more refactoring

Author: Schnitzel

.lagoon.logs-db-secrets.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  name: lagoon-secret-environment-template
+parameters:
+  - name: LOGSDB_ADMIN_PASSWORD
+    description: admin password of logs-db
+    generate: expression
+    from: "[a-zA-Z0-9]{32}"
+  - name: LOGSDB_KIBANASERVER_PASSWORD
+    description: kibana password of logs-db
+    generate: expression
+    from: "[a-zA-Z0-9]{32}"
+  - name: SAFE_BRANCH
+    description: Which branch this belongs to, special chars replaced with dashes
+    required: true
+  - name: SAFE_PROJECT
+    description: Which project this belongs to, special chars replaced with dashes
+    required: true
+  - name: BRANCH
+    description: Which branch this belongs to, original value
+    required: true
+  - name: PROJECT
+    description: Which project this belongs to, original value
+    required: true
+  - name: LAGOON_GIT_SHA
+    description: git hash sha of the current deployment
+    required: true
+  - name: OPENSHIFT_PROJECT
+    description: Name of the Project that this service is in
+    required: true
+objects:
+- kind: Secret
+  apiVersion: v1
+  metadata:
+    name: logs-db-admin-password
+  stringData:
+    LOGSDB_ADMIN_PASSWORD: ${LOGSDB_ADMIN_PASSWORD}
+- kind: Secret
+  apiVersion: v1
+  metadata:
+    name: logs-db-kibanaserver-password
+  stringData:
+    LOGSDB_KIBANASERVER_PASSWORD: ${LOGSDB_KIBANASERVER_PASSWORD}

.lagoon.yml

@@ -5,6 +5,13 @@ additional-yaml:
     path: .lagoon.secrets.yaml
     command: create
     ignore_error: true
+
+  logs-db-secrets:
+    path: .lagoon.logs-db-secrets.yaml
+    command: create
+    ignore_error: true
+
+
 tasks:
   post-rollout:
     - run:

docker-compose.yaml

@@ -258,6 +258,7 @@ services:
     user: '111111111'
     labels:
       lagoon.type: elasticsearch
+      lagoon.template: services/logs-db/.lagoon.yml
       lagoon.image: amazeeiolagoon/logs-db:${SAFE_BRANCH:-master}
   logs-db-ui:
     image: ${IMAGE_REPO:-lagoon}/logs-db-ui
@@ -266,6 +267,7 @@ services:
       - "5601:5601"
     labels:
       lagoon.type: kibana
+      lagoon.template: services/logs-db-ui/.lagoon.yml
       lagoon.image: amazeeiolagoon/logs-db-ui:${SAFE_BRANCH:-master}
   logs2logs-db:
     image: ${IMAGE_REPO:-lagoon}/logs2logs-db

images/elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 ARG IMAGE_REPO
 FROM ${IMAGE_REPO:-lagoon}/commons as commons
-FROM docker.elastic.co/elasticsearch/elasticsearch-platinum:6.1.1
+FROM docker.elastic.co/elasticsearch/elasticsearch-platinum:6.2.4
 
 MAINTAINER amazee.io
 ENV LAGOON=elasticsearch
@@ -30,4 +30,8 @@ RUN echo "xpack.security.enabled: false" >> config/elasticsearch.yml
 
 ENV ES_JAVA_OPTS "-Xms200m -Xmx200m"
 
-ENTRYPOINT ["/sbin/tini", "--", "/lagoon/entrypoints.bash", "/usr/local/bin/docker-entrypoint.sh"]
+VOLUME [ "/usr/share/elasticsearch/data" ]
+
+ENTRYPOINT ["/sbin/tini", "--", "/lagoon/entrypoints.bash"]
+
+CMD ["/usr/local/bin/docker-entrypoint.sh"]

images/elasticsearch/docker-entrypoint.sh

@@ -13,6 +13,4 @@ else
   echo "Using service name: ${K8S_SVC_NAME}"
   # copy the pristine version to the one that can be edited
   /usr/bin/peer-finder -on-start="/lagoon/configure-es.sh" -service=${K8S_SVC_NAME}
-fi
-
-exec $@
+fi

images/kibana/Dockerfile

@@ -1,6 +1,6 @@
 ARG IMAGE_REPO
 FROM ${IMAGE_REPO:-lagoon}/commons as commons
-FROM docker.elastic.co/kibana/kibana-x-pack:6.1.1
+FROM docker.elastic.co/kibana/kibana-x-pack:6.2.4
 
