From aac48bf53890cc53683073d0281c84332f2f33f2 Mon Sep 17 00:00:00 2001 From: Etienne LESOT Date: Fri, 24 Oct 2025 14:01:40 +0200 Subject: [PATCH 1/2] add security-for-elasticsearch in local Signed-off-by: Etienne LESOT --- docker-compose/docker-compose.base.yml | 4 + .../study/docker-compose.override.yml | 6 ++ .../technical/docker-compose.technical.yml | 5 +- docker-compose/technical/kibana.yml | 7 ++ .../common/config/common-application.yml | 58 ++++++++++++++ .../config/directory-server-application.yml | 5 ++ .../config/explore-server-application.yml | 38 ++++++++++ .../study/config/study-server-application.yml | 75 +++++++++++++------ 8 files changed, 176 insertions(+), 22 deletions(-) create mode 100644 docker-compose/technical/kibana.yml diff --git a/docker-compose/docker-compose.base.yml b/docker-compose/docker-compose.base.yml index 1c5f703c..e1729765 100644 --- a/docker-compose/docker-compose.base.yml +++ b/docker-compose/docker-compose.base.yml @@ -23,6 +23,8 @@ services: restart: unless-stopped environment: - JAVA_TOOL_OPTIONS=-Xmx186m #deployment: 768m + - ELASTICSEARCH_USER=elastic + - ELASTICSEARCH_PASSWORD=gridsuiteelasticsearch command: > --server.port=80 --spring.config.additional-location=/config/ @@ -276,6 +278,8 @@ services: required: false environment: - JAVA_TOOL_OPTIONS=-Xmx768m #deployment: 1408m + - ELASTICSEARCH_USER=elastic + - ELASTICSEARCH_PASSWORD=gridsuiteelasticsearch command: --server.port=80 --spring.config.additional-location=/config/ sysctls: - net.ipv4.ip_unprivileged_port_start=0 # for docker < 20.03.0 diff --git a/docker-compose/study/docker-compose.override.yml b/docker-compose/study/docker-compose.override.yml index 5d560b2b..dc0b652f 100644 --- a/docker-compose/study/docker-compose.override.yml +++ b/docker-compose/study/docker-compose.override.yml @@ -21,6 +21,8 @@ services: required: false environment: - JAVA_TOOL_OPTIONS=-Xmx576m + - ELASTICSEARCH_USER=elastic + - ELASTICSEARCH_PASSWORD=gridsuiteelasticsearch command: --server.port=80 --spring.config.additional-location=/config/ sysctls: - net.ipv4.ip_unprivileged_port_start=0 # for docker < 20.03.0 @@ -109,6 +111,8 @@ services: required: false environment: - JAVA_TOOL_OPTIONS=-Xmx768m #deployment: 1086m + - ELASTICSEARCH_USER=elastic + - ELASTICSEARCH_PASSWORD=gridsuiteelasticsearch command: --server.port=80 --spring.config.additional-location=/config/ sysctls: - net.ipv4.ip_unprivileged_port_start=0 # for docker < 20.03.0 @@ -402,6 +406,8 @@ services: required: false environment: - JAVA_TOOL_OPTIONS=-Xmx186m # not used by the native image + - ELASTICSEARCH_USER=elastic + - ELASTICSEARCH_PASSWORD=gridsuiteelasticsearch command: --server.port=80 --spring.config.additional-location=/config/ sysctls: - net.ipv4.ip_unprivileged_port_start=0 # for docker < 20.03.0 diff --git a/docker-compose/technical/docker-compose.technical.yml b/docker-compose/technical/docker-compose.technical.yml index 3331c01f..1d9992eb 100644 --- a/docker-compose/technical/docker-compose.technical.yml +++ b/docker-compose/technical/docker-compose.technical.yml @@ -70,7 +70,7 @@ services: environment: - discovery.type=single-node - LOGSPOUT=ignore - - xpack.security.enabled=false + - xpack.security.enabled=true - ingest.geoip.downloader.enabled=false - ES_JAVA_OPTS=-Xms1g -Xmx1g - action.auto_create_index=filebeat-* @@ -100,8 +100,11 @@ services: - 5601:5601 environment: - LOGSPOUT=ignore + - ELASTIC_PASSWORD="gridsuitekibana" depends_on: - elasticsearch + volumes: + - $PWD/../technical/kibana.yml:/usr/share/kibana/config/kibana.yml:Z restart: unless-stopped logstash: diff --git a/docker-compose/technical/kibana.yml b/docker-compose/technical/kibana.yml new file mode 100644 index 00000000..3eb06466 --- /dev/null +++ b/docker-compose/technical/kibana.yml @@ -0,0 +1,7 @@ +# Default Kibana configuration for docker target +server.host: "0.0.0.0" +server.shutdownTimeout: "5s" +elasticsearch.hosts: [ "http://elasticsearch:9200" ] +monitoring.ui.container.elasticsearch.enabled: true +elasticsearch.username: "kibana_system" +elasticsearch.password: "gridsuitekibana" \ No newline at end of file diff --git a/k8s/resources/common/config/common-application.yml b/k8s/resources/common/config/common-application.yml index 8511a4ff..4f401b77 100644 --- a/k8s/resources/common/config/common-application.yml +++ b/k8s/resources/common/config/common-application.yml @@ -33,3 +33,61 @@ powsybl-ws: password: ${S3_SECRET_KEY:s3password} subpath: prefix: ${powsybl-ws.environment:} + +powsybl: + services: + case-server: + base-uri: http://172.17.0.1:5000/ + single-line-diagram-server: + base-uri: http://172.17.0.1:5005/ + network-conversion-server: + base-uri: http://172.17.0.1:5003/ + network-store-server: + base-uri: http://172.17.0.1:8080/ + +gridsuite: + services: + geo-data-server: + base-uri: http://172.17.0.1:8087/ + network-map-server: + base-uri: http://172.17.0.1:5006/ + network-modification-server: + base-uri: http://172.17.0.1:5007/ + loadflow-server: + base-uri: http://172.17.0.1:5008/ + study-server: + base-uri: http://172.17.0.1:5001/ + directory-server: + base-uri: http://172.17.0.1:5026/ + filter-server: + base-uri: http://172.17.0.1:5027/ + report-server: + base-uri: http://172.17.0.1:5028/ + security-analysis-server: + base-uri: http://172.17.0.1:5023/ + sensitivity-analysis-server: + base-uri: http://172.17.0.1:5030/ + user-admin-server: + base-uri: http://172.17.0.1:5033/ + shortcircuit-server: + base-uri: http://172.17.0.1:5031/ + config-notification-server: + base-uri: http://172.17.0.1:5024/ + study-notification-server: + base-uri: http://172.17.0.1:5009/ + directory-notification-server: + base-uri: http://172.17.0.1:5004/ + explore-server: + base-uri: http://172.17.0.1:5029/ + actions-server: + base-uri: http://172.17.0.1:5022/ + dynamic-simulation-server: + base-uri: http://172.17.0.1:5032/ + dynamic-mapping-server: + base-uri: http://172.17.0.1:5036/ + timeseries-server: + base-uri: http://172.17.0.1:5037/ + voltage-init-server: + base-uri: http://172.17.0.1:5038/ + study-config-server: + base-uri: http://172.17.0.1:5035/ \ No newline at end of file diff --git a/k8s/resources/study/config/directory-server-application.yml b/k8s/resources/study/config/directory-server-application.yml index e69de29b..c97ecff7 100644 --- a/k8s/resources/study/config/directory-server-application.yml +++ b/k8s/resources/study/config/directory-server-application.yml @@ -0,0 +1,5 @@ +gridsuite: + services: + - + name: user-admin-server + base-uri: http://172.17.0.1:5033 \ No newline at end of file diff --git a/k8s/resources/study/config/explore-server-application.yml b/k8s/resources/study/config/explore-server-application.yml index e69de29b..e83e4c0b 100644 --- a/k8s/resources/study/config/explore-server-application.yml +++ b/k8s/resources/study/config/explore-server-application.yml @@ -0,0 +1,38 @@ +gridsuite: + services: + - + name: study-server + base-uri: http://172.17.0.1:5001 + - + name: directory-server + base-uri: http://172.17.0.1:5026 + - + name: actions-server + base-uri: http://172.17.0.1:5022 + - + name: network-modification-server + base-uri: http://172.17.0.1:5007 + - + name: filter-server + base-uri: http://172.17.0.1:5027 + - + name: voltage-init-server + base-uri: http://172.17.0.1:5038 + - + name: security-analysis-server + base-uri: http://172.17.0.1:5023 + - + name: loadflow-server + base-uri: http://172.17.0.1:5008 + - + name: sensitivity-analysis-server + base-uri: http://172.17.0.1:5030 + - + name: user-admin-server + base-uri: http://172.17.0.1:5033 + - + name: shortcircuit-server + base-uri: http://172.17.0.1:5031 + - + name: study-config-server + base-uri: http://172.17.0.1:5035 \ No newline at end of file diff --git a/k8s/resources/study/config/study-server-application.yml b/k8s/resources/study/config/study-server-application.yml index 100fdede..290cf474 100644 --- a/k8s/resources/study/config/study-server-application.yml +++ b/k8s/resources/study/config/study-server-application.yml @@ -1,24 +1,57 @@ # optional servers gridsuite: services: - - name: state-estimation-server - base-uri: http://state-estimation-server/ - optional: true - - name: dynamic-simulation-server - base-uri: http://dynamic-simulation-server/ - optional: true - - name: dynamic-security-analysis-server - base-uri: http://dynamic-security-analysis-server/ - optional: true - - name: security-analysis-server - base-uri: http://security-analysis-server/ - optional: true - - name: sensitivity-analysis-server - base-uri: http://sensitivity-analysis-server/ - optional: true - - name: shortcircuit-server - base-uri: http://shortcircuit-server/ - optional: true - - name: voltage-init-server - base-uri: http://voltage-init-server/ - optional: true + - + name: geo-data-server + base-uri: http://172.17.0.1:8087 + - + name: network-map-server + base-uri: http://172.17.0.1:5006 + - + name: network-modification-server + base-uri: http://172.17.0.1:5007 + - + name: loadflow-server + base-uri: http://172.17.0.1:5008 + - + name: actions-server + base-uri: http://172.17.0.1:5022 + - + name: filter-server + base-uri: http://172.17.0.1:5027 + - + name: security-analysis-server + base-uri: http://172.17.0.1:5023 + - + name: report-server + base-uri: http://172.17.0.1:5028 + - + name: sensitivity-analysis-server + base-uri: http://172.17.0.1:5030 + - + name: shortcircuit-server + base-uri: http://172.17.0.1:5031 + - + name: dynamic-simulation-server + base-uri: http://172.17.0.1:5032 + - + name: timeseries-server + base-uri: http://172.17.0.1:5037 + - + name: dynamic-mapping-server + base-uri: http://172.17.0.1:5036 + - + name: voltage-init-server + base-uri: http://172.17.0.1:5038 + - + name: user-admin-server + base-uri: http://172.17.0.1:5033 + - + name: study-config-server + base-uri: http://172.17.0.1:5035 + - + name: state-estimation-server + base-uri: http://172.17.0.1:6040 + - + name: directory-server + base-uri: http://172.17.0.1:5026 \ No newline at end of file From 723b1c2b0d509088d21ee00fa8680048bd516665 Mon Sep 17 00:00:00 2001 From: Etienne LESOT Date: Fri, 24 Oct 2025 15:16:39 +0200 Subject: [PATCH 2/2] fix Signed-off-by: Etienne LESOT --- .../common/config/common-application.yml | 58 -------------- .../config/directory-server-application.yml | 5 -- .../config/explore-server-application.yml | 38 ---------- .../study/config/study-server-application.yml | 75 ++++++------------- 4 files changed, 21 insertions(+), 155 deletions(-) diff --git a/k8s/resources/common/config/common-application.yml b/k8s/resources/common/config/common-application.yml index 4f401b77..8511a4ff 100644 --- a/k8s/resources/common/config/common-application.yml +++ b/k8s/resources/common/config/common-application.yml @@ -33,61 +33,3 @@ powsybl-ws: password: ${S3_SECRET_KEY:s3password} subpath: prefix: ${powsybl-ws.environment:} - -powsybl: - services: - case-server: - base-uri: http://172.17.0.1:5000/ - single-line-diagram-server: - base-uri: http://172.17.0.1:5005/ - network-conversion-server: - base-uri: http://172.17.0.1:5003/ - network-store-server: - base-uri: http://172.17.0.1:8080/ - -gridsuite: - services: - geo-data-server: - base-uri: http://172.17.0.1:8087/ - network-map-server: - base-uri: http://172.17.0.1:5006/ - network-modification-server: - base-uri: http://172.17.0.1:5007/ - loadflow-server: - base-uri: http://172.17.0.1:5008/ - study-server: - base-uri: http://172.17.0.1:5001/ - directory-server: - base-uri: http://172.17.0.1:5026/ - filter-server: - base-uri: http://172.17.0.1:5027/ - report-server: - base-uri: http://172.17.0.1:5028/ - security-analysis-server: - base-uri: http://172.17.0.1:5023/ - sensitivity-analysis-server: - base-uri: http://172.17.0.1:5030/ - user-admin-server: - base-uri: http://172.17.0.1:5033/ - shortcircuit-server: - base-uri: http://172.17.0.1:5031/ - config-notification-server: - base-uri: http://172.17.0.1:5024/ - study-notification-server: - base-uri: http://172.17.0.1:5009/ - directory-notification-server: - base-uri: http://172.17.0.1:5004/ - explore-server: - base-uri: http://172.17.0.1:5029/ - actions-server: - base-uri: http://172.17.0.1:5022/ - dynamic-simulation-server: - base-uri: http://172.17.0.1:5032/ - dynamic-mapping-server: - base-uri: http://172.17.0.1:5036/ - timeseries-server: - base-uri: http://172.17.0.1:5037/ - voltage-init-server: - base-uri: http://172.17.0.1:5038/ - study-config-server: - base-uri: http://172.17.0.1:5035/ \ No newline at end of file diff --git a/k8s/resources/study/config/directory-server-application.yml b/k8s/resources/study/config/directory-server-application.yml index c97ecff7..e69de29b 100644 --- a/k8s/resources/study/config/directory-server-application.yml +++ b/k8s/resources/study/config/directory-server-application.yml @@ -1,5 +0,0 @@ -gridsuite: - services: - - - name: user-admin-server - base-uri: http://172.17.0.1:5033 \ No newline at end of file diff --git a/k8s/resources/study/config/explore-server-application.yml b/k8s/resources/study/config/explore-server-application.yml index e83e4c0b..e69de29b 100644 --- a/k8s/resources/study/config/explore-server-application.yml +++ b/k8s/resources/study/config/explore-server-application.yml @@ -1,38 +0,0 @@ -gridsuite: - services: - - - name: study-server - base-uri: http://172.17.0.1:5001 - - - name: directory-server - base-uri: http://172.17.0.1:5026 - - - name: actions-server - base-uri: http://172.17.0.1:5022 - - - name: network-modification-server - base-uri: http://172.17.0.1:5007 - - - name: filter-server - base-uri: http://172.17.0.1:5027 - - - name: voltage-init-server - base-uri: http://172.17.0.1:5038 - - - name: security-analysis-server - base-uri: http://172.17.0.1:5023 - - - name: loadflow-server - base-uri: http://172.17.0.1:5008 - - - name: sensitivity-analysis-server - base-uri: http://172.17.0.1:5030 - - - name: user-admin-server - base-uri: http://172.17.0.1:5033 - - - name: shortcircuit-server - base-uri: http://172.17.0.1:5031 - - - name: study-config-server - base-uri: http://172.17.0.1:5035 \ No newline at end of file diff --git a/k8s/resources/study/config/study-server-application.yml b/k8s/resources/study/config/study-server-application.yml index 290cf474..100fdede 100644 --- a/k8s/resources/study/config/study-server-application.yml +++ b/k8s/resources/study/config/study-server-application.yml @@ -1,57 +1,24 @@ # optional servers gridsuite: services: - - - name: geo-data-server - base-uri: http://172.17.0.1:8087 - - - name: network-map-server - base-uri: http://172.17.0.1:5006 - - - name: network-modification-server - base-uri: http://172.17.0.1:5007 - - - name: loadflow-server - base-uri: http://172.17.0.1:5008 - - - name: actions-server - base-uri: http://172.17.0.1:5022 - - - name: filter-server - base-uri: http://172.17.0.1:5027 - - - name: security-analysis-server - base-uri: http://172.17.0.1:5023 - - - name: report-server - base-uri: http://172.17.0.1:5028 - - - name: sensitivity-analysis-server - base-uri: http://172.17.0.1:5030 - - - name: shortcircuit-server - base-uri: http://172.17.0.1:5031 - - - name: dynamic-simulation-server - base-uri: http://172.17.0.1:5032 - - - name: timeseries-server - base-uri: http://172.17.0.1:5037 - - - name: dynamic-mapping-server - base-uri: http://172.17.0.1:5036 - - - name: voltage-init-server - base-uri: http://172.17.0.1:5038 - - - name: user-admin-server - base-uri: http://172.17.0.1:5033 - - - name: study-config-server - base-uri: http://172.17.0.1:5035 - - - name: state-estimation-server - base-uri: http://172.17.0.1:6040 - - - name: directory-server - base-uri: http://172.17.0.1:5026 \ No newline at end of file + - name: state-estimation-server + base-uri: http://state-estimation-server/ + optional: true + - name: dynamic-simulation-server + base-uri: http://dynamic-simulation-server/ + optional: true + - name: dynamic-security-analysis-server + base-uri: http://dynamic-security-analysis-server/ + optional: true + - name: security-analysis-server + base-uri: http://security-analysis-server/ + optional: true + - name: sensitivity-analysis-server + base-uri: http://sensitivity-analysis-server/ + optional: true + - name: shortcircuit-server + base-uri: http://shortcircuit-server/ + optional: true + - name: voltage-init-server + base-uri: http://voltage-init-server/ + optional: true