elastic: use v2 (#1115)

* elastic: use v2

* fix config

* fix test

ix-dev/stable/elastic-search/app.yaml

@@ -10,8 +10,8 @@ icon: https://media.sys.truenas.net/apps/elastic-search/icons/icon.svg
 keywords:
 - search
 - elastic
-lib_version: 1.1.7
-lib_version_hash: d05e43e25b7dc1736be6cc1efa4b9255368aa346e3e7a4350a38440f29b73186
+lib_version: 2.0.32
+lib_version_hash: 4a0bf69cccda322e191eab36ab81ca6d0c8e5d64a0b2fa117c609804b55b86c6
 maintainers:
 - email: [email protected]
   name: truenas
@@ -29,4 +29,4 @@ sources:
 - https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods
 title: Elastic Search
 train: stable
-version: 1.1.19
+version: 1.2.0

ix-dev/stable/elastic-search/ix_values.yaml

@@ -4,11 +4,11 @@ images:
     tag: 8.16.1
 
 consts:
-  perms_container_name: "permissions"
-  elastic_container_name: "elastic"
-  tls_key_path: "/usr/share/elasticsearch/config/certs/tls.key"
-  tls_cert_path: "/usr/share/elasticsearch/config/certs/tls.crt"
-  tls_ca_path: "/usr/share/elasticsearch/config/certs/ca.crt"
+  perms_container_name: permissions
+  elastic_container_name: elastic
+  tls_key_path: /usr/share/elasticsearch/config/certs/tls.key
+  tls_cert_path: /usr/share/elasticsearch/config/certs/tls.crt
+  tls_ca_path: /usr/share/elasticsearch/config/certs/ca.crt
   user_id: 1000
   group_id: 1000
   notes_body: |

ix-dev/stable/elastic-search/questions.yaml

@@ -5,6 +5,8 @@ groups:
     description: Configure Network for Elastic Search
   - name: Storage Configuration
     description: Configure Storage for Elastic Search
+  - name: Labels Configuration
+    description: Configure Labels for Elastic Search
   - name: Resources Configuration
     description: Configure Resources for Elastic Search
 
@@ -312,6 +314,42 @@ questions:
                             description: The domain to use for the SMB share.
                             schema:
                               type: string
+  - variable: labels
+    label: ""
+    group: Labels Configuration
+    schema:
+      type: list
+      default: []
+      items:
+        - variable: label
+          label: Label
+          schema:
+            type: dict
+            attrs:
+              - variable: key
+                label: Key
+                schema:
+                  type: string
+                  required: true
+              - variable: value
+                label: Value
+                schema:
+                  type: string
+                  required: true
+              - variable: containers
+                label: Containers
+                description: Containers where the label should be applied
+                schema:
+                  type: list
+                  items:
+                    - variable: container
+                      label: Container
+                      schema:
+                        type: string
+                        required: true
+                        enum:
+                          - value: elastic
+                            description: elastic
   - variable: resources
     label: ""
     group: Resources Configuration

