Skip to content

Commit

Permalink
Improvement provide more configuration options for elasticsearch clie…
Browse files Browse the repository at this point in the history
…nt (#7)

* added several configuration options

* added basic documentation

* added docker-compose template

* updated installation and configuration docs
  • Loading branch information
Corepex authored Nov 16, 2022
1 parent dd45eba commit 5f6fd76
Show file tree
Hide file tree
Showing 4 changed files with 221 additions and 2 deletions.
22 changes: 21 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ Supported elasticsearch version: Elasticsearch 8

## Installation

Install bundle via composer
```bash
composer require pimcore/elasticsearch-client
```

This bundle is a standard symfony bundle. If not required and activated by another bundle, it can be enabled by
adding it to the `bundles.php` of your application.

Expand All @@ -24,6 +29,8 @@ By default, a `default` client with host set to `localhost:9200` is available an
For details on the configuration opens have a look at inline documentation via command
`bin/console config:dump-reference PimcoreElasticsearchClientBundle`

Also see the [Elasticsearch Docs](https://www.elastic.co/guide/en/elasticsearch/client/php-api/current/connecting.html) for
more information.

```yaml
pimcore_elasticsearch_client:
Expand All @@ -36,7 +43,20 @@ pimcore_elasticsearch_client:
statistics:
hosts: ['statistics-node:9200']
logger_channel: 'pimcore.statistics'


#optional options
ca_bundle: 'path/to/ca/cert'
ssl_key: 'path/to/ssl/key'
ssl_cert: 'path/to/ssl/cert'
ssl_password: 'secretePW'
ssl_verification: false #false is the default value
http_options:
proxy: 'http://localhost:8125'
cloud_id: '123456789'
api_key: 'secret-apikey'
cloud:
cloud_id: '123456789'
api_key: 'secret-apikey'
```
## Integration into other Bundles
Expand Down
151 changes: 151 additions & 0 deletions doc/03_Docker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
# Docker

We created a sample docker setup for running Elasticsearch locally on your machine.

Feel free to customize and use this as a template to create your own setup.

### Docker Compose Setup

This will create an Elasticsearch container (`elastic`) and a Kibana container (`kibana`).
They will communicate between each other via an encrypted connection! If you do not need an
encrypted connection just comment out the ssl stuff (see code comments)

```yaml
#docker-compose.yaml

services:
php:
user: '1000:1000' # set to your uid:gid

supervisord:
user: '1000:1000' # set to your uid:gid

db:
ports:
- "3306:3306"

create_certs:
container_name: elastic_create_certs
image: elasticsearch:8.4.3
command: >
bash -c '
if [[ ! -f ./certs/certs-bundle.zip ]]; then
echo "Generating CA";
#bin/elasticsearch-certutil ca --silent --pass "password" --pem --out ./certs/certs-bundle.zip;
bin/elasticsearch-certutil ca --silent --pem --out ./certs/certs-bundle.zip;
unzip ./certs/certs-bundle.zip -d ./certs;
fi
if [ ! -f ./certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: elastic\n"\
" dns:\n"\
" - elastic\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> ./certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem --ca-cert ./certs/ca/ca.crt --ca-key ./certs/ca/ca.key --in ./certs/instances.yml --out ./certs/certs.zip;
unzip ./certs/certs.zip -d ./certs;
fi
echo "Setting file permissions"
chown -R root:root ./certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl --insecure -s --cacert ./certs/ca/ca.crt https://elastic:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl --insecure -s -X POST --cacert ./certs/ca/ca.crt -u "elastic:somethingsecret" -H "Content-Type: application/json" https://elastic:9200/_security/user/kibana_system/_password -d "{\"password\":\"somethingsecret\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!"
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes:
- pimcore-enterprise-elastic-certs:/usr/share/elasticsearch/certs

elastic:
container_name: elastic-10
image: elasticsearch:8.4.3
environment:
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
- xpack.security.enabled=true
- ELASTIC_PASSWORD=somethingsecret

# DISABLE LINES BELOW IF SSL IS NOT NEEDED!

#CONFIG BELOW USES PEM
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elastic/elastic.key
- xpack.security.http.ssl.certificate=certs/elastic/elastic.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate

- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elastic/elastic.key
- xpack.security.transport.ssl.certificate=certs/elastic/elastic.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate

# CONFIG BELOW USES KEYSTORES
#- xpack.security.transport.ssl.enabled=true
#- xpack.security.transport.ssl.keystore.password=elastic
#- xpack.security.transport.ssl.truststore.password=elastic
#- xpack.security.transport.ssl.keystore.path=certs/elasticsearch01.p12
#- xpack.security.transport.ssl.verification_mode=certificate

#- xpack.security.http.ssl.enabled=true
#- xpack.security.http.ssl.keystore.password=elastic
#- xpack.security.http.ssl.truststore.password=elastic
#- xpack.security.http.ssl.keystore.path=certs/elasticsearch01.p12
#- xpack.security.http.ssl.verification_mode=certificate
ports:
- 9200:9200
volumes:
- pimcore-enterprise-elastic:/usr/share/elasticsearch/data
- pimcore-enterprise-elastic-certs:/usr/share/elasticsearch/config/certs
deploy:
resources:
limits:
cpus: '1'
memory: '2G'

kibana:
container_name: kibana-10
image: kibana:8.4.3
ports:
- 5601:5601
environment:
- ELASTICSEARCH_HOSTS=https://elastic:9200
- XPACK_SECURITY_ENABLED=true

- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=somethingsecret

# DISABLE LINES BELOW IF SSL IS NOT NEEDED!
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt

#- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
#- ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate
#- SERVER_SSL_ENABLED=true
#- SERVER_SSL_KEY=config/certs/kibana.key
#- SERVER_SSL_CERTIFICATE=config/certs/kibana.crt
#- SERVER_SSL_PASSWORD=kibana
#- SERVER_SSL_KEYPASSPHRASE=kibana
volumes:
- pimcore-enterprise-elastic-certs:/usr/share/kibana/config/certs

volumes:
pimcore-enterprise-elastic:
pimcore-enterprise-elastic-certs:
```
Use `docker-compose up -d` to run the configured stack.

