Modularize docker stack: allow loading of addiditional scenarios (#467)

* Modularize docker stack: allow loading of addiditional scenarios
* Activate elasticsearch security / authentication

Author: mgruner

.env.dist

@@ -1,10 +1,35 @@
+#############################################
 # Docker Environment Variables
 # https://docs.zammad.org/en/latest/install/docker-compose/environment.html
+#############################################
 
-# ELASTICSEARCH_VERSION=8.17.1
+#############################################
+# docker-compose.yml - These variables only need to be set if they do not have the default value.
+#############################################
+
+# RESTART=always
+
+# Use a fixed Zammad version rather than the default. If you do so,
+#   you are responsible to update this to newer patch level versions yourself.
+# VERSION=6.4.1-45
+# You can also use floating versions that will give you automatic updates:
+# VERSION=6.2     # all patchlevel updates
+# VERSION=6       # including minor updates
+# VERSION=latest  # all updates of stable versions, including major
+# VERSION=develop # bleeding-edge development version
 # IMAGE_REPO=ghcr.io/zammad/zammad
+
+# ELASTICSEARCH_VERSION=8.17.1
 # MEMCACHE_SERVERS=zammad-memcached:11211
 # MEMCACHE_VERSION=1.6.36-alpine
+# REDIS_URL=redis://zammad-redis:6379
+# REDIS_VERSION=7.4.2-alpine
+# POSTGRES_VERSION=17.2-alpine
+
+# RAILS_TRUSTED_PROXIES=
+# ZAMMAD_HTTP_TYPE=
+# ZAMMAD_FQDN=
+
 # NGINX_PORT=8080
 # NGINX_EXPOSE_PORT=8080
 # NGINX_CLIENT_MAX_BODY_SIZE=50M
@@ -13,15 +38,46 @@
 # POSTGRES_USER=zammad
 # POSTGRES_HOST=zammad-postgresql
 # POSTGRES_PORT=5432
-# POSTGRES_VERSION=17.2-alpine
 # POSTGRESQL_OPTIONS=?pool=50
-# REDIS_URL=redis://zammad-redis:6379
-# REDIS_VERSION=7.4.2-alpine
-# RESTART=always
-# Use a fixed version. You are responsible to update this to newer patch level versions yourself.
-# VERSION=6.4.1-45
-# You can also use floating versions that will give you automatic updates:
-# VERSION=6.2     # all patchlevel updates
-# VERSION=6       # including minor updates
-# VERSION=latest  # all updates of stable versions, including major
-# VERSION=develop # bleeding-edge development version
+
+# ELASTICSEARCH_SCHEMA=http
+# ELASTICSEARCH_HOST=zammad-elasticsearch
+# ELASTICSEARCH_PORT=9200
+# ELASTICSEARCH_USER=elastic
+# ELASTICSEARCH_PASS=zammad
+# ELASTICSEARCH_NAMESPACE=zammad
+# ELASTICSEARCH_REINDEX=true
+
+# Variables used by ngingx-proxy container for reverse proxy creations,
+#   for docs refer to https://github.com/nginx-proxy/nginx-proxy.
+# VIRTUAL_HOST=
+# VIRTUAL_PORT=
+# Variables used by acme-companion for retrieval of LetsEncrypt certificate,
+#   for docs refer to https://github.com/nginx-proxy/acme-companion.
+# LETSENCRYPT_HOST=
+# LETSENCRYPT_EMAIL=
+
+#############################################
+# scenarios/add-cloudflare-tunnel.yml
+#############################################
+
+# CLOUDFLARE_TUNNEL_TOKEN=mytoken
+
+#############################################
+# scenarios/add-external-network-to-nginx.yml
+#############################################
+
+# ZAMMAD_NGINX_EXTERNAL_NETWORK=mynetwork
+
+#############################################
+# scenarios/add-external-network-to-elasticsearch.yml
+#############################################
+
+# ZAMMAD_ELASTICSEARCH_EXTERNAL_NETWORK=mynetwork
+
+#############################################
+# scenarios/add-hostport-to-elasticsearch.yml
+#############################################
+
+# Defaults to 9200, set this if you need another value.
+# ELASTICSEARCH_EXPOSE_HTTP_PORT=9200

.examples/proxy/certs/.gitkeep

@@ -0,0 +1,4 @@
+---
+rules:
+  line-length:
+    max: 120

.examples/proxy/docker-compose.proxy-example.yml

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for presence cloudflare tunnel container"
+docker compose ps | grep cloudflare-tunnel
+print_heading "Success - cloudflare container is present"

.examples/proxy/docker-compose.yml

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for presence of external network"
+docker inspect zammad-docker-compose-zammad-elasticsearch-1 | grep zammad-ci-external-network
+print_heading "Success - external network is present"

.github/linters/.yaml-lint.yml

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for presence of external network"
+docker inspect zammad-docker-compose-zammad-nginx-1 | grep zammad-ci-external-network
+print_heading "Success - external network is present"
+
+print_heading "check that nginx is not exposed on the Host"
+docker inspect zammad-docker-compose-zammad-nginx-1 | grep HostPort && exit 1
+print_heading "Success - nginx is not exposed on the host"

.github/tests/add-cloudflare-tunnel.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for hostport"
+docker inspect zammad-docker-compose-zammad-elasticsearch-1 | grep HostPort | grep 9201
+print_heading "Success - hostport is present"

