WIP 4

2024-03-17 12:58:25 +01:00 · 2024-03-17 12:58:25 +01:00 · b8c6e893ff
commit b8c6e893ff
parent f62c9f064d
43 changed files with 4721 additions and 1807 deletions
--- a/docker/compose/postgresql.yml
+++ b/docker/compose/postgresql.yml
@ -1,8 +1,24 @@
 version: "3.4"

-x-metamigo-vars:
-  &common-metamigo-variables
-  DATABASE_HOST: "metamigo-postgresql"
+x-global-vars: &common-global-variables
+  TZ: Etc/UTC
+
+x-zammad-vars: &common-zammad-variables
+  MEMCACHE_SERVERS: "zammad-memcached:11211"
+  REDIS_URL: "redis://zammad-redis:6379"
+  POSTGRESQL_HOST: "postgresql"
+  POSTGRESQL_PORT: "5432"
+  POSTGRESQL_USER: "zammad"
+  POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
+  POSTGRESQL_DB: "zammad_production"
+  ELASTICSEARCH_HOST: ${OPENSEARCH_HOST}
+  ELASTICSEARCH_USER: ${OPENSEARCH_USER}
+  ELASTICSEARCH_PASS: ${OPENSEARCH_PASS}
+  ELASTICSEARCH_SSL_VERIFY: false # this doesn't set es_ssl_verify as expected, but ideally it would
+  ELASTICSEARCH_SCHEMA: "https"
+
+x-metamigo-vars: &common-metamigo-variables
+  DATABASE_HOST: "postgresql"
  DATABASE_NAME: "metamigo"
  DATABASE_ROOT_OWNER: "root"
  DATABASE_ROOT_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
@ -32,22 +48,34 @@ x-metamigo-vars:
  SIGNALD_SOCKET: /signald/signald.sock

 services:
-  metamigo-postgresql:
+  postgresql:
+    container_name: postgresql
+    environment:
+      <<:
+        [
+          *common-global-variables,
+          *common-zammad-variables,
+          *common-metamigo-variables,
+        ]
+      POSTGRES_USER: zammad
+      POSTGRES_PASSWORD: ${ZAMMAD_DATABASE_PASSWORD}
    build: ../postgresql
    image: registry.gitlab.com/digiresilience/link/link-stack/postgresql:${LINK_STACK_VERSION}
-    container_name: metamigo-postgresql
    restart: ${RESTART}
-    volumes:
-      - metamigo-data:/var/lib/postgresql/data
-      - ./scripts/bootstrap-metamigo.sh:/docker-entrypoint-initdb.d/bootstrap-metamigo.sh
-    environment:
-      <<: *common-metamigo-variables
-      POSTGRES_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
-      POSTGRES_USER: "root"
-      POSTGRES_DB: "metamigo"
    ports:
-      - 127.0.0.1:5433:5432
+      - 5432:5432
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data
+
+#    volumes:
+#     - metamigo-data:/var/lib/postgresql/data
+#     - ./scripts/bootstrap-metamigo.sh:/docker-entrypoint-initdb.d/bootstrap-metamigo.sh
+#environment:
+# <<: *common-metamigo-variables
+# POSTGRES_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
+#  POSTGRES_USER: "root"
+# POSTGRES_DB: "metamigo"

 volumes:
-  metamigo-data:
+  postgresql-data:
    driver: local
--- a/docker/compose/zammad.yml
+++ b/docker/compose/zammad.yml
@ -1,21 +1,19 @@
 version: "3.4"

-x-global-vars:
-  &common-global-variables
+x-global-vars: &common-global-variables
  TZ: Etc/UTC

-x-zammad-vars:
-  &common-zammad-variables
+x-zammad-vars: &common-zammad-variables
  MEMCACHE_SERVERS: "zammad-memcached:11211"
  REDIS_URL: "redis://zammad-redis:6379"
-  POSTGRESQL_HOST: "zammad-postgresql"
+  POSTGRESQL_HOST: "postgresql"
  POSTGRESQL_PORT: "5432"
  POSTGRESQL_USER: "zammad"
  POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
  POSTGRESQL_DB: "zammad_production"
  ELASTICSEARCH_HOST: ${OPENSEARCH_HOST}
  ELASTICSEARCH_USER: ${OPENSEARCH_USER}
-  ELASTICSEARCH_PASS: ${OPENSEARCH_PASS}
+  ELASTICSEARCH_PASS: ${OPENSEARCH_ADMIN_PASSWORD}
  ELASTICSEARCH_SSL_VERIFY: false # this doesn't set es_ssl_verify as expected, but ideally it would
  ELASTICSEARCH_SCHEMA: "https"

@ -23,11 +21,11 @@ services:
  zammad-init:
    platform: linux/x86_64
    container_name: zammad-init
-    command: [ "zammad-init" ]
+    command: ["zammad-init"]
    depends_on:
-      - zammad-postgresql
+      - postgresql
    environment:
-      <<: [ *common-zammad-variables, *common-global-variables ]
+      <<: [*common-zammad-variables, *common-global-variables]
      POSTGRESQL_USER: zammad
      POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
    build:
@ -53,7 +51,7 @@ services:
  zammad-nginx:
    platform: linux/x86_64
    container_name: zammad-nginx
-    command: [ "zammad-nginx" ]
+    command: ["zammad-nginx"]
    expose:
      - "8080"
    ports:
@ -75,30 +73,16 @@ services:
      - zammad-config-nginx:/etc/nginx/sites-enabled:ro
      - zammad-var:/opt/zammad/var:ro