Also `docker compose logs -f` could be helpful to debug certain errors.
26 changes: 25 additions & 1 deletion src/DependencyInjection/Configuration.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,31 @@ public function getConfigTreeBuilder()
->scalarNode('password')
->info('Password for elasticsearch authentication')
->end()
->end()
->scalarNode('ca_bundle')
->info('Path to certificate authority file (.crt)')
->end()
->scalarNode('ssl_key')
->info('Path to private SSL key file (.key)')
->end()
->scalarNode('ssl_cert')
->info('Path to PEM formatted SSL cert file (.cert)')
->end()
->scalarNode('ssl_password')
->info('If private key and certificate require a password (default: null)')
->end()
->booleanNode('ssl_verification')
->info('Enable or disable the SSL verification (default: false)')
->end()
->arrayNode('http_options')
->prototype('scalar')->end()
->info('List of http client options')
->end()
->scalarNode('cloud_id')
->info('Elastic Cloud Id for elasticsearch cloud authentication')
->end()
->scalarNode('api_key')
->info('Elastic Cloud API key for elasticsearch cloud authentication')
->end()
->end()
->end()
->end();
Expand Down
24 changes: 24 additions & 0 deletions src/EsClientFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,30 @@ public static function create(LoggerInterface $logger, array $configuration): Cl
$builder->setBasicAuthentication($configuration['username'], $configuration['password']);
}

if(isset($configuration['cloud_id'], $configuration['api_key'])){
$builder
->setElasticCloudId($configuration['cloud_id'])
->setApiKey($configuration['api_key']);
}

if(isset($configuration['ca_bundle'])){
$builder->setCABundle($configuration['ca_bundle']);
}

if(isset($configuration['ssl_key']) && $configuration['ssl_cert']){
$builder
->setSSLKey($configuration['ssl_key'], $configuration['ssl_password'] ?? null)
->setSSLCert($configuration['ssl_cert'], $configuration['ssl_password'] ?? null);

if(isset($configuration['ssl_verification'])){
$builder->setSSLVerification($configuration['ssl_verification']);
}
}

if(isset($configuration['http_options'])){
$builder->setHttpClientOptions($configuration['http_options']);
}

return $builder->build();
}
}

0 comments on commit 5f6fd76

Please sign in to comment.