ "Preserve Repository During Deployment" option 7. Save the changes and hit the ▶️ Deploy button From 13575836fb2522845dbeea4a3a313b26edfe1599 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 11:48:29 +0700 Subject: [PATCH 04/23] fix: Coolify-specific syntax for volume mapping --- coolify-demo/docker-compose.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index d29f77f..fd3b466 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -80,4 +80,8 @@ services: retries: 30 start_period: 60s volumes: - - ../ror-demo-cluster/init-scripts:/scripts:ro + - type: bind + source: ./ror-demo-cluster/init-scripts + target: /scripts + # noinspection ComposeUnknownKeys + is_directory: true # Coolify-specific From a372a5567130a6bddd0be85f97e5ca729a3a8b83 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 11:53:18 +0700 Subject: [PATCH 05/23] fix: Coolify-specific syntax for volume mapping --- coolify-demo/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index fd3b466..a42c743 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -81,7 +81,7 @@ services: start_period: 60s volumes: - type: bind - source: ./ror-demo-cluster/init-scripts + source: ../ror-demo-cluster/init-scripts target: /scripts # noinspection ComposeUnknownKeys is_directory: true # Coolify-specific From 857be9a01b874cc1193e1098a6e0c65a775b0b14 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Tue, 29 Oct 2024 12:23:35 +0700 Subject: [PATCH 06/23] fix: back to general syntax for volumes mapping in Coolify --- coolify-demo/docker-compose.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index a42c743..d29f77f 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -80,8 +80,4 @@ services: retries: 30 start_period: 60s volumes: - - type: bind - source: ../ror-demo-cluster/init-scripts - target: /scripts - # noinspection ComposeUnknownKeys - is_directory: true # Coolify-specific + - ../ror-demo-cluster/init-scripts:/scripts:ro From c61a3d2d36e0a73e9a0041c5478f2bb99d21664f Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 10:37:02 +0700 Subject: [PATCH 07/23] fix: multi-stage build for Kibana 9+ --- coolify-demo/Dockerfile-KBN-noSSL | 50 +++++++++++++++++++------------ coolify-demo/docker-compose.yaml | 10 +++---- 2 files changed, 36 insertions(+), 24 deletions(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index e828e04..9407c14 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -1,30 +1,42 @@ -ARG KBN_VERSION=8.14.3 -FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} +# Stage 1: Builder stage | pull Ubuntu, install tools, download Kibana bundle and patch configs +# required to be separate since from Kibana 9 we have min. image without packaging tools +ARG KBN_VERSION=9.0.1 +FROM ubuntu:20.04 AS builder ARG KBN_VERSION -ARG ROR_VERSION=1.60.0 - -WORKDIR . +ARG ROR_VERSION=1.64.1 -USER root -RUN apt-get update && apt-get install -y bash sed && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget \ + && rm -rf /var/lib/apt/lists/* -COPY ./ror-demo-cluster /ror-demo-cluster -WORKDIR /ror-demo-cluster +WORKDIR /build +RUN wget -q https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ + && tar xzf kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ + && mv kibana-${KBN_VERSION}-linux-x86_64 kibana +COPY ./ror-demo-cluster /build/ror-demo-cluster +WORKDIR /build/ror-demo-cluster # disabling SSL in Kibana config -RUN sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/ror-newplatform-kibana.yml -RUN sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/ror-oldplatform-kibana.yml +RUN for f in ror-newplatform-kibana.yml ror-oldplatform-kibana.yml; do \ + sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/$f; \ + done -RUN cp ./conf/kbn/ror-newplatform-kibana.yml /usr/share/kibana/config/ && \ - cp ./conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ && \ - # at least .key is required even without SSL enabled ssl_config will be run @ startup - cp ./conf/kbn/kibana.crt /usr/share/kibana/config/ && \ - cp ./conf/kbn/kibana.key /usr/share/kibana/config/ && \ - cp ./images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh +# Stage 2: start from the official Kibana image and copy in everything we need +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG ROR_VERSION + +USER root +COPY --from=builder /build/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml /usr/share/kibana/config/ror-newplatform-kibana.yml +COPY --from=builder /build/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +# at least .key is required even without SSL enabled ssl_config will be run @ startup +COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt +COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.key /usr/share/kibana/config/kibana.key +COPY --from=builder /build/ror-demo-cluster/images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh WORKDIR /usr/share/kibana -RUN /tmp/install-ror.sh && \ - chown -R kibana:kibana /usr/share/kibana/config +RUN chmod +x /tmp/install-ror.sh \ + && /tmp/install-ror.sh \ + && chown -R kibana:kibana /usr/share/kibana/config USER kibana diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index d29f77f..b9e0dc7 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -7,8 +7,8 @@ services: context: ../ror-demo-cluster dockerfile: images/es/Dockerfile-use-ror-binaries-from-api args: - ES_VERSION: ${ES_VERSION:-8.14.3} - ROR_VERSION: ${ROR_ES_VERSION:-1.60.0} + ES_VERSION: ${ES_VERSION:-9.0.1} + ROR_VERSION: ${ROR_ES_VERSION:-1.64.1} ports: - "19200:9200" - "19300:9300" @@ -19,7 +19,7 @@ services: - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5000" - - ES_VERSION=${ES_VERSION:-8.14.3} + - ES_VERSION=${ES_VERSION:-9.0.1} healthcheck: test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "https://localhost:9200/_cluster/health" ] interval: 10s @@ -38,8 +38,8 @@ services: context: .. dockerfile: coolify-demo/Dockerfile-KBN-noSSL args: - KBN_VERSION: ${KBN_VERSION:-8.14.3} - ROR_VERSION: ${ROR_KBN_VERSION:-1.60.0} + KBN_VERSION: ${KBN_VERSION:-9.0.1} + ROR_VERSION: ${ROR_KBN_VERSION:-1.64.1} depends_on: es-ror: condition: service_healthy From 87d15bc278231fac60b50cfbe357023a4b9117fd Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 14:30:51 +0700 Subject: [PATCH 08/23] fix: ca-certificates for wget --- coolify-demo/Dockerfile-KBN-noSSL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index 9407c14..f7f2645 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -6,7 +6,7 @@ FROM ubuntu:20.04 AS builder ARG KBN_VERSION ARG ROR_VERSION=1.64.1 -RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget \ +RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget ca-certificates \ && rm -rf /var/lib/apt/lists/* WORKDIR /build From 61808bcfc79218e7fdbb3fab3b3ae560e44b552a Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 14:32:33 +0700 Subject: [PATCH 09/23] fix: wget without silent mode --- coolify-demo/Dockerfile-KBN-noSSL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index f7f2645..32a4c43 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -10,7 +10,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget c && rm -rf /var/lib/apt/lists/* WORKDIR /build -RUN wget -q https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ +RUN wget https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ && tar xzf kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ && mv kibana-${KBN_VERSION}-linux-x86_64 kibana COPY ./ror-demo-cluster /build/ror-demo-cluster From e6bf44cde19add28cfa98d3ec05072a33d6462c1 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 14:56:28 +0700 Subject: [PATCH 10/23] feat: enforce LF line breaks --- .gitattributes | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..526c8a3 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.sh text eol=lf \ No newline at end of file From a4b52c36e833bc4d9baca86605e509398e7c5e30 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 15:06:07 +0700 Subject: [PATCH 11/23] feat: variable dir inside Kibana's .tar.gz --- coolify-demo/Dockerfile-KBN-noSSL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index 32a4c43..451a45d 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -12,7 +12,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget c WORKDIR /build RUN wget https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ && tar xzf kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ - && mv kibana-${KBN_VERSION}-linux-x86_64 kibana + && extracted_dir=$(tar -tf kibana-${KBN_VERSION}-linux-x86_64.tar.gz | head -1 | cut -f1 -d"/") \ + && mv "$extracted_dir" kibana COPY ./ror-demo-cluster /build/ror-demo-cluster WORKDIR /build/ror-demo-cluster From adbba63bd9bdd1b56bb6b5ac905326f985f7ff31 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 15 May 2025 15:39:01 +0700 Subject: [PATCH 12/23] fix: build args vs multi-stage setup --- coolify-demo/Dockerfile-KBN-noSSL | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index 451a45d..e6a270a 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -1,10 +1,12 @@ # Stage 1: Builder stage | pull Ubuntu, install tools, download Kibana bundle and patch configs # required to be separate since from Kibana 9 we have min. image without packaging tools ARG KBN_VERSION=9.0.1 +ARG ROR_VERSION=1.64.1 + FROM ubuntu:20.04 AS builder ARG KBN_VERSION -ARG ROR_VERSION=1.64.1 +ARG ROR_VERSION RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget ca-certificates \ && rm -rf /var/lib/apt/lists/* @@ -23,8 +25,10 @@ RUN for f in ror-newplatform-kibana.yml ror-oldplatform-kibana.yml; do \ done # Stage 2: start from the official Kibana image and copy in everything we need +ARG KBN_VERSION FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} +ARG KBN_VERSION ARG ROR_VERSION USER root From 6778917212170e1104b2d84efbeaa8e2863731c5 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 10:17:46 +0700 Subject: [PATCH 13/23] fix: proper enryption to Kibana configs as per https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 --- ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml | 3 +++ ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml index 3df3d8e..df2dc91 100644 --- a/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml @@ -14,3 +14,6 @@ server.ssl.redirectHttpFromPort: 80 readonlyrest_kbn.logLevel: info readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' + +# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 +xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml index de0b5d6..8728af8 100644 --- a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml @@ -13,3 +13,5 @@ server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 xpack.security.enabled: false +# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 +xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" \ No newline at end of file From 6401a7d02dc997d482fd2c7500d7c3eea74df7af Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 11:09:48 +0700 Subject: [PATCH 14/23] coolify-demo: adopt upstream license-edition kbn config flow - COPY all 4 *-kibana.yml (free/pro/enterprise/old) + disable SSL on all - add ROR_LICENSE_EDITION build arg (defaults to ENT since demo passes ROR_ACTIVATION_KEY) - pass it explicitly into install-ror.sh env so the new switch picks enterprise yml Co-Authored-By: Claude Opus 4.7 (1M context) --- coolify-demo/Dockerfile-KBN-noSSL | 12 ++++++++---- coolify-demo/docker-compose.yaml | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL index e6a270a..8f982c9 100644 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ b/coolify-demo/Dockerfile-KBN-noSSL @@ -19,8 +19,8 @@ RUN wget https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-lin COPY ./ror-demo-cluster /build/ror-demo-cluster WORKDIR /build/ror-demo-cluster -# disabling SSL in Kibana config -RUN for f in ror-newplatform-kibana.yml ror-oldplatform-kibana.yml; do \ +# disabling SSL in Kibana config (upstream split ror-newplatform-kibana.yml into free/pro/enterprise — RORDEV-1585) +RUN for f in free-ror-newplatform-kibana.yml pro-ror-newplatform-kibana.yml enterprise-ror-newplatform-kibana.yml ror-oldplatform-kibana.yml; do \ sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/$f; \ done @@ -30,9 +30,12 @@ FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} ARG KBN_VERSION ARG ROR_VERSION +ARG ROR_LICENSE_EDITION=ENT USER root -COPY --from=builder /build/ror-demo-cluster/conf/kbn/ror-newplatform-kibana.yml /usr/share/kibana/config/ror-newplatform-kibana.yml +COPY --from=builder /build/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY --from=builder /build/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY --from=builder /build/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml COPY --from=builder /build/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml # at least .key is required even without SSL enabled ssl_config will be run @ startup COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt @@ -40,8 +43,9 @@ COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.key /usr/share/kiban COPY --from=builder /build/ror-demo-cluster/images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh WORKDIR /usr/share/kibana +# install-ror.sh reads ROR_LICENSE_EDITION from env to pick the right *-ror-newplatform-kibana.yml RUN chmod +x /tmp/install-ror.sh \ - && /tmp/install-ror.sh \ + && KBN_VERSION="${KBN_VERSION}" ROR_VERSION="${ROR_VERSION}" ROR_LICENSE_EDITION="${ROR_LICENSE_EDITION}" /tmp/install-ror.sh \ && chown -R kibana:kibana /usr/share/kibana/config USER kibana diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index b9e0dc7..bbdce2d 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -40,6 +40,7 @@ services: args: KBN_VERSION: ${KBN_VERSION:-9.0.1} ROR_VERSION: ${ROR_KBN_VERSION:-1.64.1} + ROR_LICENSE_EDITION: ${ROR_LICENSE_EDITION:-ENT} depends_on: es-ror: condition: service_healthy From 7ee20ec8759da3534fd3faee411ad1a827b26a26 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 14:55:44 +0700 Subject: [PATCH 15/23] =?UTF-8?q?coolify-demo:=20address=20review=20?= =?UTF-8?q?=E2=80=94=20use=20official=20ROR=20images,=20self-contained=20c?= =?UTF-8?q?ontext?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per @coutoPL review on PR #54: - es-ror: build FROM beshultd/elasticsearch-readonlyrest:${ES_VERSION}-ror-${ROR_ES_VERSION} instead of orchestrating Kibana download + ROR install (matches readonlyrest-e2e-tests pattern) - kbn-ror: same — build FROM beshultd/kibana-readonlyrest, COPY a self-contained kibana.yml (SSL off, encryption key baked, no per-license-edition split needed since we own this yml) - kbn-ror healthcheck switched to "curl -k --fail -u kibana:kibana https://localhost:5601/api/status" per coutoPL suggestion - initializer: copied Dockerfile + entrypoint.sh + init.sh + lib.sh into coolify-demo/ so changes in ror-demo-cluster/ can't break Coolify deploy - ES configs (readonlyrest.yml, elasticsearch.yml, certs) copied into coolify-demo/conf/es/ for the same reason - removed Dockerfile-KBN-noSSL (dead — official image already has Kibana + ROR plugin pre-installed and patched) - .dockerignore: dropped Dockerfile* (was excluding our own Dockerfile from build context — foot-gun coderabbit flagged earlier) Co-Authored-By: Claude Opus 4.7 (1M context) --- coolify-demo/.dockerignore | 1 - coolify-demo/Dockerfile-KBN-noSSL | 51 ------ coolify-demo/conf/es/ca.crt | 33 ++++ coolify-demo/conf/es/elasticsearch.crt | 29 +++ coolify-demo/conf/es/elasticsearch.key | 28 +++ coolify-demo/conf/es/elasticsearch.yml | 33 ++++ coolify-demo/conf/es/readonlyrest.yml | 76 ++++++++ coolify-demo/conf/kbn/kibana.yml | 13 ++ coolify-demo/docker-compose.yaml | 20 +- .../images/cluster-initializer/Dockerfile | 9 + .../images/cluster-initializer/entrypoint.sh | 14 ++ coolify-demo/images/es/Dockerfile | 15 ++ coolify-demo/images/kbn/Dockerfile | 12 ++ coolify-demo/init-scripts/init.sh | 13 ++ coolify-demo/init-scripts/utils/lib.sh | 173 ++++++++++++++++++ 15 files changed, 457 insertions(+), 63 deletions(-) delete mode 100644 coolify-demo/Dockerfile-KBN-noSSL create mode 100644 coolify-demo/conf/es/ca.crt create mode 100644 coolify-demo/conf/es/elasticsearch.crt create mode 100644 coolify-demo/conf/es/elasticsearch.key create mode 100644 coolify-demo/conf/es/elasticsearch.yml create mode 100644 coolify-demo/conf/es/readonlyrest.yml create mode 100644 coolify-demo/conf/kbn/kibana.yml create mode 100644 coolify-demo/images/cluster-initializer/Dockerfile create mode 100644 coolify-demo/images/cluster-initializer/entrypoint.sh create mode 100644 coolify-demo/images/es/Dockerfile create mode 100644 coolify-demo/images/kbn/Dockerfile create mode 100644 coolify-demo/init-scripts/init.sh create mode 100644 coolify-demo/init-scripts/utils/lib.sh diff --git a/coolify-demo/.dockerignore b/coolify-demo/.dockerignore index 01ff9ab..466949b 100644 --- a/coolify-demo/.dockerignore +++ b/coolify-demo/.dockerignore @@ -1,4 +1,3 @@ .env readme.md docker-compose.