ix-dev/stable/elastic-search/templates/docker-compose.yaml

@@ -1,109 +1,57 @@
-{# Stores storage items that contains info for volumes, vol mounts, perms dirs and perms mounts #}
-{% set storage_items = namespace(items=[]) %}
-{# Stores the top level volumes #}
-{% set volumes = namespace(items={}) %}
-{# Stores the container volume mounts #}
-{% set volume_mounts = namespace(items=[]) %}
-{# Stores the perms container volume mounts #}
-{% set perms_mounts = namespace(items=[]) %}
-{# Stores the perms container dirs #}
-{% set perms_dirs = namespace(items=[]) %}
+{% set tpl = ix_lib.base.render.Render(values) %}
+
+{% set proto = "https" if values.network.certificate_id else "http" %}
+
+{% set c1 = tpl.add_container(values.consts.elastic_container_name, "image") %}
+{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
+{% set perms_config = {"uid": values.consts.user_id, "gid": values.consts.group_id, "mode": "check"} %}
+
+{% do c1.set_user(values.consts.user_id, values.consts.group_id) %}
+
+{% do c1.healthcheck.set_test("curl", {
+  "port": values.network.web_port, "path": "/_cluster/health?local=true",
+  "scheme": proto, "headers": [("Authorization", tpl.funcs.basic_auth_header("elastic", values.elastic.password))]
+}) %}
+
+{% do c1.environment.add_env("ES_HEAP_SIZE", values.elastic.heap_size) %}
+{% do c1.environment.add_env("ELASTIC_PASSWORD", values.elastic.password) %}
+{% do c1.environment.add_env("ES_SETTING_HTTP_PORT", values.network.web_port) %}
+{% do c1.environment.add_env("ES_SETTING_NODE_NAME", values.elastic.node_name) %}
+{% do c1.environment.add_env("ES_SETTING_DISCOVERY_TYPE", "single-node") %}
+{% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_ENABLED", true) %}
+{% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_TRANSPORT_SSL_ENABLED", false) %}
 
 {% if values.network.certificate_id %}
-configs:
-  private:
-    content: {{ values.ix_certificates[values.network.certificate_id].privatekey | tojson }}
-  public:
-    content: {{ values.ix_certificates[values.network.certificate_id].certificate | tojson }}
+  {% set cert = values.ix_certificates[values.network.certificate_id] %}
+  {% do c1.configs.add("private", cert.privatekey, values.consts.tls_key_path) %}
+  {% do c1.configs.add("public", cert.certificate, values.consts.tls_cert_path) %}
+  {% do c1.configs.add("public", cert.certificate, values.consts.tls_ca_path) %}
+
+  {% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_HTTP_SSL_ENABLED", true) %}
+  {% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_HTTP_SSL_KEY", values.consts.tls_key_path) %}
+  {% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE", values.consts.tls_cert_path) %}
+  {% do c1.environment.add_env("ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE__AUTHORITIES", values.consts.tls_ca_path) %}
 {% endif %}
 
-{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.data, **{"mount_path": "/usr/share/elasticsearch/data"}),
-  values=values, perm_opts={"mount_path": "/mnt/elastic/data", "mode": "check", "uid": values.consts.user_id, "gid": values.consts.group_id}
-)) %}
-{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type":"anonymous", "mount_path": "/tmp"})) %}
-{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type":"anonymous", "mount_path": "/usr/share/elasticsearch/config/certs"})) %}
+{% do c1.environment.add_user_envs(values.elastic.additional_envs) %}
+{% do c1.ports.add_port(values.network.web_port, values.network.web_port) %}
 
-{% for store in values.storage.additional_storage %}
-  {% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, values=values,
-    perm_opts={"mount_path": "/mnt/elastic/dir_%s"|format(loop.index0), "mode": "check", "uid": values.consts.user_id, "gid": values.consts.group_id}
-  )) %}
-{% endfor %}
+{% do c1.add_storage("/usr/share/elasticsearch/config/certs", {"type": "anonymous"}) %}
 
-{# Add each item to the above lists #}
-{% for item in storage_items.items %}
-  {% if item.vol and volumes.items.update(item.vol) %}{% endif %}
-  {% if item.vol_mount and volume_mounts.items.append(item.vol_mount) %}{% endif %}
-  {% if item.perms_item and (perms_dirs.items.append(item.perms_item.perm_dir), perms_mounts.items.append(item.perms_item.vol_mount)) %}{% endif %}
-{% endfor %}
+{% do c1.add_storage("/usr/share/elasticsearch/data", values.storage.data) %}
+{% do perm_container.add_or_skip_action("data", values.storage.data, perms_config) %}
 