-  zammad-postgresql:
-    container_name: zammad-postgresql
-    environment:
-      <<: [ *common-global-variables, *common-zammad-variables ]
-      POSTGRES_USER: zammad
-      POSTGRES_PASSWORD: ${ZAMMAD_DATABASE_PASSWORD}
-    build: ../postgresql
-    image: registry.gitlab.com/digiresilience/link/link-stack/postgresql:${LINK_STACK_VERSION}
-    restart: ${RESTART}
-    ports:
-      - 5432:5432
-    volumes:
-      - postgresql-data:/var/lib/postgresql/data
-
  zammad-railsserver:
    platform: linux/x86_64
    container_name: zammad-railsserver
-    command: [ "zammad-railsserver" ]
+    command: ["zammad-railsserver"]
    depends_on:
      - zammad-memcached
-      - zammad-postgresql
      - zammad-redis
+      - postgresql
    environment:
-      <<: [ *common-global-variables, *common-zammad-variables ]
+      <<: [*common-global-variables, *common-zammad-variables]
      RAILS_RELATIVE_URL_ROOT: /zammad
    build:
      context: ../zammad
@ -123,13 +107,13 @@ services:
  zammad-scheduler:
    platform: linux/x86_64
    container_name: zammad-scheduler
-    command: [ "zammad-scheduler" ]
+    command: ["zammad-scheduler"]
    depends_on:
      - zammad-memcached
      - zammad-railsserver
      - zammad-redis
    environment:
-      <<: [ *common-global-variables, *common-zammad-variables ]
+      <<: [*common-global-variables, *common-zammad-variables]
    build:
      context: ../zammad
      args:
@ -143,13 +127,13 @@ services:
  zammad-websocket:
    platform: linux/x86_64
    container_name: zammad-websocket
-    command: [ "zammad-websocket" ]
+    command: ["zammad-websocket"]
    depends_on:
      - zammad-memcached
      - zammad-railsserver
      - zammad-redis
    environment:
-      <<: [ *common-global-variables, *common-zammad-variables ]
+      <<: [*common-global-variables, *common-zammad-variables]
    build:
      context: ../zammad
      args:
@ -161,10 +145,6 @@ services:
      - zammad-storage:/opt/zammad/storage

 volumes:
-  opensearch-data:
-    driver: local
-  postgresql-data:
-    driver: local
  redis-data:
    driver: local
  zammad-config-nginx:
--- a/docker/opensearch-dashboards/opensearch_dashboards.yml
+++ b/docker/opensearch-dashboards/opensearch_dashboards.yml
@ -2,14 +2,22 @@ opensearch.hosts: [https://opensearch:9200]
 opensearch.ssl.verificationMode: none
 opensearch.username: kibanaserver
 opensearch.password: kibanaserver
-opensearch.requestHeadersAllowlist: ["securitytenant","Authorization","x-forwarded-for","x-proxy-user","x-proxy-roles"]
-opensearch_security.auth.type: "proxy"
-opensearch_security.proxycache.user_header: "x-proxy-user"
-opensearch_security.proxycache.roles_header: "x-proxy-roles"
+opensearch.requestHeadersAllowlist:
+  [
+    "securitytenant",
+    "Authorization",
+    "x-forwarded-for",
+    "x-proxy-user",
+    "x-proxy-roles",
+  ]
+# opensearch_security.auth.type: "proxy"
+# opensearch_security.proxycache.user_header: "x-proxy-user"
+# opensearch_security.proxycache.roles_header: "x-proxy-roles"

 opensearch_security.multitenancy.enabled: true
 opensearch_security.multitenancy.tenants.preferred: [Private, Global]
 opensearch_security.readonly_mode.roles: [kibana_read_only]
-# Use this setting if you are running opensearch-dashboards without https
 opensearch_security.cookie.secure: false
-server.host: '0.0.0.0'
+server.host: "0.0.0.0"
+server.basePath: "/opensearch"
+server.rewriteBasePath: false
--- a/docker/opensearch/config.yml
+++ b/docker/opensearch/config.yml
@ -15,17 +15,17 @@ config:
        description: "Authenticate via HTTP Basic against internal users database"
        http_enabled: true
        transport_enabled: true
-        order: 4
+        order: 0
        http_authenticator:
          type: basic
-          challenge: true
+          challenge: false
        authentication_backend:
          type: intern
      proxy_auth_domain:
        description: "Authenticate via proxy"
        http_enabled: true
        transport_enabled: true
-        order: 0
+        order: 1
        http_authenticator:
          type: proxy
          challenge: false
--- a/docker/scripts/docker.js
+++ b/docker/scripts/docker.js
@ -0,0 +1,30 @@
+const { spawn } = require("child_process");
+
+const app = process.argv[2];
+const command = process.argv[3];
+
+const files = {
+  all: ["zammad", "postgresql", "metamigo", "opensearch", "leafcutter", "link"],
+  linkDev: ["zammad", "postgresql", "opensearch"],
+  link: ["zammad", "postgresql", "opensearch", "link"],
+  leafcutterDev: ["opensearch"],
+  leafcutter: ["opensearch", "leafcutter"],
+  opensearch: ["opensearch"],
+  metamigoDev: ["zammad", "postgresql"],
+  metamigo: ["zammad", "postgresql", "metamigo"],
+  zammad: ["zammad", "postgresql", "opensearch"],
+};
+
+const finalFiles = files[app]
+  .map((file) => ['-f', `docker/compose/${file}.yml`]).flat();
+const finalCommand = command === "up" ? ["up", "-d"] : [command];
+
+const dockerCompose = spawn('docker', ['compose', '--env-file', '.env', ...finalFiles, ...finalCommand]);
+
+dockerCompose.stdout.on('data', (data) => {
+  console.log(`${data}`);
+});
+
+dockerCompose.stderr.on('data', (data) => {
+  console.log(`${data}`);
+});