* -Dockerfile* \ No newline at end of file diff --git a/coolify-demo/Dockerfile-KBN-noSSL b/coolify-demo/Dockerfile-KBN-noSSL deleted file mode 100644 index 8f982c9..0000000 --- a/coolify-demo/Dockerfile-KBN-noSSL +++ /dev/null @@ -1,51 +0,0 @@ -# Stage 1: Builder stage | pull Ubuntu, install tools, download Kibana bundle and patch configs -# required to be separate since from Kibana 9 we have min. image without packaging tools -ARG KBN_VERSION=9.0.1 -ARG ROR_VERSION=1.64.1 - -FROM ubuntu:20.04 AS builder - -ARG KBN_VERSION -ARG ROR_VERSION - -RUN apt-get update && apt-get install -y --no-install-recommends bash sed wget ca-certificates \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /build -RUN wget https://artifacts.elastic.co/downloads/kibana/kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ - && tar xzf kibana-${KBN_VERSION}-linux-x86_64.tar.gz \ - && extracted_dir=$(tar -tf kibana-${KBN_VERSION}-linux-x86_64.tar.gz | head -1 | cut -f1 -d"/") \ - && mv "$extracted_dir" kibana -COPY ./ror-demo-cluster /build/ror-demo-cluster - -WORKDIR /build/ror-demo-cluster -# disabling SSL in Kibana config (upstream split ror-newplatform-kibana.yml into free/pro/enterprise — RORDEV-1585) -RUN for f in free-ror-newplatform-kibana.yml pro-ror-newplatform-kibana.yml enterprise-ror-newplatform-kibana.yml ror-oldplatform-kibana.yml; do \ - sed -i 's/server.ssl.enabled: true/server.ssl.enabled: false/' conf/kbn/$f; \ - done - -# Stage 2: start from the official Kibana image and copy in everything we need -ARG KBN_VERSION -FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} - -ARG KBN_VERSION -ARG ROR_VERSION -ARG ROR_LICENSE_EDITION=ENT - -USER root -COPY --from=builder /build/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml -COPY --from=builder /build/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml -COPY --from=builder /build/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml -COPY --from=builder /build/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml -# at least .key is required even without SSL enabled ssl_config will be run @ startup -COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt -COPY --from=builder /build/ror-demo-cluster/conf/kbn/kibana.key /usr/share/kibana/config/kibana.key -COPY --from=builder /build/ror-demo-cluster/images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh - -WORKDIR /usr/share/kibana -# install-ror.sh reads ROR_LICENSE_EDITION from env to pick the right *-ror-newplatform-kibana.yml -RUN chmod +x /tmp/install-ror.sh \ - && KBN_VERSION="${KBN_VERSION}" ROR_VERSION="${ROR_VERSION}" ROR_LICENSE_EDITION="${ROR_LICENSE_EDITION}" /tmp/install-ror.sh \ - && chown -R kibana:kibana /usr/share/kibana/config - -USER kibana diff --git a/coolify-demo/conf/es/ca.crt b/coolify-demo/conf/es/ca.crt new file mode 100644 index 0000000..a663472 --- /dev/null +++ b/coolify-demo/conf/es/ca.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIUXHtIhBOyU0vug0Jd0kjUZntK6e8wDQYJKoZIhvcNAQEL +BQAwbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMB4XDTI0MTIyMjA3MTk1N1oXDTM0MTIyMDA3MTk1 +N1owbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAhE1ezdFslIwiGNTXr1Vbh0ar6W1l7l2fPnSxsZmGW+Pp/OwD03INeUVrsAU9 +CWMCjFUt/yKqpm48lZrAUyI7cUDEGl90XtaZ5MdlEIhIg6Az6bRD7YA0Xfb2k0EJ +HbNvDZ9mMX6mwuxqgrbpkuavvull8qxV6MAES1Ts6owTgQI4KhQ7Y8Q/5093MgxY +qgnPZzrOPa6alizu+q7Rr9zHmpKqSIK/JB8LlmPLbJMNAWyp8iiRHzt4LmlrNQF2 +3A+gvNVllnUn3zFAz6c+yKtfJcsj67+JFhLvloy7rqrOTf5/+jpEogQal8J5qqIs +I0Kex7l+gR9EFCOdCNbzBvmYBGyow7Rl3zWH3gWiiOdcN6Vdq9sREwd39L+3BT2d +S2RdLAu8kRGrlw/KJsXJUrRRRhDasxsz5XKXWUB64jxDdHjzNx3N2FHuH3yc/Kbq +Qsc3q6pVnysc14MtPtwKHA7eCyjalsh+Vq6njoKJlF6ptSPop0poU9kCfH5WE5wp +F0Xz8pA6cmjuGs5KoIYPN/36aLQ8QcPTtgZPFOBUrZUTTp+Bbd7W3vG/nWG6nRqR +ml0I6jTF6xq9AoJFemk6aXKvyZHKs2nH79aod9hSKRNrtZNJY/ZSsFbXbvSq9qri +SP5Hgdh1QUHgJjy4ohRDIUhuyDqCiPIG/KM9/9Vh90r+gRkCAwEAAaNTMFEwHQYD +VR0OBBYEFM+STMzYeJ3os3MlrPDbb4+NgpQEMB8GA1UdIwQYMBaAFM+STMzYeJ3o +s3MlrPDbb4+NgpQEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB +ABW1XECYHw+Prlwic+ZCpnF9jMsiy1ALzkE90l9Rkmi68ruJBAsZDkQKRXVTkOYO +RsS7bgZo7CavWKcuEaw/JbMH5D4TNvbziKhX6EuAR3GpdZZxGT2N4uasaCHPcAeT +JoLxOuzSsjSN3aPWXyNzis3z9aeJuYjbfzp0R7Gz/bTHSYV7hMNnEazE8itF4iQx +6/NkmL6twHOv1kPicpAXpjLswWPyUWZCj9TI9BpREJ1txyInhwBEKOgYBnQ2iwCU +RVE2OQjlSavkgf6wxkFQaiZJavB+ckO6aJTw5kcjB1wtZEUj+Ykg9v26LBiUzYPF +I0gQR7hcl8ku3mj5ujNbm/Tmi+P8sEq+l3MbrIVNipHQFxjSq6lfG4VXVdwurWl0 +8q0b4sVGvL+lowOne/NgAUmXJROWBu1/KkUIADpv74h8I2vdYDic4YM6wMPvTOGj +nrwLWiI0H4L2AqA5oTEdQOpqGHpierlgiy3etcjBwItjc5yqZioG3m70BSX21J6m +pDF2WkGoJArGVr6Y78oZqp01vYFRprfocmvcGm5fZZn0H8RnnEu47c5r3g3AG6sD +Q9BwmMDm9Xjz84OAGAcheZWHRZ856znzL3oUJIGskFX3U/Z6O6WjIVrwJodxUydr +2yLDrf3XKKQYY9d61GCjWI5o6VPpR+42lXuQWAMtaU9K +-----END CERTIFICATE----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.crt b/coolify-demo/conf/es/elasticsearch.crt new file mode 100644 index 0000000..3ee71e0 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5zCCAs+gAwIBAgIUBuxS2b5y2Q4NfK+HlNZ9FeNx+nEwDQYJKoZIhvcNAQEL +BQAwbjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3JlYWRv +bmx5cmVzdC5iZXNodS50ZWNoMB4XDTI0MTIyMjA3MjIxNFoXDTM0MTIyMDA3MjIx +NFowXTELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u +ZG9uMQ4wDAYDVQQKDAVCZXNodTELMAkGA1UECwwCSVQxDzANBgNVBAMMBmVzLXJv +cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/yBwMeUvUOA8Y7UAB8 +i94KkVnusNGLIO29SQzjfdzs9AjHZYdkwZw9KgtPs2oC/+WYdiqKn5IKWdl5iKqk +2knb+7bZROzeXnkdcNS6N9DUPsub4/a6iqJjN+FqadhkIaYaClRktE2oxjmt7iVu +5XUyXFO9McLRw48KULRE/RIUsqaOpfK6jeSOivI38Sam2R3aXUG+yF67MDNUWITp +ily3tOGUX9Bnn/S52bvXwc6ubwclE86WnCwDGrl0mG4cxTlJo/DkKiVTyJs/pskD +gSgzNMNrvjFjg30GsGNiTCH0UfQWR8tPq7E6lDCClalwHbn1USGn3gurz6V9bvTE +sE0CAwEAAaOBjTCBijAcBgNVHREEFTATggZlcy1yb3KCCWxvY2FsaG9zdDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgOoMB0GA1UdDgQW +BBTv2iDvnAwcJryknoX7wZjzUhFFvTAfBgNVHSMEGDAWgBTPkkzM2Hid6LNzJazw +22+PjYKUBDANBgkqhkiG9w0BAQsFAAOCAgEAdwKOiTPJbPu8H2vYng/r+w496sqZ +SOkKhrAk6dkcry5CxeopOKOrxGHUqRWnBRauM6MxXwWCKdb1rkIns3nXbJqkGge2 +DGJSlVTfUDGifUS2JTfwhb4eiQR9s902jP8nSOsNpk5IK78973jsias1OtW/geoP +a3kDQgaKUKEsplMBOq4DI8ijtGRP9npyeGr4gpPxpYaUDrC6JqPZnprEen+fafwx +kMlKPT420Re8U8KKq1hwLJ5xi5I5mmAXIncDLaxRPappEs8GXuaz/Fqh6mmgqTWk +vU2950ulsM+eI8bp/7NuTFoFVKhKvjXBb27jGafmFv66jn1nupUDXL7JH8waIeud +w5XyXHlAmm+8ZTSyBXiR5J/v+odTT8QHnNmoP48ZDMQgYy6i3mbKgXfuP/7G5Vfh +cUs+XkN2GNRRbkWBgdFSovBDmDZaf7aihBGOu1AX/4Oxz6/dZTCRuo6GGwf0tuJl +SiWz/XUDmVs4M+eAiKVl3Emkb01SgD6HS9fS0uuyrEahya4FAWrjzxTf9cD1IEOL +YhVFPTQH4l0gkEaO9582LVDcSmtwKVl56AvXU/vU0UaXLTbfcNYZDusAlUHrYg+R +hnS8TGNoN6NXZuqg8NEiDM+6HinIwZ1cCaxugThIWVpDq9+2FNYlW3/QQ1sP+Nko +V4yBt5pes2mUbbA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.key b/coolify-demo/conf/es/elasticsearch.key new file mode 100644 index 0000000..aef8f68 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/8gcDHlL1DgPG +O1AAfIveCpFZ7rDRiyDtvUkM433c7PQIx2WHZMGcPSoLT7NqAv/lmHYqip+SClnZ +eYiqpNpJ2/u22UTs3l55HXDUujfQ1D7Lm+P2uoqiYzfhamnYZCGmGgpUZLRNqMY5 +re4lbuV1MlxTvTHC0cOPClC0RP0SFLKmjqXyuo3kjoryN/Emptkd2l1BvsheuzAz +VFiE6Ypct7ThlF/QZ5/0udm718HOrm8HJRPOlpwsAxq5dJhuHMU5SaPw5ColU8ib +P6bJA4EoMzTDa74xY4N9BrBjYkwh9FH0FkfLT6uxOpQwgpWpcB259VEhp94Lq8+l +fW70xLBNAgMBAAECggEAHkKt0FQLiA65kZrwNeNsuYi4+ZCj16Uzf8eDqMCEqzvA +DVJCM2IzE8qgwj/CbUgjx7KNjo9kMMXo/Fwoq55pu5Muz9jZAO7dvgJiM2dYPVf4 +vmjJO7CVApzZxnPcU/0VQPaCAmQN+OBOv/EnxkcBbcSOwbTmD2y6g+aAaqslqp/K +Wc1ci/+H4iaevj5MrUAq7PelLzsMk+fZKfjipOgQMW9oxQ030XuDi4pR41qAvVO3 +YFvagoKweBAZ6vVMf2x3EFOtJTKk6aBL/VqsvVVVRURwmLqRsr5QvuJQgypS34QV +a3iqh70cR4GZ/WTCnotHZ1p0MjLMBT4EnG1L6lLXEQKBgQD5TkFQxswdUms5D3fR +FLmcJUUnqdY/0V6OmxtRY4VBIrFBIYaZHlv/xrJH6yGNTOBwbwTxKLNInGdosoFe +6f/0JWVfJ/qHrurnk0EAqB8R+PwCPswhpXbYQcAjBHjtGpCLtwuUdMpIpSE9t5mp +Yvap3GaJdjmSinoEAH/YvgcCbwKBgQDFGXlHdfbd8jZTpfhyPjUv9aUc2AbEPfbr +FrwicLYfkEKn+DMecIzwL0WTqCqOs3J/u214BZkeXruoopJPGqLZrjyJ8Q6mONUq +bjWztM/BSCYas+texNAjUpbx7iddAEeapCnFdwmynfEP7mK6cL9GzfOV5oZsNbi8 +nk2PSRtnAwKBgDUhj1v2siOBoCZN/JwLja8QZleYo3eAWGWN+tlym0CRczNNQNE7 +HiI5p18aZlEl1CNCFcyLfwH3izZN7LJcrlbK7XrFG2h1R8zIni7UpaJ/7L1RwtFc +4SIfiSItXtQxOCL+hLJD3aRzxMzRZycpVyZGOXgMQSLQ7kYSES0Q+o9zAoGATkpA +ElKZLK/5RGC4vyhWmCZK35ovlePHILp3IHcE4KS81VuRcpXiZcVhLbWuseA1qucY +JISUvauDfwiUdTdvWGgNQ/2sg/ovMht02V0I6Q1vlUvCQnKK+nzj2FVw7VAfIR30 +Oat+/qQeDOXz8Xq3f7hu+SwIWRM9vi5jQHcZm2ECgYEApIVmSxeLk4Rd20O/+qfU +h7R8twf66tY/fREockSyr70sfLI8tVFn3bBgK40iWRAdKNU2lv9i0TqZ54EujrB0 +e9y2GkzYWYzU+79eAlzjdgZ3warnTTGRbp0NloV4wIHB6mUGykVB53kXKIDyjvQG +Swi56SGrTE/zmC8gl25EgHc= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/coolify-demo/conf/es/elasticsearch.yml b/coolify-demo/conf/es/elasticsearch.yml new file mode 100644 index 0000000..e723ed4 --- /dev/null +++ b/coolify-demo/conf/es/elasticsearch.yml @@ -0,0 +1,33 @@ +cluster.name: ror-cluster +node.name: ror-es01 +network.host: 0.0.0.0 + +path.repo: /tmp/repositories + +# XPACK SSL +xpack.security.enabled: true +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.key: elasticsearch.key +xpack.security.http.ssl.certificate: elasticsearch.crt +xpack.security.http.ssl.certificate_authorities: ca.crt +xpack.security.http.ssl.verification_mode: certificate +xpack.security.http.ssl.client_authentication: optional +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.key: elasticsearch.key +xpack.security.transport.ssl.certificate: elasticsearch.crt +xpack.security.transport.ssl.certificate_authorities: ca.crt +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.client_authentication: optional + +# ROR SSL +#xpack.security.enabled: false +#http.type: ssl_netty4 +#readonlyrest.ssl.enable: true +#readonlyrest.ssl.keystore_file: "ror-keystore.jks" +#readonlyrest.ssl.keystore_pass: readonlyrest +#readonlyrest.ssl.key_pass: readonlyrest +#transport.type: ror_ssl_internode +#readonlyrest.ssl_internode.enable: true +#readonlyrest.ssl_internode.keystore_file: "ror-keystore.jks" +#readonlyrest.ssl_internode.keystore_pass: readonlyrest +#readonlyrest.ssl_internode.key_pass: readonlyrest diff --git a/coolify-demo/conf/es/readonlyrest.yml b/coolify-demo/conf/es/readonlyrest.yml new file mode 100644 index 0000000..849dd87 --- /dev/null +++ b/coolify-demo/conf/es/readonlyrest.yml @@ -0,0 +1,76 @@ +readonlyrest: + + audit: + enabled: true + outputs: [index] + + access_control_rules: + + - name: "KIBANA" + type: allow + auth_key: kibana:kibana + verbosity: error + + - name: "Admins" + groups: [Administrators] + kibana: + access: admin + + - name: "End users" + groups: ["EndUsers"] + indices: ["*-frontend-*", "kibana_sample_data_*"] + kibana: + index: .kibana_end_@{user} + access: rw + hide_apps: ["Security", "Observability"] + + - name: "Business users" + groups: ["BusinessUsers"] + indices: ["*-business-*", "kibana_sample_data_*"] + kibana: + index: .kibana_business_@{user} + access: ro + hide_apps: ["Security", "Observability"] + + users: + - username: admin + auth_key: admin:admin + groups: + - id: "Administrators" + name: "Administrators" + - id: "EndUsers" + name: "End Users" + - id: "BusinessUsers" + name: "Business Users" + + - username: user1 + auth_key: user1:test + groups: + - id: "EndUsers" + name: "End Users" + - id: "BusinessUsers" + name: "Business Users" + + - username: user2 + auth_key: user2:test + groups: + - id: "EndUsers" + name: "End Users" + + - username: "*" + ror_kbn_auth: + name: "kbn1" + groups: ["*"] + groups: + - local_group: + id: "EndUsers" + name: "End Users" + external_group_ids: [ "extEndUsers" ] + - local_group: + id: "BusinessUsers" + name: "Business Users" + external_group_ids: [ "extBusinessUsers" ] + + ror_kbn: + - name: kbn1 + signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" diff --git a/coolify-demo/conf/kbn/kibana.yml b/coolify-demo/conf/kbn/kibana.yml new file mode 100644 index 0000000..950d128 --- /dev/null +++ b/coolify-demo/conf/kbn/kibana.yml @@ -0,0 +1,13 @@ +server.name: kibana-ror +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +server.ssl.enabled: false + +xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" + +readonlyrest_kbn.logLevel: info +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index bbdce2d..231cce3 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -4,11 +4,11 @@ services: container_name: es-ror env_file: ".env" build: - context: ../ror-demo-cluster - dockerfile: images/es/Dockerfile-use-ror-binaries-from-api + context: . + dockerfile: images/es/Dockerfile args: ES_VERSION: ${ES_VERSION:-9.0.1} - ROR_VERSION: ${ROR_ES_VERSION:-1.64.1} + ROR_ES_VERSION: ${ROR_ES_VERSION:-1.64.1} ports: - "19200:9200" - "19300:9300" @@ -19,7 +19,6 @@ services: - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5000" - - ES_VERSION=${ES_VERSION:-9.0.1} healthcheck: test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "https://localhost:9200/_cluster/health" ] interval: 10s @@ -35,12 +34,11 @@ services: container_name: kbn-ror env_file: ".env" build: - context: .. - dockerfile: coolify-demo/Dockerfile-KBN-noSSL + context: . + dockerfile: images/kbn/Dockerfile args: KBN_VERSION: ${KBN_VERSION:-9.0.1} - ROR_VERSION: ${ROR_KBN_VERSION:-1.64.1} - ROR_LICENSE_EDITION: ${ROR_LICENSE_EDITION:-ENT} + ROR_KBN_VERSION: ${ROR_KBN_VERSION:-1.64.1} depends_on: es-ror: condition: service_healthy @@ -50,7 +48,7 @@ services: ELASTICSEARCH_HOSTS: https://es-ror:9200 ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY healthcheck: - test: [ "CMD", "curl", "-fk", "-u", "admin:admin", "http://localhost:5601/api/features" ] + test: [ "CMD", "curl", "-k", "--fail", "-u", "kibana:kibana", "https://localhost:5601/api/status" ] interval: 10s timeout: 10s retries: 30 @@ -63,7 +61,7 @@ services: initializer: container_name: initializer build: - context: ../ror-demo-cluster + context: . dockerfile: images/cluster-initializer/Dockerfile depends_on: es-ror: @@ -81,4 +79,4 @@ services: retries: 30 start_period: 60s volumes: - - ../ror-demo-cluster/init-scripts:/scripts:ro + - ./init-scripts:/scripts:ro diff --git a/coolify-demo/images/cluster-initializer/Dockerfile b/coolify-demo/images/cluster-initializer/Dockerfile new file mode 100644 index 0000000..8fa968f --- /dev/null +++ b/coolify-demo/images/cluster-initializer/Dockerfile @@ -0,0 +1,9 @@ +FROM ubuntu:24.04 + +COPY images/cluster-initializer/entrypoint.sh /entrypoint.sh + +RUN apt-get update --fix-missing && \ + apt-get install -y jq curl && \ + rm -rf /var/lib/apt/lists/* + +ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file diff --git a/coolify-demo/images/cluster-initializer/entrypoint.sh b/coolify-demo/images/cluster-initializer/entrypoint.sh new file mode 100644 index 0000000..c3277df --- /dev/null +++ b/coolify-demo/images/cluster-initializer/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash -e + +cd /scripts + +for script in *.sh; do + if [ -f "$script" ]; then + echo "Running $script..." + bash "$script" + echo "--------------------------------" + fi +done + +touch /tmp/init_done +tail -f /dev/null diff --git a/coolify-demo/images/es/Dockerfile b/coolify-demo/images/es/Dockerfile new file mode 100644 index 0000000..753333e --- /dev/null +++ b/coolify-demo/images/es/Dockerfile @@ -0,0 +1,15 @@ +ARG ES_VERSION="please_set_ES_VERSION_arg" +ARG ROR_ES_VERSION="please_set_ROR_ES_VERSION_arg" + +FROM beshultd/elasticsearch-readonlyrest:${ES_VERSION}-ror-${ROR_ES_VERSION} + +USER root +COPY conf/es/readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml +COPY conf/es/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml +COPY conf/es/ca.crt /usr/share/elasticsearch/config/ca.crt +COPY conf/es/elasticsearch.crt /usr/share/elasticsearch/config/elasticsearch.crt +COPY conf/es/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key +RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config + +USER elasticsearch +ENV I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes diff --git a/coolify-demo/images/kbn/Dockerfile b/coolify-demo/images/kbn/Dockerfile new file mode 100644 index 0000000..b98abb9 --- /dev/null +++ b/coolify-demo/images/kbn/Dockerfile @@ -0,0 +1,12 @@ +ARG KBN_VERSION="please_set_KBN_VERSION_arg" +ARG ROR_KBN_VERSION="please_set_ROR_KBN_VERSION_arg" + +FROM beshultd/kibana-readonlyrest:${KBN_VERSION}-ror-${ROR_KBN_VERSION} + +USER root +COPY conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml +RUN chown -R kibana:kibana /usr/share/kibana/config \ + && chmod 664 /usr/share/kibana/config/kibana.yml + +USER kibana +ENV I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes diff --git a/coolify-demo/init-scripts/init.sh b/coolify-demo/init-scripts/init.sh new file mode 100644 index 0000000..545d6ee --- /dev/null +++ b/coolify-demo/init-scripts/init.sh @@ -0,0 +1,13 @@ +#!/bin/bash -ex + +set -o pipefail + +cd "$(dirname "$0")" + +source utils/lib.sh + +createDataStream "logs-frontend-dev" && generate_log_documents 100 | putDocument "logs-frontend-dev" +createDataStream "logs-business-dev" && generate_log_documents 100 | putDocument "logs-business-dev" +createDataStream "logs-system-dev" && generate_log_documents 100 | putDocument "logs-system-dev" + +createIndex "data-business-index" && generate_log_documents 100 | putDocument "data-business-index" \ No newline at end of file diff --git a/coolify-demo/init-scripts/utils/lib.sh b/coolify-demo/init-scripts/utils/lib.sh new file mode 100644 index 0000000..bde4c3a --- /dev/null +++ b/coolify-demo/init-scripts/utils/lib.sh @@ -0,0 +1,173 @@ +#!