The intend of nuxeo stacks is to create custom environment to test and debug different Nuxeo configurations.
Once you have selected the stack that you want to run, an isolated environment is created. This environment is a simple directory with: services' configurations, a docker compose file and a data sub directory containing all services' volumes.
Again this is for testing a stack, not to do performance testing and NOT FOR PRODUCTION.
The Nuxeo versions supported are:
- Nuxeo latest
- (Nuxeo latest JX build by Jenkins X pipeline) broken for now
- Nuxeo 10.10
- Nuxeo 9.10
- Nuxeo 8.10
- Nuxeo 7.10
You can choose to run Nuxeo in cluster mode up to 3 nodes.
The backend services supported are:
- MongoDB
- PostgreSQL
- Elasticsearch
- Kafka with different options:
- Basic install
- Secure with SSL/SASL
- Confluent stack with a Schema registry and KSQL
- Zookeeper
- Redis
- Minio A binary storage compatible with Amazon S3
The version and configuration of services are adapted depending on the Nuxeo version (for instance Nuxeo 8.10 uses Elasticsearch 2.3, Nuxeo 9.10 uses Elasticsearch 5.6 ...).
In addition of the Nuxeo stack you can add useful tooling:
- Grafana / Graphite: a monitoring solution with a provisioned Nuxeo dashboard
- KafkaHQ: a Kafka GUI
- Kibana: the K of ELK (Elasticsearch GUI)
- Netdata: realtime OS monitoring, though it is much better to install netdata directly on your host
- Prometheus: an alternative to graphite monitoring
- Jaeger: a Tracer for distributed tracing
- Zipkin: an alternative Tracer for distributed tracing
Click on the screenshot below for an animated gif demoing how to start a Nuxeo cluster of 2 nodes with MongoDB, Elasticsearch, Kafka, Grafana and KafkaHQ in 2min:
Of course the first time you use nuxeo stacks it will take longer because you have to pull docker images.
-
Obviously you need to install docker-compose.
-
Install other dependencies to generate the env or used by scripts:
- On Mac OS
brew install ansible newt jq
- On Ubuntu:
sudo apt install python3-pip jq
pip3 install virtualenv
Note that on Ubuntu, the first time nuxeoenv.sh
is run it will install ansible
locally.
- Only for MacOs fix the unsupported
.localhost
top level domain (TLD) (even if it works with Chrome, scripts require .localhost to resolve to loop back address127.0.0.1
)
Add theses lines to your /etc/hosts
127.0.0.1 nuxeo.docker.localhost
127.0.0.1 nuxeo-node.docker.localhost
127.0.0.1 nuxeo2-node.docker.localhost
127.0.0.1 nuxeo3-node.docker.localhost
127.0.0.1 elastic.docker.localhost
127.0.0.1 minio.docker.localhost
127.0.0.1 kibana.docker.localhost
127.0.0.1 grafana.docker.localhost
127.0.0.1 graphite.docker.localhost
127.0.0.1 kafkahq.docker.localhost
127.0.0.1 netdata.docker.localhost
127.0.0.1 prometheus.docker.localhost
127.0.0.1 jaeger.docker.localhost
127.0.0.1 zipkin.docker.localhost
127.0.0.1 traefik.docker.localhost
127.0.0.1 schema.docker.localhost
127.0.0.1 ksql.docker.localhost
Simply run the nuxeoenv.sh
script and compose interactively your stack by selecting what you need.
LC_ALL=C ./nuxeoenv.sh
...
---------------------------------------------------------------
# This Nuxeo Stack can be rebuilt with the following command:
LC_ALL=C ./nuxeoenv.sh -i "/home/ben/dev/envs/nuxeo-stacks/instance.clid" -d "/tmp/my-nuxeo-env" -c no -n nuxeolatest -b mongo -s '"elastic" "redis"'
# Next steps:
cd /tmp/my-nuxeo-env
docker-compose up
http://nuxeo.docker.localhost/nuxeo -> Nuxeo Administrator/Administrator
http://elastic.docker.localhost/ -> Elasticsearch
This will generate a docker compose file in the target environment directory, from there, you can up/stop your env like any docker compose env.
# Add a -d to run in background
docker-compose up
# List docker containers
docker ps
# Stops containers and removes containers and named volumes
docker-compose down --volume
Note that you can use stop
to stop an env but you need to use down --volume
before switching to different stack or you will have error like:
ERROR: for elastic Cannot create container for service elasticsearch: Conflict. The container name "/elastic" is already in use by container "3a7a444f4a01e0286ea54edabde0549be8564fd538d72d88b58661f6e73c4c62". You have to remove (or rename) that container to be able to reuse that name.