-{# Containers #}
-services:
-  {{ values.consts.elastic_container_name }}:
-    user: {{ "%d:%d" | format(values.consts.user_id, values.consts.group_id) }}
-    image: {{ ix_lib.base.utils.get_image(images=values.images, name="image") }}
-    restart: unless-stopped
-    deploy:
-      resources: {{ ix_lib.base.resources.resources(values.resources) | tojson }}
-    devices: {{ ix_lib.base.resources.get_devices(values.resources) | tojson }}
-    {% if values.network.certificate_id %}
-    configs:
-      - source: private
-        target: {{ values.consts.tls_key_path }}
-      - source: public
-        target: {{ values.consts.tls_cert_path }}
-      - source: public
-        target: {{ values.consts.tls_ca_path }}
-    {% endif %}
-    {% if perms_dirs.items %}
-    depends_on:
-      {{ values.consts.perms_container_name }}:
-        condition: service_completed_successfully
-    {% endif %}
-    {% if values.network.host_network %}
-    network_mode: host
-    {% endif %}
-    cap_drop: {{ ix_lib.base.security.get_caps().drop | tojson }}
-    security_opt: {{ ix_lib.base.security.get_sec_opts() | tojson }}
-    {% if values.network.dns_opts %}
-    dns_opt: {{ ix_lib.base.network.dns_opts(values.network.dns_opts) | tojson }}
-    {% endif %}
-    {% set test = ix_lib.base.healthchecks.curl_test(
-      port=values.network.web_port,
-      path="/_cluster/health?local=true",
-      config={
-        "scheme": "https" if values.network.certificate_id else "http",
-        "headers": [("Authorization", ix_lib.base.utils.basic_auth_header("elastic", values.elastic.password))]
-      }
-    ) %}
-    healthcheck: {{ ix_lib.base.healthchecks.check_health(test) | tojson }}
-    {% set app_env = {
-      "ES_HEAP_SIZE": values.elastic.heap_size,
-      "ELASTIC_PASSWORD": values.elastic.password,
-      "ES_SETTING_HTTP_PORT": values.network.web_port,
-      "ES_SETTING_NODE_NAME": values.elastic.node_name,
-      "ES_SETTING_DISCOVERY_TYPE": "single-node",
-      "ES_SETTING_XPACK_SECURITY_ENABLED": "true",
-      "ES_SETTING_XPACK_SECURITY_TRANSPORT_SSL_ENABLED": "false",
-    } %}
-    {% if values.network.certificate_id and app_env.update({
-        "ES_SETTING_XPACK_SECURITY_HTTP_SSL_ENABLED": "true",
-        "ES_SETTING_XPACK_SECURITY_HTTP_SSL_KEY": values.consts.tls_key_path,
-        "ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE": values.consts.tls_cert_path,
-        "ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE__AUTHORITIES": values.consts.tls_ca_path,
-    }) %}{% endif %}
-    environment: {{ ix_lib.base.environment.envs(app=app_env, user=values.elastic.additional_envs, values=values) | tojson }}
-    {% if not values.network.host_network %}
-    ports:
-      - {{ ix_lib.base.ports.get_port(port={"target": values.network.web_port, "published": values.network.web_port}) | tojson }}
-    {% endif %}
-    volumes: {{ volume_mounts.items | tojson }}
-  {% if perms_dirs.items %}
-  {{ values.consts.perms_container_name }}: {{ ix_lib.base.permissions.perms_container(items=perms_dirs.items, volumes=perms_mounts.items) | tojson }}
-  {% endif %}
+{% for store in values.storage.additional_storage %}
+  {% do c1.add_storage(store.mount_path, store) %}
+  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
+{% endfor %}
 
-{% if volumes.items %}
-volumes: {{ volumes.items | tojson }}
+{% if perm_container.has_actions() %}
+  {% do perm_container.activate() %}
+  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
 {% endif %}
 
-x-portals: {{ ix_lib.base.metadata.get_portals([{"port": values.network.web_port, "schema": "https" if values.network.certificate_id else "http"}]) | tojson }}
-x-notes: {{ ix_lib.base.metadata.get_notes("Elastic Search", body=values.consts.notes_body) | tojson }}
+{% do tpl.portals.add_portal({"port": values.network.web_port, "schema": proto}) %}
+{% do tpl.notes.set_body(values.consts.notes_body) %}
+
+{{ tpl.render() | tojson }}