fusionauth-issues
fusionauth-issues copied to clipboard
FusionAuth
Update docker-compose.yml examples using OpenSearch 2.10 as an alternative to Elasticsearch OSS
Update docker-compose.yml examples using OpenSearch 2.10 as an alternative to Elasticsearch OSS
Problem
There are multiple docker-compose.yml files with elasticsearch:7.17.0 which has 7.17.13 available as well a Major upgrade to 8. The major upgrade requires more than just upgrading the version.
There are YAML files but as well documentation sections with 7.17.0 and older versions https://github.com/search?q=org%3AFusionAuth+%22image%3A+docker.elastic.co%2Felasticsearch%2Felasticsearch%22&type=code
Solution
Investigate to upgrade/migrate to OpenSearch 2.10 instead, with the right configuration settings. Which is supported according to the documentation.
Alternatives/workarounds
tbd
Additional context
tbd
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
For a dev setup I've successfully tested the following docker-compose.yml configuration:
- It has security disabled which simplifies the setup drastically
- Same with the use of the single-node setup
- Not sure about
SEARCH_TYPE: elasticsearchbut i assume it's correct as opensearch is used as a replacement for elasticsearch - Not using
compatibility.override_main_response_version=truefor opensearch
version: '3'
services:
db:
image: postgres:16.0-bookworm
environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
interval: 5s
timeout: 5s
retries: 5
networks:
- db_net
restart: unless-stopped
volumes:
- db_data:/var/lib/postgresql/data
search:
image: opensearchproject/opensearch:2.11.0
environment:
cluster.name: fusionauth
discovery.type: single-node
node.name: search
plugins.security.disabled: true
bootstrap.memory_lock: true
OPENSEARCH_JAVA_OPTS: ${OPENSEARCH_JAVA_OPTS}
healthcheck:
interval: 10s
retries: 80
test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:9200/
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 9200:9200 # REST API
- 9600:9600 # Performance Analyzer
volumes:
- search_data:/usr/share/opensearch/data
networks:
- search_net
fusionauth:
image: fusionauth/fusionauth-app:latest
depends_on:
db:
condition: service_healthy
search:
condition: service_healthy
environment:
DATABASE_URL: jdbc:postgresql://db:5432/fusionauth
DATABASE_ROOT_USERNAME: ${POSTGRES_USER}
DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
DATABASE_USERNAME: ${DATABASE_USERNAME}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
FUSIONAUTH_APP_MEMORY: ${FUSIONAUTH_APP_MEMORY}
FUSIONAUTH_APP_RUNTIME_MODE: fusionauth_development
FUSIONAUTH_APP_URL: http://fusionauth:9011
SEARCH_SERVERS: http://search:9200
SEARCH_TYPE: elasticsearch
FUSIONAUTH_APP_KICKSTART_FILE: ${FUSIONAUTH_APP_KICKSTART_FILE}
networks:
- db_net
- search_net
restart: unless-stopped
ports:
- 9011:9011
volumes:
- fusionauth_config:/usr/local/fusionauth/config
- ./kickstart:/usr/local/fusionauth/kickstart
networks:
db_net:
driver: bridge
search_net:
driver: bridge
volumes:
db_data:
fusionauth_config:
search_data:
@mark-robustelli i've created a few more PR after reviewing all PR once everything got merged.
@mooreds there are two repositories left which still have old images, but wanted to clarify how to handle them:
https://github.com/FusionAuth/fusionauth-site
- The docker-compose files are copy pasted in to the documentation, for some they are slightly custom.
- I suggest to use https://github.com/FusionAuth/fusionauth-containers/ for the source.
- The documentation references RemoteContent and RemoteCode to integrate external code, which one is the right way?
- For the examples which are specific i make sure to add a example in a related repo rather than using fusionauth-container.
https://github.com/FusionAuth/fusionauth-contrib
- these are kuberentes examples with outdated images so it would require a individual review.
@mooreds @mark-robustelli after adjusting the github search the following additional repositories still have to be patched, which I will do on Friday: https://github.com/FusionAuth/fusionauth-example-angular-sdk https://github.com/FusionAuth/fusionauth-example-dotnet-windowsform-api https://github.com/FusionAuth/fusionauth-example-nextjs-single-sign-on https://github.com/FusionAuth/fusionauth-example-rails-api-guide https://github.com/FusionAuth/fusionauth-example-template https://github.com/FusionAuth/fusionauth-example-terraform https://github.com/FusionAuth/fusionauth-example-testing-lambdas https://github.com/FusionAuth/fusionauth-example-user-search https://github.com/FusionAuth/fusionauth-quickstart-dotnet-api https://github.com/FusionAuth/fusionauth-quickstart-dotnet-web https://github.com/FusionAuth/fusionauth-quickstart-golang-api https://github.com/FusionAuth/fusionauth-quickstart-golang-web https://github.com/FusionAuth/fusionauth-quickstart-javascript-express-api https://github.com/FusionAuth/fusionauth-quickstart-javascript-express-web https://github.com/FusionAuth/fusionauth-quickstart-javascript-nextjs-web https://github.com/FusionAuth/fusionauth-quickstart-javascript-remix-web https://github.com/FusionAuth/fusionauth-quickstart-javascript-vue-web https://github.com/FusionAuth/fusionauth-quickstart-php-laravel-api https://github.com/FusionAuth/fusionauth-quickstart-python-django-web https://github.com/FusionAuth/fusionauth-quickstart-python-flask-web https://github.com/FusionAuth/fusionauth-quickstart-ruby-on-rails-api
@mark-robustelli @mooreds all additional PRs are done, I will do a last check once everything is merged.
@mooreds @mark-robustelli I decided to create a dedicated repo for the different docker compose examples in the fustionauth-site: https://github.com/sonderformat-llc/fusionauth-example-docker-compose
There is not really one place where to put it otherwise.
I first thought about https://github.com/FusionAuth/fusionauth-containers but that's dedicated for the build.
And there is stuff for plugin and kickstart but nothing for mailcatcher, so i thought it would make sense to have a central docker compose example repo and point from there to other repos, similar to the documentation which points to other sections.
If you're happy with that i will continue finalising the fusionauth-site update
Works for me! Love the idea of having other docker compose items in a central place.
@mooreds for a proper mailcatcher as well as a kickstart example I would like to add the correct mail templates to the kickstart, https://github.com/FusionAuth/fusionauth-issues/issues/2485 do we have an update on the mail template topic? If not I would alternatively extract the latest templates from a fresh FusionAuth instance and add them in to my example for now.
As discussed on slack, let's pull these templates from fusionauth-site, please.
@mooreds I have merged all I can. It looks like I do not have access to the following repos, can you please merge these or give me access. Thanks.
No Access
https://github.com/FusionAuth/docker-wait-for-json/pull/1 https://github.com/FusionAuth/fusionauth-example-scripts/pull/4 https://github.com/FusionAuth/fusionauth-quickstart-php-laravel-api/pull/1
Need Owners Review https://github.com/FusionAuth/fusionauth-containers/pull/96
The following repos have been archived and not able to merge. This is acceptable.
Archived FusionAuth/fusionauth-example-laravel-api#1 FusionAuth/fusionauth-example-python-flask#5 https://github.com/FusionAuth/fusionauth-example-rails-api-guide/pull/1
Update on Dependabot: It does not check the dependencies as expected. At least for now dependabot checks docker-compose.yml linked Dockerfiles but not the docker-compose.yml itself for package updates. I discovered this in our own repos and my hope is that they will make it available at some point for docker-compose.yml as well, but this means until dependabot supports it, the docker-compose.yml would need to be updated manually without assistance from dependabot.