Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the docker creation scripts and configs #15

Merged
merged 4 commits into from
May 7, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 108 additions & 0 deletions release/docker/build-image.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
#!/bin/bash

# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.
#
# Modifications Copyright OpenSearch Contributors. See
# GitHub history for details.


# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# This script is to automate the docker image creation process of OpenSearch and OpenSearch-Dashboards

set -e

function usage() {
echo ""
echo "This script is used to build the OpenSearch Docker image. It prepares the files required by the Dockerfile in a temporary directory, then builds and tags the Docker image."
echo "--------------------------------------------------------------------------"
echo "Usage: $0 [args]"
echo ""
echo "Required arguments:"
echo -e "-v VERSION\tSpecify the OpenSearch version number that you are building, e.g. '1.0.0' or '1.0.0-beta1'. This will be used to label the Docker image. If you do not use the '-o' option then this tool will download a public OPENSEARCH release matching this version."
echo -e "-f DOCKERFILE\tSpecify the dockerfile full path, e.g. dockerfile/opensearch.al2.dockerfile."
echo -e "-p PRODUCT\tSpecify the product, e.g. opensearch or opensearch-dashboards, make sure this is the name of your config folder and the name of your .tgz defined in dockerfile."
echo ""
echo "Optional arguments:"
echo -e "-o FILENAME\tSpecify a local OPENSEARCH tarball. You still need to specify the version - this tool does not attempt to parse the filename."
echo -e "-h\t\tPrint this message."
echo "--------------------------------------------------------------------------"
}

while getopts ":ho:v:f:p:" arg; do
case $arg in
h)
usage
exit 1
;;
o)
TARBALL=`realpath $OPTARG`
;;
v)
VERSION=$OPTARG
;;
f)
DOCKERFILE=$OPTARG
;;
p)
PRODUCT=$OPTARG
;;
peterzhuamazon marked this conversation as resolved.
Show resolved Hide resolved
:)
echo "-${OPTARG} requires an argument"
usage
exit 1
;;
?)
echo "Invalid option: -${arg}"
exit 1
;;
esac
done

# Validate the required parameters to present
if [ -z "$VERSION" ] || [ -z "$DOCKERFILE" ] || [ -z "$PRODUCT" ]; then
echo "You must specify '-v VERSION', '-f DOCKERFILE', '-p PRODUCT'"
usage
exit 1
else
echo $VERSION $DOCKERFILE $PRODUCT
fi

# Create temp workdirectory
DIR=`mktemp -d`
echo "Creating Docker workspace in $DIR"
trap '{ echo Removing Docker workspace in "$DIR"; rm -rf -- "$DIR"; }' TERM INT EXIT
peterzhuamazon marked this conversation as resolved.
Show resolved Hide resolved

# Copy configs
cp -v config/${PRODUCT}/* $DIR/

# Copy TGZ
if [ -z "$TARBALL" ]; then
# No tarball file specified so download one
URL="https://artifacts.opensearch.org/releases/bundle/${PRODUCT}/${VERSION}/${PRODUCT}-${VERSION}-linux-x64.tar.gz"
peterzhuamazon marked this conversation as resolved.
Show resolved Hide resolved
echo "Downloading ${PRODUCT} version ${VERSION} from ${URL}"
curl -f $URL -o $DIR/$PRODUCT.tgz || exit 1
ls -l $DIR
else
cp -v $TARBALL $DIR/$PRODUCT.tgz
fi

# Docker build
docker build --build-arg VERSION=$VERSION --build-arg BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` -f $DOCKERFILE $DIR -t opensearchproject/$PRODUCT:$VERSION
docker tag opensearchproject/$PRODUCT:$VERSION opensearchproject/$PRODUCT:latest

Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
#!/bin/bash

# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.