/bin/bash -ex + +function pick_randomly() { + local OPTIONS=("$@") + local COUNT=${#OPTIONS[@]} + local RANDOM_INDEX=$((RANDOM % COUNT)) + echo "${OPTIONS[$RANDOM_INDEX]}" +} + +function createIndex() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One parameter required: 1) index name" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + INDEX_NAME=$1 + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \ + -H "Content-Type: application/json" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create index [$INDEX_NAME]. HTTP status: $http_status, response body: $response_body" + return 5 + fi + + return 0 +} + +function createDataStream() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One parameter required: 1) data stream name" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + STREAM_NAME=$1 + TEMPLATE_NAME="${STREAM_NAME}-template" + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/_index_template/$TEMPLATE_NAME" \ + -H "Content-Type: application/json" -d "{ + \"index_patterns\": [\"$STREAM_NAME\"], + \"data_stream\": {}, + \"priority\": 500 + }" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create index template for data stream [$STREAM_NAME]. HTTP status: $http_status, response body: $response_body" + return 5 + fi + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X PUT "$ELASTICSEARCH_ADDRESS/_data_stream/$STREAM_NAME" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]]; then + echo "ERROR: Cannot create data stream [$STREAM_NAME]. HTTP status: $http_status, response body: $response_body" + return 6 + fi + + return 0 +} + +function putDocument() { + if [ "$#" -lt 1 ] || [ "$#" -gt 2 ]; then + echo "ERROR: Required: 1) index name, optionally 2) document JSON string (or via stdin)" + return 1 + fi + + if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then + echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" + exit 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + exit 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + exit 4 + fi + + INDEX_NAME=$1 + + if [ "$#" -eq 2 ]; then + putSingleDocument "$INDEX_NAME" "$2" + else + while IFS= read -r DOCUMENT_CONTENT; do + putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT" || return $? + done + fi +} + +function putSingleDocument() { + INDEX_NAME=$1 + DOCUMENT_CONTENT=$2 + + response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER":"$ELASTICSEARCH_PASSWORD" \ + -X POST "$ELASTICSEARCH_ADDRESS/$INDEX_NAME/_doc/" \ + -H "Content-Type: application/json" -d "$DOCUMENT_CONTENT" + ) + + http_status=$(echo "$response" | tail -n 1) + response_body=$(echo "$response" | sed \$d) + + if [[ "$http_status" != 2* ]] ; then + echo "ERROR: Cannot add document [$DOCUMENT_CONTENT] to index=[$INDEX_NAME].\nHTTP status: $http_status, response body: $response_body" + return 5 + fi + + return 0 +} + +function generate_log_documents() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One required: 1) number of documents to generate" + return 1 + fi + + N=$1 + + for ((i = 1; i <= N; i++)); do + user_id=$((RANDOM % 10000 + 1)) + timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + log_message="User $user_id login successful" + level="$(pick_randomly "INFO" "WARN" "ERROR" "DEBUG")" + + echo "{ \"message\": \"$log_message\", \"level\": \"$level\", \"@timestamp\": \"$timestamp\", \"user_id\": \"$user_id\" }" + done +} \ No newline at end of file From 622a627b4fc0ce32f6e22fefb3a120e940851e4b Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 14:57:27 +0700 Subject: [PATCH 16/23] fix: changes requested during the code review --- ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml | 1 - ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml | 1 - ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml | 1 - ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml | 1 - 4 files changed, 4 deletions(-) diff --git a/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml index f6d114c..5f396db 100644 --- a/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml @@ -12,7 +12,6 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" readonlyrest_kbn.logLevel: info diff --git a/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml index 324088d..420783d 100644 --- a/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml @@ -12,7 +12,6 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" readonlyrest_kbn.logLevel: info diff --git a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml index 324088d..420783d 100644 --- a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml @@ -12,7 +12,6 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" readonlyrest_kbn.logLevel: info diff --git a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml index 8728af8..497d712 100644 --- a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml @@ -13,5 +13,4 @@ server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 xpack.security.enabled: false -# https://github.com/beshu-tech/ror-sandbox/pull/54#issuecomment-4558651986 xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key" \ No newline at end of file From 835450a32d707ff0d58d50853ecbd47c0498df4a Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 15:39:17 +0700 Subject: [PATCH 17/23] fix: correct env var name for ROR ES/KBN patching ack --- coolify-demo/images/es/Dockerfile | 2 +- coolify-demo/images/kbn/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/coolify-demo/images/es/Dockerfile b/coolify-demo/images/es/Dockerfile index 753333e..eec6eb2 100644 --- a/coolify-demo/images/es/Dockerfile +++ b/coolify-demo/images/es/Dockerfile @@ -12,4 +12,4 @@ COPY conf/es/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config USER elasticsearch -ENV I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes +ENV I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes diff --git a/coolify-demo/images/kbn/Dockerfile b/coolify-demo/images/kbn/Dockerfile index b98abb9..dfe0669 100644 --- a/coolify-demo/images/kbn/Dockerfile +++ b/coolify-demo/images/kbn/Dockerfile @@ -9,4 +9,4 @@ RUN chown -R kibana:kibana /usr/share/kibana/config \ && chmod 664 /usr/share/kibana/config/kibana.yml USER kibana -ENV I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +ENV I_UNDERSTAND_IMPLICATION_OF_KBN_PATCHING=yes From 42889bb378e980623c098c50f6328cd32dd6efd4 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 16:08:02 +0700 Subject: [PATCH 18/23] =?UTF-8?q?fix:=20don't=20switch=20to=20ES/KBN=20use?