 MAINTAINER amazee.io
 ENV LAGOON=kibana

images/logstash/Dockerfile

@@ -1,6 +1,6 @@
 ARG IMAGE_REPO
 FROM ${IMAGE_REPO:-lagoon}/commons as commons
-FROM docker.elastic.co/logstash/logstash:6.1.1
+FROM docker.elastic.co/logstash/logstash:6.2.4
 
 MAINTAINER amazee.io
 ENV LAGOON=logstash

services/api/src/dao/environment.js

@@ -178,19 +178,10 @@ const getEnvironmentHitsMonthByEnvironmentId = ({ esClient }) => async (cred, op
   const month_leading_zero = interested_month.getMonth()+1 < 10 ? `0${interested_month.getMonth()+1}`: interested_month.getMonth()+1;
 
   const result = await esClient.count({
-    index: `router-logs-${interested_month.getFullYear()}.${month_leading_zero}.*`,
+    index: `router-logs-${openshift_projectname}-${interested_month.getFullYear()}.${month_leading_zero}`,
     body: {
       "query": {
         "bool": {
-          "must": [
-            {
-              "match_phrase": {
-                "openshift_project": {
-                  "query": openshift_projectname
-                }
-              }
-            }
-          ],
           "must_not": [
             {
               "match_phrase": {

services/logs-db-ui/.lagoon.yml

@@ -0,0 +1,106 @@
+apiVersion: v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  name: lagoon-openshift-template-kibana
+parameters:
+  - name: SERVICE_NAME
+    description: Name of this service
+    required: true
+  - name: SAFE_BRANCH
+    description: Which branch this belongs to, special chars replaced with dashes
+    required: true
+  - name: SAFE_PROJECT
+    description: Which project this belongs to, special chars replaced with dashes
+    required: true
+  - name: BRANCH
+    description: Which branch this belongs to, original value
+    required: true
+  - name: PROJECT
+    description: Which project this belongs to, original value
+    required: true
+  - name: LAGOON_GIT_SHA
+    description: git hash sha of the current deployment
+    required: true
+  - name: SERVICE_ROUTER_URL
+    description: URL of the Router for this service
+    value: ""
+  - name: OPENSHIFT_PROJECT
+    description: Name of the Project that this service is in
+    required: true
+  - name: REGISTRY
+    description: Registry where Images are pushed to
+    required: true
+  - name: DEPLOYMENT_STRATEGY
+    description: Strategy of Deploymentconfig
+    value: "Rolling"
+  - name: SERVICE_IMAGE
+    description: Pullable image of service
+    required: true
+  - name: CRONJOBS
+    description: Oneliner of Cronjobs
+    value: ""
+objects:
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    creationTimestamp: null
+    labels:
+      service: ${SERVICE_NAME}
+      branch: ${SAFE_BRANCH}
+      project: ${SAFE_PROJECT}
+    name: ${SERVICE_NAME}
+  spec:
+    replicas: 1
+    selector:
+      service: ${SERVICE_NAME}
+    strategy:
+      type: ${DEPLOYMENT_STRATEGY}
+    template:
+      metadata:
+        creationTimestamp: null
+        labels:
+          service: ${SERVICE_NAME}
+          branch: ${SAFE_BRANCH}
+          project: ${SAFE_PROJECT}
+      spec:
+        containers:
+        - image: ${SERVICE_IMAGE}
+          name: ${SERVICE_NAME}
+          ports:
+          - containerPort: 5601
+            protocol: TCP
+          readinessProbe:
+            httpGet:
+              port: 5601
+            initialDelaySeconds: 20
+          livenessProbe:
+            httpGet:
+              port: 5601
+            initialDelaySeconds: 120
+          envFrom:
+          - configMapRef:
+              name: lagoon-env
+          env:
+          - name: SERVICE_NAME
+            value: ${SERVICE_NAME}
+          - name: CRONJOBS
+            value: ${CRONJOBS}
+          - name: LOGSDB_ADMIN_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: LOGSDB_ADMIN_PASSWORD
+                name: logs-db-admin-password
+          - name: LOGSDB_KIBANASERVER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: LOGSDB_KIBANASERVER_PASSWORD
+                name: logs-db-kibanaserver-password
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
+    test: false
+    triggers:
+    - type: ConfigChange
+  status: {}

services/logs-db-ui/Dockerfile

@@ -1,24 +1,28 @@
 ARG IMAGE_REPO
 FROM ${IMAGE_REPO:-lagoon}/kibana
 
-COPY ./init/ /lagoon/kibana-init
-
-RUN fix-permissions /lagoon/kibana-init
-
-ENV NODE_OPTIONS="--max-old-space-size=2048"
+ENV NODE_OPTIONS="--max-old-space-size=2048" \
+    LOGSDB_KIBANASERVER_PASSWORD=kibanaserver \
+    LOGSDB_ADMIN_PASSWORD=admin \
+    ELASTICSEARCH_URL=http://logs-db:9200
 