#
# Run OpenSearch-Dashboards, using environment variables to
# set longopts defining OpenSearch-Dashboards's configuration.
#
# eg. Setting the environment variable:
#
# OPENSEARCH_STARTUPTIMEOUT=60
#
# will cause OpenSearch-Dashboards to be invoked with:
#
# --opensearch.startupTimeout=60

opensearch_dashboards_vars=(
console.enabled
console.proxyConfig
console.proxyFilter
ops.cGroupOverrides.cpuPath
ops.cGroupOverrides.cpuAcctPath
cpu.cgroup.path.override
cpuacct.cgroup.path.override
csp.rules
csp.strict
csp.warnLegacyBrowsers
opensearch.customHeaders
opensearch.hosts
opensearch.logQueries
opensearch.password
opensearch.pingTimeout
opensearch.requestHeadersWhitelist
opensearch.requestTimeout
opensearch.shardTimeout
opensearch.sniffInterval
opensearch.sniffOnConnectionFault
opensearch.sniffOnStart
opensearch.ssl.alwaysPresentCertificate
opensearch.ssl.certificate
opensearch.ssl.certificateAuthorities
opensearch.ssl.key
opensearch.ssl.keyPassphrase
opensearch.ssl.keystore.path
opensearch.ssl.keystore.password
opensearch.ssl.truststore.path
opensearch.ssl.truststore.password
opensearch.ssl.verificationMode
opensearch.username
i18n.locale
interpreter.enableInVisualize
opensearchDashboards.autocompleteTerminateAfter
opensearchDashboards.autocompleteTimeout
opensearchDashboards.defaultAppId
opensearchDashboards.index
logging.dest
logging.json
logging.quiet
logging.rotate.enabled
logging.rotate.everyBytes
logging.rotate.keepFiles
logging.rotate.pollingInterval
logging.rotate.usePolling
logging.silent
logging.useUTC
logging.verbose
map.includeOpenSearchMapsService
map.proxyOpenSearchMapsServiceInMaps
map.regionmap
map.tilemap.options.attribution
map.tilemap.options.maxZoom
map.tilemap.options.minZoom
map.tilemap.options.subdomains
map.tilemap.url
monitoring.cluster_alerts.email_notifications.email_address
monitoring.enabled
monitoring.opensearchDashboards.collection.enabled
monitoring.opensearchDashboards.collection.interval
monitoring.ui.container.opensearch.enabled
monitoring.ui.container.logstash.enabled
monitoring.ui.opensearch.password
monitoring.ui.opensearch.pingTimeout
monitoring.ui.opensearch.hosts
monitoring.ui.opensearch.username
monitoring.ui.opensearch.logFetchCount
monitoring.ui.opensearch.ssl.certificateAuthorities
monitoring.ui.opensearch.ssl.verificationMode
monitoring.ui.enabled
monitoring.ui.max_bucket_size
monitoring.ui.min_interval_seconds
newsfeed.enabled
ops.interval
path.data
pid.file
regionmap
security.showInsecureClusterWarning
server.basePath
server.customResponseHeaders
server.compression.enabled
server.compression.referrerWhitelist
server.cors
server.cors.origin
server.defaultRoute
server.host
server.keepAliveTimeout
server.maxPayloadBytes
server.name
server.port
server.rewriteBasePath
server.socketTimeout
server.ssl.cert
server.ssl.certificate
server.ssl.certificateAuthorities
server.ssl.cipherSuites
server.ssl.clientAuthentication
server.customResponseHeaders
server.ssl.enabled
server.ssl.key
server.ssl.keyPassphrase
server.ssl.keystore.path
server.ssl.keystore.password
server.ssl.truststore.path
server.ssl.truststore.password
server.ssl.redirectHttpFromPort
server.ssl.supportedProtocols
server.xsrf.disableProtection
server.xsrf.whitelist
status.allowAnonymous
status.v6ApiFormat
tilemap.options.attribution
tilemap.options.maxZoom
tilemap.options.minZoom
tilemap.options.subdomains
tilemap.url
timeline.enabled
vega.enableExternalUrls
apm_oss.apmAgentConfigurationIndex
apm_oss.indexPattern
apm_oss.errorIndices
apm_oss.onboardingIndices
apm_oss.spanIndices
apm_oss.sourcemapIndices
apm_oss.transactionIndices
apm_oss.metricsIndices
telemetry.allowChangingOptInStatus
telemetry.enabled
telemetry.optIn
telemetry.optInStatusUrl
telemetry.sendUsageFrom
)

longopts=''
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
# 'opensearch.hosts' -> 'OPENSEARCH_URL'
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)

