chore: enable elasticsearch on local dev env (#757)

Author: fengmk2

.env.example

@@ -7,3 +7,44 @@
 # CNPMCORE_DATABASE_USER=postgres
 # CNPMCORE_DATABASE_PASSWORD=postgres
 # CNPMCORE_DATABASE_NAME=cnpmcore
+
+# CNPMCORE_CONFIG_ENABLE_ES=true
+# CNPMCORE_CONFIG_ES_CLIENT_NODE=http://localhost:9200
+# CNPMCORE_CONFIG_ES_CLIENT_AUTH_USERNAME=elastic
+# CNPMCORE_CONFIG_ES_CLIENT_AUTH_PASSWORD=abcdef
+
+# https://github.com/cnpm/cnpmcore/blob/next/docs/elasticsearch-setup.md#%E6%96%B0%E5%BB%BA-env-%E6%96%87%E4%BB%B6
+# Password for the 'elastic' user (at least 6 characters)
+ELASTIC_PASSWORD="abcdef"
+
+# Password for the 'kibana_system' user (at least 6 characters)
+KIBANA_PASSWORD="abcdef"
+
+# Version of Elastic products
+STACK_VERSION=8.7.1
+# enable for arm64
+# STACK_VERSION_ARM64=-arm64
+# STACK_PLATFORM=linux/arm64
+
+# Set the cluster name
+CLUSTER_NAME=docker-cluster
+
+# Set to 'basic' or 'trial' to automatically start the 30-day trial
+LICENSE=basic
+#LICENSE=trial
+
+# Port to expose Elasticsearch HTTP API to the host
+ES_PORT=9200
+#ES_PORT=127.0.0.1:9200
+
+# Port to expose Kibana to the host
+KIBANA_PORT=5601
+#KIBANA_PORT=80
+
+# Increase or decrease based on the available host memory (in bytes)
+ES_MEM_LIMIT=1073741824
+KB_MEM_LIMIT=1073741824
+LS_MEM_LIMIT=1073741824
+
+# SAMPLE Predefined Key only to be used in POC environments
+ENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2

docker-compose-es.yml

@@ -0,0 +1,142 @@
+name: cnpmcore_dev_services_es
+
+volumes:
+  certs:
+    driver: local
+  esdata01:
+    driver: local
+  kibanadata:
+    driver: local
+
+services:
+  setup:
+    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
+    volumes:
+      - certs:/usr/share/elasticsearch/config/certs
+    user: "0"
+    command: >
+      bash -c '
+        if [ x${ELASTIC_PASSWORD} == x ]; then
+          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
+          exit 1;
+        elif [ x${KIBANA_PASSWORD} == x ]; then
+          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
+          exit 1;
+        fi;
+        if [ ! -f config/certs/ca.zip ]; then
+          echo "Creating CA";
+          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
+          unzip config/certs/ca.zip -d config/certs;
+        fi;
+        if [ ! -f config/certs/certs.zip ]; then
+          echo "Creating certs";
+          echo -ne \
+          "instances:\n"\
+          "  - name: es01\n"\
+          "    dns:\n"\
+          "      - es01\n"\
+          "      - localhost\n"\
+          "    ip:\n"\
+          "      - 127.0.0.1\n"\
+          "  - name: kibana\n"\
+          "    dns:\n"\
+          "      - kibana\n"\
+          "      - localhost\n"\
+          "    ip:\n"\
+          "      - 127.0.0.1\n"\
+          > config/certs/instances.yml;
+          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
+          unzip config/certs/certs.zip -d config/certs;
+        fi;
+        echo "Setting file permissions"
+        chown -R root:root config/certs;
+        find . -type d -exec chmod 750 \{\} \;;
+        find . -type f -exec chmod 640 \{\} \;;
+        echo "Waiting for Elasticsearch availability";
+        until curl -s --cacert config/certs/ca/ca.crt http://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
+        echo "Setting kibana_system password";
+        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
+        echo "All done!";
+      '
+    healthcheck:
+      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+      interval: 1s
+      timeout: 5s
+      retries: 120
+
+  es01:
+    depends_on:
+      setup:
+        condition: service_healthy
+    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}${STACK_VERSION_ARM64}
+    platform: ${STACK_PLATFORM}
+    labels:
+      co.elastic.logs/module: elasticsearch
+    volumes:
+      - certs:/usr/share/elasticsearch/config/certs
+      - esdata01:/usr/share/elasticsearch/data
+    ports:
+      - ${ES_PORT}:9200
+    environment:
+      - node.name=es01
+      - cluster.name=${CLUSTER_NAME}
+      - discovery.type=single-node
+      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
+      - bootstrap.memory_lock=true
+      - xpack.security.enabled=true
+      - xpack.security.http.ssl.enabled=false
+      - xpack.security.http.ssl.key=certs/es01/es01.key
+      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
+      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
+      - xpack.security.transport.ssl.enabled=false
+      - xpack.security.transport.ssl.key=certs/es01/es01.key
+      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
+      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
+      - xpack.security.transport.ssl.verification_mode=certificate
+      - xpack.license.self_generated.type=${LICENSE}
+    mem_limit: ${ES_MEM_LIMIT}
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "curl -s --cacert config/certs/ca/ca.crt http://localhost:9200 | grep -q 'missing authentication credentials'",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 120
+
+  kibana:
+    depends_on:
+      es01:
+        condition: service_healthy
+    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
+    labels:
+      co.elastic.logs/module: kibana
+    volumes:
+      - certs:/usr/share/kibana/config/certs
+      - kibanadata:/usr/share/kibana/data
+    ports:
+      - ${KIBANA_PORT}:5601
+    environment:
+      - SERVERNAME=kibana
+      - ELASTICSEARCH_HOSTS=http://es01:9200
+      - ELASTICSEARCH_USERNAME=kibana_system
+      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
+      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
+      - XPACK_SECURITY_ENCRYPTIONKEY=${ENCRYPTION_KEY}
+      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=${ENCRYPTION_KEY}
+      - XPACK_REPORTING_ENCRYPTIONKEY=${ENCRYPTION_KEY}
+    mem_limit: ${KB_MEM_LIMIT}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 120