.github/tests/add-external-network-to-elasticsearch.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for presence nginx-proxy-manager container"
+docker compose ps | grep nginx-proxy-manager
+print_heading "Success - nginx-proxy-manager container is present"

.github/tests/add-external-network-to-nginx.sh

@@ -1,29 +1,9 @@
 #!/bin/sh
-#
-# run zammad tests
-#
 
-set -o errexit
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
 
-# Send the logs to STDOUT for debugging.
-docker compose logs --timestamps --follow &
-
-# Print empty lines before and after the heading to find it between the logs.
-print_heading() {
-  echo ">"
-  echo "> $1"
-  echo ">"
-}
-
-# Run commands in the zammad-railsserver container in a way that also allows the rails stack to start.
-railsserver_run_command() {
-  docker compose exec --env=AUTOWIZARD_RELATIVE_PATH=tmp/auto_wizard.json --env=DATABASE_URL=postgres://zammad:zammad@zammad-postgresql:5432/zammad_production zammad-railsserver "$@"
-}
-
-print_heading "wait for zammad to be ready…"
-docker compose wait zammad-init
-docker compose exec zammad-nginx bash -c "curl --retry 30 --retry-delay 1 --retry-connrefused http://localhost:8080 | grep 'Zammad'"
-print_heading "Success - Zammad is up :)"
+check_stack_start
 
 # Checking for external connectivity may not always be possible, e.g. in GitLab CI.
 if [ -z "$DISABLE_EXTERNAL_TESTS" ]

.github/tests/add-hostport-to-elasticsearch.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for absence of backup container"
+docker compose ps | grep zammad-backup && exit 1
+print_heading "Success - backup container is absent"

.github/tests/add-nginx-proxy-manager.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/include/functions.sh"
+
+check_stack_start
+
+print_heading "check for absence of elasticsearch container"
+docker compose ps | grep zammad-elasticsearch && exit 1
+print_heading "Success - elasticsearch container is absent"

.github/tests.sh renamed to .github/tests/default.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -o errexit
+
+# Send the logs to STDOUT for debugging.
+docker compose logs --timestamps --follow &
+
+# Print empty lines before and after the heading to find it between the logs.
+print_heading() {
+  echo ">"
+  echo "> $1"
+  echo ">"
+}
+
+# Run commands in the zammad-railsserver container in a way that also allows the rails stack to start.
+railsserver_run_command() {
+  docker compose exec --env=AUTOWIZARD_RELATIVE_PATH=tmp/auto_wizard.json --env=DATABASE_URL=postgres://zammad:zammad@zammad-postgresql:5432/zammad_production zammad-railsserver "$@"
+}
+
+check_stack_start() {
+  print_heading "wait for zammad to be ready…"
+  docker compose wait zammad-init
+  docker compose exec zammad-nginx bash -c "curl --retry 30 --retry-delay 1 --retry-connrefused http://localhost:8080 | grep 'Zammad'"
+  print_heading "Success - Zammad is up :)"
+}

.github/tests/disable-backup-service.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -o errexit
+
+docker network create zammad-ci-external-network
+
+echo "CLOUDFLARE_TUNNEL_TOKEN=invalid-token" > .env
+
+docker compose -f docker-compose.yml -f scenarios/add-cloudflare-tunnel.yml up --quiet-pull --detach

.github/tests/disable-elasticsearch-service.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -o errexit
+
+docker network create zammad-ci-external-network
+
+echo "ZAMMAD_ELASTICSEARCH_EXTERNAL_NETWORK=zammad-ci-external-network" > .env
+
+docker compose -f docker-compose.yml -f scenarios/add-external-network-to-elasticsearch.yml up --quiet-pull --detach

.github/tests/include/functions.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -o errexit
+
+docker network create zammad-ci-external-network
+
+echo "ZAMMAD_NGINX_EXTERNAL_NETWORK=zammad-ci-external-network" > .env
+
+docker compose -f docker-compose.yml -f scenarios/add-external-network-to-nginx.yml up --quiet-pull --detach

.github/tests/setup/add-cloudflare-tunnel.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -o errexit
+
+# Use a custom port to verify it is configurable.
+echo "ELASTICSEARCH_EXPOSE_HTTP_PORT=9201" > .env
+
+docker compose -f docker-compose.yml -f scenarios/add-hostport-to-elasticsearch.yml up --quiet-pull --detach

.github/tests/setup/add-external-network-to-elasticsearch.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -o errexit
+
+docker compose -f docker-compose.yml -f scenarios/add-nginx-proxy-manager.yml up --quiet-pull --detach

.github/tests/setup/add-external-network-to-nginx.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -o errexit
+
+docker compose up --quiet-pull --detach
+
+docker compose cp .github/auto_wizard.json zammad-railsserver:/opt/zammad/tmp

.github/tests/setup/add-hostport-to-elasticsearch.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -o errexit
+
+docker compose -f docker-compose.yml -f scenarios/disable-backup-service.yml up --quiet-pull --detach

.github/tests/setup/add-nginx-proxy-manager.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -o errexit
+
+# Disable ES initialization in the test because we don't have an external ES service.
+echo "ELASTICSEARCH_ENABLED=false" > .env
+
+docker compose -f docker-compose.yml -f scenarios/disable-elasticsearch-service.yml up --quiet-pull --detach