# Indirectly lookup env var values via the name of the var.
# REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
value=${!env_var}
if [[ -n $value ]]; then
longopt="--${opensearch_dashboards_var}=${value}"
longopts+=" ${longopt}"
fi
done

# Files created at run-time should be group-writable, for Openshift's sake.
umask 0002

# TO DO:
# Confirm with Mihir if this is necessary

# The virtual file /proc/self/cgroup should list the current cgroup
# membership. For each hierarchy, you can follow the cgroup path from
# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
# introspect the statistics for the cgroup for the given
# hierarchy. Alas, Docker breaks this by mounting the container
# statistics at the root while leaving the cgroup paths as the actual
# paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
# reading the cgroup path from /proc/self/cgroup and instead uses the
# cgroup path defined the configuration properties
# cpu.cgroup.path.override and cpuacct.cgroup.path.override.
# Therefore, we set this value here so that cgroup statistics are
# available for the container this process will run in.

exec /usr/share/opensearch-dashboards/bin/opensearch-dashboards --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ ${longopts} "$@"
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDJTCCAg2gAwIBAgIJAKO3AgiyHbReMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNV
BAMMHm9wZW5kaXN0cm9mb3JlbGFzdGljc2VhcmNoLm9yZzAeFw0xOTAyMTUwNzI5
MjNaFw0yOTAyMTIwNzI5MjNaMCkxJzAlBgNVBAMMHm9wZW5kaXN0cm9mb3JlbGFz
dGljc2VhcmNoLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPO
w4iMMWj7wODNeAR+t9fFoFkhWmo7NiV9qteUtOTnOLBFG6VWVh2kQev1Ph2dF0uw
Dg632Pk3Tl1er+eKCoG+YzwkJqVZ0CJlxZdpN5jCpliCYxIaGUHO0I+Kdhzg1IUk
1Q2+8aeVN7ddiYZC13T/b5Kut8lr13O8OTqeBX2zRxuzX+jUNAZjAsCAdsv2jRrO
94883OyDzF6UXvETJcW5uF4j7NK9N2nfAplMy6Z7v/0kA89/ecuAb8wmf7MOul1h
sHyNd4aJwIGhKW/qBLJG+GHB5BiO6OaMJMzr5kzSV9we5r/plas5viAl/jWsYECS
rvGjUqBEOKOFy6RS2ZECAwEAAaNQME4wHQYDVR0OBBYEFI05BOGEHtUhrZmkIL3W
6KpJLE71MB8GA1UdIwQYMBaAFI05BOGEHtUhrZmkIL3W6KpJLE71MAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACvAn1fRvkJamVKdmsou+YTmxu5YhDva
MepBVT6yeqctcgQgUfaneuBrl/+9zmxkjykZ1uimSS2IM1FxIXuB8rX+iAcgFyIs
XXquOhJlaXs/kN0KBGUSRkTMQSGIaTh26U7GnCQrdaIZDtKp7CRWjNebeDucNOc+
aXOqiNFbVePNe8+EZIDb0FmV4IiHuLcqCwzZvgesl3EUPuMsnrxeNKIw83ecpjqK
