feat: make execution of 'setup' container manual

Closes #798
2023-05-03 18:10:54 +02:00 · 2023-05-03 18:10:54 +02:00 · 43716a84ad
parent 41204d822d
commit 43716a84ad
7 changed files with 18 additions and 53 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -64,7 +64,9 @@ jobs:
      ##########################################################
      - name:  Run the stack
-        run: docker compose up -d
+        run: |
          docker compose up setup
          docker compose up -d
      - name: Execute core test suite
        run: .github/workflows/scripts/run-tests-core.sh
--- a/README.md
+++ b/README.md
@ -91,14 +91,9 @@ own_. [sherifabdlnaby/elastdocker][elastdocker] is one example among others of p
 ### Host setup
 * [Docker Engine][docker-install] version **18.06.0** or newer
-* [Docker Compose][compose-install] version **1.26.0** or newer (including [Compose V2][compose-v2])
+* [Docker Compose][compose-install] version **1.28.0** or newer (including [Compose V2][compose-v2])
 * 1.5 GB of RAM
 > **Warning**  
 > While Compose versions between **1.22.0** and **1.25.5** can technically run this stack as well, these versions have a
 > [known issue](https://github.com/deviantony/docker-elk/pull/678#issuecomment-1055555368) which prevents them from
 > parsing quoted values properly inside `.env` files.
 > **Note**  
 > Especially on Linux, make sure your user has the [required permissions][linux-postinstall] to interact with the Docker
 > daemon.
@ -357,21 +352,10 @@ Follow the instructions from the Wiki: [Scaling out Elasticsearch](https://githu
 ### How to re-execute the setup
 To run the setup container again and re-initialize all users for which a password was defined inside the `.env` file,
-delete its volume and "up" the `setup` Compose service again manually:
+simply "up" the `setup` Compose service again:
 ```console
 $ docker-compose rm -f setup
 ⠿ Container docker-elk-setup-1  Removed
 ```
 ```console
 $ docker volume rm docker-elk_setup
 docker-elk_setup
 ```
 ```console
 $ docker-compose up setup
 ⠿ Volume "docker-elk_setup"             Created
 ⠿ Container docker-elk-elasticsearch-1  Running
 ⠿ Container docker-elk-setup-1          Created
 Attaching to docker-elk-setup-1
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,12 +4,21 @@ services:
  # The 'setup' service runs a one-off script which initializes users inside
  # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
-  # values of the passwords defined in the '.env' file.
+  # values of the passwords defined in the '.env' file. It also creates the
  # roles required by some of these users.
  #
-  # This task is only performed during the *initial* startup of the stack. On all
+  # This task only needs to be performed once, during the *initial* startup of
-  # subsequent runs, the service simply returns immediately, without performing
+  # the stack. Any subsequent run will reset the passwords of existing users to
-  # any modification to existing users.
+  # the values defined inside the '.env' file, and the built-in roles to their
  # default permissions.
  #
  # By default, it is excluded from the services started by 'docker compose up'
  # due to the non-default profile it belongs to. To run it, either provide the
  # '--profile=setup' CLI flag to Compose commands, or "up" the service by name
  # such as 'docker compose up setup'.
  setup:
    profiles:
      - setup
    build:
      context: setup/
      args:
@ -19,7 +28,6 @@ services:
      - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
      - ./setup/lib.sh:/lib.sh:ro,Z
      - ./setup/roles:/roles:ro,Z
      - setup:/state:Z
    environment:
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
@ -103,5 +111,4 @@ networks:
    driver: bridge
 volumes:
  setup:
  elasticsearch:
--- a/setup/.dockerignore
+++ b/setup/.dockerignore
@ -7,6 +7,3 @@ Dockerfile
 # Ignore Git files
 .gitignore
 # Ignore setup state
 state/
--- a/setup/.gitignore
+++ b/setup/.gitignore
@ -1 +0,0 @@
 /state/
--- a/setup/Dockerfile
+++ b/setup/Dockerfile
@ -3,13 +3,4 @@ ARG ELASTIC_VERSION
 # https://www.docker.elastic.co/
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
 USER root
 RUN set -eux; \
 	mkdir /state; \
 	chmod 0775 /state; \
 	chown elasticsearch:root /state
 USER elasticsearch:root
 ENTRYPOINT ["/entrypoint.sh"]
--- a/setup/entrypoint.sh
+++ b/setup/entrypoint.sh
@ -43,18 +43,6 @@ roles_files=(
 # --------------------------------------------------------
 echo "-------- $(date --rfc-3339=seconds) --------"
 state_file="${BASH_SOURCE[0]%/*}"/state/.done
 if [[ -e "$state_file" ]]; then
 	declare state_birthtime
 	state_birthtime="$(stat -c '%Y' "$state_file")"
 	state_birthtime="$(date --rfc-3339=seconds --date="@${state_birthtime}")"
 	log "Setup has already run successfully on ${state_birthtime}. Skipping"
 	exit 0
 fi
 log 'Waiting for availability of Elasticsearch. This can take several minutes.'
 declare -i exit_code=0
@ -129,6 +117,3 @@ for user in "${!users_passwords[@]}"; do
 		create_user "$user" "${users_passwords[$user]}" "${users_roles[$user]}"
 	fi
 done
 mkdir -p "${state_file%/*}"
 touch "$state_file"