# To solve this use: docker rm <CONTAINER-ID>
All data are persisted using docker volumes inside your env, you can resume any env using a docker-compose up
.
All HTTP services are exposed by traefik with proper hostname:
URL | auth | description |
---|---|---|
http://nuxeo.docker.localhost/ | Administrator/Administrator | Nuxeo load balanced when in cluster mode |
http://nuxeo-node.docker.localhost/ | Administrator/Administrator | Nuxeo first node |
http://nuxeo2-node.docker.localhost/ | Administrator/Administrator | Nuxeo second node |
http://nuxeo3-node.docker.localhost/ | Administrator/Administrator | Nuxeo third node |
http://elastic.docker.localhost | Elasticsearch listening on port 80 (and not 9200) | |
http://minio.docker.localhost | minio/minio-secret | S3 storage |
http://kibana.docker.localhost | elastic/changeme | Kibana |
http://grafana.docker.localhost | admin/admin | Grafana with a provisioned Nuxeo dashboard |
http://graphite.docker.localhost | Graphite | |
http://kafkahq.docker.localhost | Kafka GUI | |
http://netdata.docker.localhost | Real time OS monitoring | |
http://prometheus.docker.localhost | Monitoring solution | |
http://jaeger.docker.localhost | Tracer for distributed tracing | |
http://zipkin.docker.localhost | Tracer for distributed tracing | |
http://schema.docker.localhost | The Confluent Avro Schema registry | |
http://ksql.docker.localhost | The Confluent KSQL server | |
--- | --- | --- |
http://traefik.docker.localhost/ | Traefik dashboard |
Other non HTTP services are accessible using docker. It is straightforward because container name are set, for instance:
-
Run a shell on the first nuxeo node:
docker exec -it nuxeo bash
-
Get the nuxeo log of the second node:
docker logs nuxeo2
On section below you will find interesting shortcut.
In the ./bin
directory of you environment there are useful shortcuts:
nuxeoctl.sh
Direct nuxeoctl invocationstream.sh
Direct stream.sh invocationmongo.sh
Run the mongo clientpsql.sh
Run the PostgreSQL clientredis-cli.sh
Run the redis clientksql.sh
Run Confluent KSQL client
And scripts:
import.sh
Run a small import 2k docsreindex.sh
Re-index the document repository (using the WorkManger)nxql.sh
Run an NXQL query using the REST API, for instance:NXQL="SELECT * FROM Document" ./bin/nxql.sh
tail-audit.sh
tail -f on the audit streamthreaddump.sh
Perform a thread dump of Nuxeodebug-nuxeo.sh
Expose the a Nuxeo node for remote debugging (localhost:8787)expose-port.sh
Expose any container port to localhost without restarting containerpg-info.sh
Perform the PosgreSQL reporting problem procedureelastic-info.sh
Perform the Elasticsearch reporting problem procedurebulk-done.sh
List latest bulk command completedbulk-scheduled.sh
List latest bulk command scheduledbulk-reindex.sh
Run bulk command to re-index the repositorybulk-export.sh
Run bulk CSV export of the repositorybulk-status.sh
Get the status of the last submitted bulk commandkafka-list-consumer-gropus.sh
List all consumer groups at Kafka levelkafka-list-consumer-positions.sh
List consumer group positions at Kafka levelkafka-list-topics.sh
List Kafka topicsstack-reset-all-data.sh
Clean the env data directory, to restart from crashstack-whoami.sh
Return the path of the currently running envstack-down.sh
Run adocker-compose down --volume
on the currently running envesync.sh
Run the esync tool to check the discrepancy between repository and elastic, see FAQ below
When running docker-compose up
I got the following errors:
Creating network "my-nuxeo-env_default" with the default driver
Creating volume "my-nuxeo-env_esdata" with default driver
Creating elastic ... error
ERROR: for elastic Cannot create container for service elasticsearch: Conflict. The container name "/elastic" is already in use by container "0e44510e51487dce9bb872f6f460b2dfe71b55fbab7b229063fb4768914fbc35". You have to remove (or rename) that container to be able to reuse that name.
ERROR: for elasticsearch Cannot create container for service elasticsearch: Conflict. The container name "/elastic" is already in use by container "0e44510e51487dce9bb872f6f460b2dfe71b55fbab7b229063fb4768914fbc35". You have to remove (or rename) that container to be able to reuse that name.