= =?UTF-8?q?r=20=E2=80=94=20entrypoint=20needs=20root=20to=20patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- coolify-demo/images/es/Dockerfile | 2 +- coolify-demo/images/kbn/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/coolify-demo/images/es/Dockerfile b/coolify-demo/images/es/Dockerfile index eec6eb2..2bbdf75 100644 --- a/coolify-demo/images/es/Dockerfile +++ b/coolify-demo/images/es/Dockerfile @@ -11,5 +11,5 @@ COPY conf/es/elasticsearch.crt /usr/share/elasticsearch/config/elasticsearch.crt COPY conf/es/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config -USER elasticsearch ENV I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes +# stay as root — official image's entrypoint patches ES then drops to elasticsearch user diff --git a/coolify-demo/images/kbn/Dockerfile b/coolify-demo/images/kbn/Dockerfile index dfe0669..cf61564 100644 --- a/coolify-demo/images/kbn/Dockerfile +++ b/coolify-demo/images/kbn/Dockerfile @@ -8,5 +8,5 @@ COPY conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml RUN chown -R kibana:kibana /usr/share/kibana/config \ && chmod 664 /usr/share/kibana/config/kibana.yml -USER kibana ENV I_UNDERSTAND_IMPLICATION_OF_KBN_PATCHING=yes +# stay as root — official image's entrypoint patches Kibana then drops to kibana user From fa9008c29424e6f247a6c1c785ccd37487744379 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 16:22:19 +0700 Subject: [PATCH 19/23] fix: kbn-ror healthcheck uses http (server.ssl.enabled=false in kibana.yml) --- coolify-demo/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/docker-compose.yaml b/coolify-demo/docker-compose.yaml index 231cce3..e265b1d 100644 --- a/coolify-demo/docker-compose.yaml +++ b/coolify-demo/docker-compose.yaml @@ -48,7 +48,7 @@ services: ELASTICSEARCH_HOSTS: https://es-ror:9200 ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY healthcheck: - test: [ "CMD", "curl", "-k", "--fail", "-u", "kibana:kibana", "https://localhost:5601/api/status" ] + test: [ "CMD", "curl", "--fail", "-u", "kibana:kibana", "http://localhost:5601/api/status" ] interval: 10s timeout: 10s retries: 30 From 9ce4112dbd98f93e56ceba6e29822e206306102d Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 16:28:26 +0700 Subject: [PATCH 20/23] fix: ensure initializer entrypoint is executable --- coolify-demo/images/cluster-initializer/Dockerfile | 5 +++-- coolify-demo/images/cluster-initializer/entrypoint.sh | 0 2 files changed, 3 insertions(+), 2 deletions(-) mode change 100644 => 100755 coolify-demo/images/cluster-initializer/entrypoint.sh diff --git a/coolify-demo/images/cluster-initializer/Dockerfile b/coolify-demo/images/cluster-initializer/Dockerfile index 8fa968f..f93a723 100644 --- a/coolify-demo/images/cluster-initializer/Dockerfile +++ b/coolify-demo/images/cluster-initializer/Dockerfile @@ -2,8 +2,9 @@ FROM ubuntu:24.04 COPY images/cluster-initializer/entrypoint.sh /entrypoint.sh -RUN apt-get update --fix-missing && \ +RUN chmod +x /entrypoint.sh && \ + apt-get update --fix-missing && \ apt-get install -y jq curl && \ - rm -rf /var/lib/apt/lists/* + rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file diff --git a/coolify-demo/images/cluster-initializer/entrypoint.sh b/coolify-demo/images/cluster-initializer/entrypoint.sh old mode 100644 new mode 100755 From f2a598ee44e8b161929df8b0af5fd919c2f51955 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 17:09:06 +0700 Subject: [PATCH 21/23] fix: kbn-ror patching env var name for ROR 1.69.x --- coolify-demo/images/kbn/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/images/kbn/Dockerfile b/coolify-demo/images/kbn/Dockerfile index cf61564..abcf237 100644 --- a/coolify-demo/images/kbn/Dockerfile +++ b/coolify-demo/images/kbn/Dockerfile @@ -8,5 +8,5 @@ COPY conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml RUN chown -R kibana:kibana /usr/share/kibana/config \ && chmod 664 /usr/share/kibana/config/kibana.yml -ENV I_UNDERSTAND_IMPLICATION_OF_KBN_PATCHING=yes +ENV I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes # stay as root — official image's entrypoint patches Kibana then drops to kibana user From 9a05791bafe0efce908e2dd5eafcd08fc567779a Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 17:35:11 +0700 Subject: [PATCH 22/23] =?UTF-8?q?chore:=20drop=20ror=5Fkbn=20external=20au?= =?UTF-8?q?th=20block=20=E2=80=94=20no=20SSO=20in=20coolify-demo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- coolify-demo/conf/es/readonlyrest.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/coolify-demo/conf/es/readonlyrest.yml b/coolify-demo/conf/es/readonlyrest.yml index 849dd87..b758e21 100644 --- a/coolify-demo/conf/es/readonlyrest.yml +++ b/coolify-demo/conf/es/readonlyrest.yml @@ -56,21 +56,3 @@ readonlyrest: groups: - id: "EndUsers" name: "End Users" - - - username: "*" - ror_kbn_auth: - name: "kbn1" - groups: ["*"] - groups: - - local_group: - id: "EndUsers" - name: "End Users" - external_group_ids: [ "extEndUsers" ] - - local_group: - id: "BusinessUsers" - name: "Business Users" - external_group_ids: [ "extBusinessUsers" ] - - ror_kbn: - - name: kbn1 - signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" From 959107523fa214bd7bb12ae60b9a455686c58c52 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Thu, 28 May 2026 17:47:30 +0700 Subject: [PATCH 23/23] chore: ES patching env var name matches KBN + e2e convention --- coolify-demo/images/es/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coolify-demo/images/es/Dockerfile b/coolify-demo/images/es/Dockerfile index 2bbdf75..7d338aa 100644 --- a/coolify-demo/images/es/Dockerfile +++ b/coolify-demo/images/es/Dockerfile @@ -11,5 +11,5 @@ COPY conf/es/elasticsearch.crt /usr/share/elasticsearch/config/elasticsearch.crt COPY conf/es/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config -ENV I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes +ENV I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes # stay as root — official image's entrypoint patches ES then drops to elasticsearch user