docker-compose-postgres.yml

@@ -1,5 +1,15 @@
 name: cnpmcore_dev_services_postgres
 
+volumes:
+  cnpm-redis:
+  cnpm-postgres:
+  cnpm-pgadmin:
+
+networks:
+  cnpm-postgres:
+    name: cnpm-postgres
+    driver: bridge
+
 services:
   redis:
     env_file:
@@ -49,13 +59,3 @@ services:
       - cnpm-postgres
     depends_on:
       - postgres
-
-volumes:
-  cnpm-redis:
-  cnpm-postgres:
-  cnpm-pgadmin:
-
-networks:
-  cnpm-postgres:
-    name: cnpm-postgres
-    driver: bridge

docker-compose.yml

@@ -1,5 +1,12 @@
 name: cnpmcore_dev_services_mysql
 
+volumes:
+  cnpm-redis:
+  cnpm-mysql:
+
+networks:
+  cnpm-mysql:
+
 services:
   redis:
     env_file:
@@ -11,8 +18,6 @@ services:
       - cnpm-redis:/data
     ports:
       - 6379:6379
-    networks:
-      - cnpm-mysql
 
   mysql:
     env_file:
@@ -28,8 +33,6 @@ services:
       - cnpm-mysql:/var/lib/mysql
     ports:
       - 3306:3306
-    networks:
-      - cnpm-mysql
 
   # database explorer
   phpmyadmin:
@@ -46,16 +49,5 @@ services:
       PMA_HOST: 'mysql'
     ports:
       - 8080:80
-    networks:
-      - cnpm-mysql
     depends_on:
       - mysql
-
-volumes:
-  cnpm-redis:
-  cnpm-mysql:
-
-networks:
-  cnpm-mysql:
-    name: cnpm-mysql
-    driver: bridge

docs/elasticsearch-setup.md

@@ -58,8 +58,6 @@ path.logs: ./logs
 新建文件 `docker-compose.yaml`， 复制如下的 `docker-compose.yaml`
 
 ```yaml
-version: "3.8"
-
 volumes:
   certs:
     driver: local
@@ -142,6 +140,7 @@ services:
       - discovery.type=single-node
       - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
       - bootstrap.memory_lock=true
+      - bootstrap.system_call_filter=false
       - xpack.security.enabled=true
       - xpack.security.http.ssl.enabled=false
       - xpack.security.http.ssl.key=certs/es01/es01.key
@@ -252,7 +251,7 @@ docker compose up
 
 ### 访问 Elastic
 
-浏览器打开 http://localhost:5601/app/dev_tools#/console，默认账号为 `elastic` 密码为 .env 文件中定义的 `abcdef`
+浏览器打开 http://localhost:5601/app/dev_tools#/console ，默认账号为 `elastic` 密码为 .env 文件中定义的 `abcdef`
 
 ## 创建索引
 
@@ -262,7 +261,7 @@ ES 可以通过 Kibana devtool 进行数据的写入和查询操作。下面创
 PUT cnpmcore_packages
 {
   "settings": ${settings} // copy 下方 settings
-  "mappings": ${mappings} // copy 下方 settings
+  "mappings": ${mappings} // copy 下方 mappings
 }
 ```
 
@@ -975,7 +974,7 @@ config: {
 ### 同步一条数据
 
 ```bash
-$ curl -X PUT https://r.cnpmjs.org/-/v1/search/sync/${pkgName}
+curl -X PUT http://localhost:7001/-/v1/search/sync/${pkgName}
 ```
 
 ### 删除一条数据

package.json

@@ -36,6 +36,7 @@
     }
   },
   "scripts": {
+    "predev": "npm run clean",
     "dev": "egg-bin dev",
     "dev:postgresql": "CNPMCORE_DATABASE_TYPE=PostgreSQL egg-bin dev",
     "lint": "eslint --cache --ext .ts .",