ERROR: Encountered errors while bringing up the project.
ERROR: for nuxeo Cannot create container for service nuxeo: Conflict. The container name "/nuxeo" is already in use by container "6f06a1c9b1e24b5145cdc5328448b1689b9abd0d7cd5948e0d6f86bfa1ebdbbc". You have to remove (or rename) that container to be able to reuse that name.
...
This is because another environment has been abruptly stopped. You can try to go to the previous env and
perform a docker-compose down --volume
or you can simply remove each listed containers in conflict
using docker rm <CONTAINER ID>
To debug the third Nuxeo node of your cluster (nuxeo3):
NUXEO=nuxeo3 ./bin/debug-nuxeo.sh
Then attach your debugger to localhost:8787
To expose redis:6379 to localhost:6379:
CONTAINER=redis PORT=6379 ./bin/expose-port.sh
Inside your env edit the ./nuxeo/init-nuxeo.sh
script and add your package.
Then flush the packages cache:
rm data/nuxeo/packages/*
Note that Nuxeo stacks is using a packages cache to avoid downloading packages on each start.
Inside your env edit the ./nuxeo/nuxeo.conf
file.
The new nuxeo.conf
will be generated after a docker-compose down --volume; docker-compose up
You run your env with docker-compose up -d
, you have multiple env and don't remember which one is currently running ?
From any env just run:
./bin/stack-whoami.sh
Or if you want to stop the one which is running:
./bin/stack-down.sh
Edit the hosts
file and add your target server.
You need to be able to ssh <your-target-server>
without being prompted for a password.
If it is not the case, try something like:
ssh-copy-id <your-target-server>
Just re run nuxeoenv.sh
with the same target directory, an existing env can be overridden.
esync needs to access both Elasticsearch and the repository backend.
Elasticsearch is accessible via REST on elastic.docker.localhost:80
but the database port have to be exposed before running esync, for instance:
# For MongoDB:
CONTAINER=mongo PORT=27017 ./bin/expose-port.sh
# Or for PostgreSQL:
# CONTAINER=postgres PORT=5432 ./bin/expose-port.sh
# On another term
./bin/esync.sh
Some stacks combination are invalid:
- Nuxeo 7.10/8.10 with Kafka (Kafka is supported since Nuxeo 9.10)
- ...
Some stacks are not yet supported by Nuxeo stacks:
- Nuxeo 7.10/8.10 in cluster mode
- Grafana dashboard is only for Nuxeo 10.10
- stream monitoring on Chronicle Queue (without Kafka)
- KafkaHQ with Kafka in SASL SSL
- Jaeger/Zipkin and Prometheus will work with Nuxeo latest once NXP-26799 is merged
- Minio with direct download enabled (default) doesnt work from pdf js viewer because of browser CORS policy (The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.)
- Minio in cluster mode.
-
Add nginx front with cache
-
Add OpenCensus log4j2 correlation traceid
-
Add a Confluent Kafka with KSQL
-
snapshot env: docker commit nuxeo images, tag them with a date + generate a docker-compose
-
export/import env: docker save/load on nuxeo + tag
-
Provide a nuxeo-stack docker image so there is nothing to install
-
Add Prometheus exporter with provisioned Grafana dashboard for each service:
- elasticsearch
- mongo
- redis
- postgresql
- kafka
-
Add script to run webdriver tests
-
Add script to run gatling tests
-
Fix import-files.sh script:
- install nuxeo-dam
- add volume to share data to import
-
Add option for multi env (or not?)
- Prefix all container, volume, route (using COMPOSE_PROJECT_NAME?)
- set a domain name (http://nuxeo.my-env.localhost)
-
Elastic head plugin -> nginx?
-
Flight recorder
- requires non official nuxeo image with Oracle (or check latest OpenJDK)
-
Java flamegraph NXBT-1417
- requires non official nuxeo image with Oracle (or check latest OpenJDK)
-
Security checks
- no /var/run/docker.sock (not possible for traefik, kafka, netdata?)
- no --privileged ()
- no root user
- check base image used
Nuxeo provides a modular, extensible Java-based open source software platform for enterprise content management and packaged applications for document management, digital asset management and case management. Designed by developers for developers, the Nuxeo platform offers a modern architecture, a powerful plug-in model and extensive packaging capabilities for building content applications.
More information on: http://www.nuxeo.com/