Automate management of required roles and user passwords (#671)

2025-12-25 07:12:13 +01:00 · 2022-02-21 11:19:43 +01:00
parent 641290c20a
commit 9877b39900
34 changed files with 503 additions and 327 deletions
--- a/.github/workflows/scripts/elasticsearch-setup-passwords.exp
+++ b/.github/workflows/scripts/elasticsearch-setup-passwords.exp
@@ -1,38 +0,0 @@
-#!/usr/bin/expect -f
-
-# List of expected users with dummy password
-set users {"elastic" "kibana_system" "logstash_system" "beats_system" "apm_system" "remote_monitoring_user"}
-set password "testpasswd"
-
-# Find elasticsearch container id
-set MODE [lindex $argv 0]
-if { [string match "swarm" $MODE] } {
-	set cid [exec docker ps -q -f label=com.docker.swarm.service.name=elk_elasticsearch]
-} else {
-	set cid [exec docker ps -q -f label=com.docker.compose.service=elasticsearch]
-}
-
-foreach user $users {
-	set cmd "docker exec -it $cid bin/elasticsearch-reset-password --batch --user $user -i"
-
-	spawn {*}$cmd
-
-	expect {
-		-re "(E|Re-e)nter password for \\\[$user\\\]: " {
-			send "$password\r"
-			exp_continue
-		}
-		timeout {
-			puts "\ntimed out waiting for input"
-			exit 4
-		}
-		eof
-	}
-
-	lassign [wait] pid spawnid os_error_flag value
-
-	if {$value != 0} {
-		if {$os_error_flag == 0} { puts "exit status: $value" } else { puts "errno: $value" }
-		exit $value
-	}
-}
--- a/.github/workflows/scripts/lib/testing.sh
+++ b/.github/workflows/scripts/lib/testing.sh
@@ -14,12 +14,7 @@ function err {
 function container_id {
 	local svc=$1

-	local label
-	if [[ "${MODE:-}" == "swarm" ]]; then
-		label="com.docker.swarm.service.name=elk_${svc}"
-	else
-		label="com.docker.compose.service=${svc}"
-	fi
+	local label="com.docker.compose.service=${svc}"

 	local cid

@@ -51,26 +46,11 @@ function container_id {

 # Return the IP address at which a service can be reached.
 # In Compose mode, returns the container's IP.
-# In Swarm mode, returns the IP of the node to ensure traffic enters the routing mesh (ingress).
 function service_ip {
 	local svc=$1

 	local ip

-	if [[ "${MODE:-}" == "swarm" ]]; then
-		#ingress_net="$(docker network inspect ingress --format '{{ .Id }}')"
-		#ip="$(docker service inspect elk_"$svc" --format "{{ range .Endpoint.VirtualIPs }}{{ if eq .NetworkID \"${ingress_net}\" }}{{ .Addr }}{{ end }}{{ end }}" | cut -d/ -f1)"
-		node="$(docker node ls --format '{{ .ID }}')"
-		ip="$(docker node inspect "$node" --format '{{ .Status.Addr }}')"
-		if [ -z "${ip:-}" ]; then
-			err "Node ${node} has no IP address"
-			return 1
-		fi
-
-		echo "$ip"
-		return
-	fi
-
 	local cid
 	cid="$(container_id "$svc")"