YRwWWhvY57asVbOZjn+M57bJSpzO9bO70uib0ItWs19aWqYP1vEOuNHEDbr2EVel
dejL2fYF06uiw179PSYnvDQohWdiqm8dM0Nx+QtJcbOR6BiBh8aQTjw=
-----END CERTIFICATE-----
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAs87DiIwxaPvA4M14BH6318WgWSFaajs2JX2q15S05Oc4sEUb
pVZWHaRB6/U+HZ0XS7AODrfY+TdOXV6v54oKgb5jPCQmpVnQImXFl2k3mMKmWIJj
EhoZQc7Qj4p2HODUhSTVDb7xp5U3t12JhkLXdP9vkq63yWvXc7w5Op4FfbNHG7Nf
6NQ0BmMCwIB2y/aNGs73jzzc7IPMXpRe8RMlxbm4XiPs0r03ad8CmUzLpnu//SQD
z395y4BvzCZ/sw66XWGwfI13honAgaEpb+oEskb4YcHkGI7o5owkzOvmTNJX3B7m
v+mVqzm+ICX+NaxgQJKu8aNSoEQ4o4XLpFLZkQIDAQABAoIBAEtPKXRyi2tWLlW5
mTAAxw1Xl65dGtptjGMtfDWo8g8BjSu+9jJMs+rcVkP2xppupkgsJ+cgN39CG89d
jj1jAr2OuU+CMLGGqXcOuzCMgB26QSPHEKmPRs7aSV4ldwznWfueDqIgPGSdSeXC
Boy2SDmXluqPxShWw7mUtz+G2fPoQ+TMcH3puL3ooeV2iy25ZciLG3SFFQ7jTiJP
l6bNvnszVa7fRdapF25znC/XsfaW7XsXZwbV+NeWtO7CEIec/RExSy9N/abbmhWY
BPidBT9AQG4MoN10YunS7iwbfpXCNW0HKlFf77Mr5FrCZ0RE/Mg5JJrFF3Bt+sNT
v6/2+wUCgYEA3mEtewQCn40aIWYTTeXqtRCnpbt4y602B2PbY7OI/9N6xafATVnK
+bwcj9rKQRmUBbrvNGCY/GQJPqHRFjIRqK0y2QCavuR/980z96ojUXwsHG4eSmHY
wX0Rs+JtHVJDDH13hRWj/5Zxa+0ln2olBpHkp+o/VwiyYNXeqmw4Lq8CgYEAzv3p
kmOqNQpQ2y2jEdKYanIibsB27slb4UxBpCzEYSj3LF3CysaGF17GJRRCASH9Dm3Y
dZSgJzuBVZSgYl9HNSB1wY1gpHYeLm0F0yaE1D4tSoXGD+8pbLbl6LjwHOUtH4Yx
NCDwOv+pe6+tyO6v04xcAOSWWkcsHkesrcehi78CgYEAztNA8o3LRst8Rx3hzGyP
O7HuyoSvF3fUrVDhZjw/qfft0tFvWEGwN08OnXjW7W81rZKsEWHaR7teocLsbSFK
LUBQ72TRh8OLhVR0Bd9Wk93SROrh/zo719FT2qM36rJsq7wxojR7YCZy/PcGK9sT
7qVYLhf+qxrqlIe1XXnjUv8CgYBhglm63Xp8HAz1A22zYqrsUjIITGB6op7G5p5x
kak9QAgYfV7bGWRns/zR0NY7JGDKoFJ9KXO8p5qIz0gyr0GjNFRkxo4FS6NyKWe6
DYY7WcMKPTSNoxO3o/1wgVaTth5ooFWjgfTJRlD39E2Av3hSxuc8gHKXurl81jTx
dH6UjwKBgEA5JLPaICkkY4ppcwdnf7zFFi22Rq5e2AJQSJcHOgE0K8/jJqbv+VOy
ugVjXRpq6VdNjGD3aLToe/SnRLUDmq+ZJqV+BoZSv3DJCsUkc4O9tS/E6Tn4A1di
loi+vT/GFEVVE3MaB42XGaaC82VEgwdqE3hDqNM/F2i3DfyoKD6V
-----END RSA PRIVATE KEY-----
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# Description:
# Default configuration for OpenSearch Dashboards

server.host: "0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization ]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false
9 changes: 9 additions & 0 deletions release/docker/config/opensearch/log4j2.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
status = error

appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n

rootLogger.level = info
rootLogger.appenderRef.console.ref = console
Loading