 RUN echo $'xpack.security.enabled: false\n\
 \n\
 # Configure the Kibana internal server user\n\
-elasticsearch.username: "admin"\n\
-elasticsearch.password: "admin"\n\
+elasticsearch.username: "kibanaserver"\n\
+elasticsearch.password: "${LOGSDB_KIBANASERVER_PASSWORD}"\n\
 \n\
 # Disable SSL verification because we use self-signed demo certificates\n\
 elasticsearch.ssl.verificationMode: none\n\
 \n\
-# Whitelist the Search Guard Multi Tenancy Header\n\
+# Whitelist the Search Guard Multi Tenancy Header\n\\
 elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]' >> config/kibana.yml
 
-RUN bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.1.1-12/search-guard-kibana-plugin-6.1.1-12.zip
+RUN bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.2.4-13/search-guard-kibana-plugin-6.2.4-13.zip
+
+COPY ./init/ /lagoon/kibana-init
+COPY entrypoints/90-kibanayaml-envplate.sh /lagoon/entrypoints/
+
+RUN fix-permissions config/kibana.yml \
+    && fix-permissions /lagoon/kibana-init
 
-ENV ELASTICSEARCH_URL=http://logs-db:9200

services/logs-db-ui/entrypoints/90-kibanayaml-envplate.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ep config/kibana.yml

services/logs-db-ui/init/index-patterns.sh

@@ -1,21 +1,21 @@
 #!/usr/bin/env bash
 
 # test for lagoon-logs-* index pattern, create and set to default if it does not exist
-until sleep 15; curl --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "lagoon-logs";
+until sleep 15; curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "lagoon-logs";
 do
-  LAGOON_LOG_ID=$(curl --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"lagoon-logs-*","timeFieldName":"@timestamp"}}' --compressed \
+  LAGOON_LOG_ID=$(curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"lagoon-logs-*","timeFieldName":"@timestamp"}}' --compressed \
   | grep -oE '"id":(\d*?,|.*?[^\\]",)' | awk -F'"' '{print $4}') && \
-  curl 'http://logs-db-ui:5601/api/kibana/settings/defaultIndex' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*'  -H 'Connection: keep-alive' -H 'DNT: 1' --data-binary "{\"value\":\"$LAGOON_LOG_ID\"}" --compressed
+  curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" 'http://logs-db-ui:5601/api/kibana/settings/defaultIndex' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*'  -H 'Connection: keep-alive' -H 'DNT: 1' --data-binary "{\"value\":\"$LAGOON_LOG_ID\"}" --compressed
 done
 
 # test for service-logs-* index pattern, create if it does not exist
-until curl --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "service-logs";
+until curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "service-logs";
 do
-  curl 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"service-logs-*","timeFieldName":"@timestamp"}}' --compressed
+  curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"service-logs-*","timeFieldName":"@timestamp"}}' --compressed
 done
 
 # test for router-logs-* index pattern, create if it does not exist
-until curl --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "router-logs";
+until curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" --fail --silent 'http://logs-db-ui:5601/api/saved_objects/index-pattern' | grep "router-logs";
 do
-  curl 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"router-logs-*","timeFieldName":"@timestamp"}}' --compressed
+  curl -u "kibanaserver$LOGSDB_KIBANASERVER_PASSWORD" 'http://logs-db-ui:5601/api/saved_objects/index-pattern' -H 'kbn-version: 6.1.1' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"attributes":{"title":"router-logs-*","timeFieldName":"@timestamp"}}' --compressed
 done

services/logs-db-ui/init/watchers.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-until sleep 15; curl --silent 'http://logs-db:9200';
+until sleep 15; curl -u "admin:$LOGSDB_ADMIN_PASSWORD" --silent 'http://logs-db:9200';
 do
-  curl -XPUT  "http://logs-db:9200/_xpack/watcher/watch/rabbitmq_connection_error" -H 'Content-Type: application/json' -d @rabbitmq_connection_error.json
+  curl -u "admin:$LOGSDB_ADMIN_PASSWORD" -XPUT  "http://logs-db:9200/_xpack/watcher/watch/rabbitmq_connection_error" -H 'Content-Type: application/json' -d @rabbitmq_connection_error.json
 done