feat: make execution of 'setup' container manual

Closes #798
2023-05-03 18:10:54 +02:00 · 2023-05-03 18:10:54 +02:00 · 43716a84ad
parent 41204d822d
commit 43716a84ad
7 changed files with 18 additions and 53 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -64,7 +64,9 @@ jobs:
      ##########################################################

      - name:  Run the stack
-        run: docker compose up -d
+        run: |
+          docker compose up setup
+          docker compose up -d

      - name: Execute core test suite
        run: .github/workflows/scripts/run-tests-core.sh
--- a/README.md
+++ b/README.md
@ -91,14 +91,9 @@ own_. [sherifabdlnaby/elastdocker][elastdocker] is one example among others of p
 ### Host setup

 * [Docker Engine][docker-install] version **18.06.0** or newer
-* [Docker Compose][compose-install] version **1.26.0** or newer (including [Compose V2][compose-v2])
+* [Docker Compose][compose-install] version **1.28.0** or newer (including [Compose V2][compose-v2])
 * 1.5 GB of RAM

-> **Warning**  
-> While Compose versions between **1.22.0** and **1.25.5** can technically run this stack as well, these versions have a
-> [known issue](https://github.com/deviantony/docker-elk/pull/678#issuecomment-1055555368) which prevents them from
-> parsing quoted values properly inside `.env` files.
-
 > **Note**  
 > Especially on Linux, make sure your user has the [required permissions][linux-postinstall] to interact with the Docker
 > daemon.
@ -357,21 +352,10 @@ Follow the instructions from the Wiki: [Scaling out Elasticsearch](https://githu
 ### How to re-execute the setup

 To run the setup container again and re-initialize all users for which a password was defined inside the `.env` file,
-delete its volume and "up" the `setup` Compose service again manually:
-
-```console
-$ docker-compose rm -f setup
- ⠿ Container docker-elk-setup-1  Removed
-```
-
-```console
-$ docker volume rm docker-elk_setup
-docker-elk_setup
-```
+simply "up" the `setup` Compose service again:

 ```console
 $ docker-compose up setup
- ⠿ Volume "docker-elk_setup"             Created
 ⠿ Container docker-elk-elasticsearch-1  Running
 ⠿ Container docker-elk-setup-1          Created
 Attaching to docker-elk-setup-1
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,12 +4,21 @@ services:

  # The 'setup' service runs a one-off script which initializes users inside
  # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
-  # values of the passwords defined in the '.env' file.
+  # values of the passwords defined in the '.env' file. It also creates the
+  # roles required by some of these users.
  #
-  # This task is only performed during the *initial* startup of the stack. On all
-  # subsequent runs, the service simply returns immediately, without performing
-  # any modification to existing users.
+  # This task only needs to be performed once, during the *initial* startup of
+  # the stack. Any subsequent run will reset the passwords of existing users to
+  # the values defined inside the '.env' file, and the built-in roles to their
+  # default permissions.
+  #
+  # By default, it is excluded from the services started by 'docker compose up'
+  # due to the non-default profile it belongs to. To run it, either provide the
+  # '--profile=setup' CLI flag to Compose commands, or "up" the service by name
+  # such as 'docker compose up setup'.
  setup:
+    profiles:
+      - setup
    build:
      context: setup/
      args:
@ -19,7 +28,6 @@ services:
      - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
      - ./setup/lib.sh:/lib.sh:ro,Z
      - ./setup/roles:/roles:ro,Z
-      - setup:/state:Z
    environment:
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
@ -103,5 +111,4 @@ networks:
    driver: bridge

 volumes:
-  setup:
  elasticsearch:
--- a/setup/.dockerignore
+++ b/setup/.dockerignore
@ -7,6 +7,3 @@ Dockerfile

 # Ignore Git files
 .gitignore
-
-# Ignore setup state
-state/
--- a/setup/.gitignore
+++ b/setup/.gitignore
@ -1 +0,0 @@
-/state/
--- a/setup/Dockerfile
+++ b/setup/Dockerfile
@ -3,13 +3,4 @@ ARG ELASTIC_VERSION
 # https://www.docker.elastic.co/
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}

-USER root
-
-RUN set -eux; \
-	mkdir /state; \
-	chmod 0775 /state; \
-	chown elasticsearch:root /state
-
-USER elasticsearch:root
-
 ENTRYPOINT ["/entrypoint.sh"]
--- a/setup/entrypoint.sh
+++ b/setup/entrypoint.sh
@ -43,18 +43,6 @@ roles_files=(
 # --------------------------------------------------------


-echo "-------- $(date --rfc-3339=seconds) --------"
-
-state_file="${BASH_SOURCE[0]%/*}"/state/.done
-if [[ -e "$state_file" ]]; then
-	declare state_birthtime
-	state_birthtime="$(stat -c '%Y' "$state_file")"
-	state_birthtime="$(date --rfc-3339=seconds --date="@${state_birthtime}")"
-
-	log "Setup has already run successfully on ${state_birthtime}. Skipping"
-	exit 0
-fi
-
 log 'Waiting for availability of Elasticsearch. This can take several minutes.'

 declare -i exit_code=0
@ -129,6 +117,3 @@ for user in "${!users_passwords[@]}"; do
 		create_user "$user" "${users_passwords[$user]}" "${users_roles[$user]}"
 	fi
 done
-
-mkdir -p "${state_file%/*}"
-touch "$state_file"