diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml index b127fa9..73a9358 100644 --- a/.github/workflows/commit.yml +++ b/.github/workflows/commit.yml @@ -12,4 +12,4 @@ jobs: - name: checkout uses: actions/checkout@v2 - name: test - run: docker-compose run --rm test + run: docker compose run --rm test diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a130cae --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM cloudfoundry/cflinuxfs3:latest +WORKDIR /home/vcap/app +COPY --chown=vcap:vcap . ./ +USER vcap:vcap +ENV HOME=$WORKDIR +CMD ["/bin/bash", "-c", "./.profile && ./start.sh"] diff --git a/README.md b/README.md index 44e14a7..97d7046 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ applications. Name | Description ---- | ----------- -logstack-logstash | Logstash process that aggregates and parses log data. +logstack-shipper | Logstash process that aggregates and parses log data. logstack-space-drain | Space drain monitors a CF space, and binds the log drain to applications. Created by the [drains plugin](https://github.com/cloudfoundry/cf-drain-cli). _Note: The logstack-space-drain application consumes 64MB._ @@ -78,7 +78,7 @@ _Note: The logstack-space-drain application consumes 64MB._ Run tests. - docker-compose run --rm test + docker compose run --rm test ## Contributing diff --git a/docker-compose.yml b/docker-compose.yml index 3310915..1a34921 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,11 +36,14 @@ services: localstack: condition: service_healthy healthcheck: - test: bin/logstash -t - interval: 60s - timeout: 50s - retries: 5 - build: logstash + test: "${DOCKER_HEALTHCHECK_TEST:-/usr/bin/curl --fail http://logstash:logstash@localhost:8080 || exit 1}" + interval: 10s + timeout: 3s + start_period: 5s + retries: 20 + build: + dockerfile: $PWD/Dockerfile + context: logstash environment: AWS_ACCESS_KEY_ID: test AWS_SECRET_ACCESS_KEY: test @@ -49,10 +52,10 @@ services: AWS_ENDPOINT: http://localstack:4566 DRAIN_USER: logstash DRAIN_PASSWORD: logstash + PORT: 8080 ports: - - "5044:5044" - - "9600:9600" - - "9700:9700" + - 8080:8080 + - 9600:9600 test: build: diff --git a/logstash/.profile b/logstash/.profile index c9fd470..6ed8028 100755 --- a/logstash/.profile +++ b/logstash/.profile @@ -25,15 +25,17 @@ function parse_vcap_services () { parse_vcap_services echo "Unpacking logstash..." -(cd "$HOME" && tar xzvf logstash-oss-7.16.3-linux-x86_64.tar.gz > /dev/null 2>&1 && rm logstash-oss-7.16.3-linux-x86_64.tar.gz) -export LS_HOME="$HOME/logstash-7.16.3" + tar xzvf logstash-oss-7.16.3-linux-x86_64.tar.gz > /dev/null 2>&1 && \ + rm logstash-oss-7.16.3-linux-x86_64.tar.gz +export LS_HOME="$PWD/logstash-7.16.3" echo "Installing logstash plugins..." -"$LS_HOME"/bin/logstash-plugin install file://"$HOME"/plugins.zip +"$LS_HOME"/bin/logstash-plugin install file://"$PWD"/plugins.zip echo "Installing Cloud Foundry root CA certificate..." cp "$LS_HOME"/jdk/lib/security/cacerts "$LS_HOME"/jdk/lib/security/jssecacerts -for cert in "$CF_SYSTEM_CERT_PATH"/* ; do +shopt -s nullglob # Skip the loop if there're no matching files +for cert in "${CF_SYSTEM_CERT_PATH:-/etc/cf-system-certificates}/*" ; do echo "Installing certificates: $cert" # We haven't ever seen someone change this default password, and anyone who # can see this already has permission to update these files, so we're not @@ -41,5 +43,4 @@ for cert in "$CF_SYSTEM_CERT_PATH"/* ; do "$LS_HOME"/jdk/bin/keytool -noprompt -import -trustcacerts -file "$cert" -storepass changeit -alias "${cert/$CF_SYSTEM_CERT_PATH\//}" -keystore "$LS_HOME"/jdk/lib/security/jssecacerts done -ln -s "$LS_HOME"/bin/logstash "$HOME"/bin/logstash || true - +ln -s "$LS_HOME"/bin/logstash "$PWD"/bin/logstash || true diff --git a/logstash/Dockerfile b/logstash/Dockerfile deleted file mode 100644 index a545512..0000000 --- a/logstash/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -# https://www.elastic.co/guide/en/logstash/current/docker-config.html - -FROM docker.elastic.co/logstash/logstash-oss:7.16.2 - -RUN bin/logstash-plugin install logstash-output-s3 - -ADD logstash.conf /usr/share/logstash/pipeline/logstash.conf -ADD jvm.options /usr/share/logstash/config/ -ADD start.sh /usr/share/logstash/bin/start.sh diff --git a/logstash/start.sh b/logstash/start.sh index 3d9c429..3a37bb8 100755 --- a/logstash/start.sh +++ b/logstash/start.sh @@ -1,6 +1,3 @@ #!/bin/bash -set -o errexit -set -o pipefail - -exec "bin/logstash -f logstash.conf" +exec bin/logstash -f logstash.conf diff --git a/test/test_logstash.py b/test/test_logstash.py index f4fbaac..4eedced 100644 --- a/test/test_logstash.py +++ b/test/test_logstash.py @@ -6,32 +6,14 @@ LOGSTASH_HEALTHCHECK = 'http://logstash:9600/?pretty' - class TestLogstash(unittest.TestCase): - @classmethod - def setUpClass(cls): - # Wait for Logstash to be up - while True: - response = None - try: - response = requests.get(LOGSTASH_HEALTHCHECK) - except: - pass - - if response and response.status_code == 200: - # Logstash is up, let's continue - break - time.sleep(1) - - def test_anonymous_access_denied(self): - response = requests.get('http://logstash:5044') + response = requests.get('http://logstash:8080') assert response.status_code == 401 - def test_authorized_user_allowed(self): client = requests.Session() client.auth = ('logstash', 'logstash') - response = client.get('http://logstash:5044') + response = client.get('http://logstash:8080') assert response.status_code == 200